Filter WAF Hits

9 months ago · d660c1a2dd
parent 55c680fde1
commit d660c1a2dd
3 changed files with 21 additions and 1 deletions
--- a/sherlock/notify.py
+++ b/sherlock/notify.py
@ -224,7 +224,7 @@ class QueryNotifyPrint(QueryNotify):
        elif result.status == QueryStatus.UNKNOWN:
            if self.print_all:
                print(Style.BRIGHT + Fore.WHITE + "[" +
-                      Fore.RED + "-" +
+                      Fore.RED + "?" +
                      Fore.WHITE + "]" +
                      Fore.GREEN + f" {self.result.site_name}:" +
                      Fore.RED + f" {self.result.context}" +
@ -238,6 +238,15 @@ class QueryNotifyPrint(QueryNotify):
                      Fore.WHITE + "]" +
                      Fore.GREEN + f" {self.result.site_name}:" +
                      Fore.YELLOW + f" {msg}")
+                
+        elif result.status == QueryStatus.WAF:
+            if self.print_all:
+                print(Style.BRIGHT + Fore.WHITE + "[" +
+                      Fore.RED + "?" +
+                      Fore.WHITE + "]" +
+                      Fore.GREEN + f" {self.result.site_name}:" +
+                      Fore.RED + f" Blocked by WAF" +
+                      Fore.YELLOW + " (proxy recommended)")

        else:
            # It should be impossible to ever get here...
--- a/sherlock/result.py
+++ b/sherlock/result.py
@ -14,6 +14,7 @@ class QueryStatus(Enum):
    AVAILABLE = "Available" # Username Not Detected
    UNKNOWN   = "Unknown"   # Error Occurred While Trying To Detect Username
    ILLEGAL   = "Illegal"   # Username Not Allowable For This Site
+    WAF       = "WAF"       # Request blocked by WAF (i.e. Cloudflare)

    def __str__(self):
        """Convert Object To String.
--- a/sherlock/sherlock.py
+++ b/sherlock/sherlock.py
@ -378,9 +378,19 @@ def sherlock(
        query_status = QueryStatus.UNKNOWN
        error_context = None

+        # As WAFs advance and evolve, they will occasionally block Sherlock and lead to false positives
+        # and negatives. Fingerprints should be added here to filter results that fail to bypass WAFs.
+        # Fingerprints should be highly targetted. Comment at the end of each fingerprint to indicate target and date.
+        WAFHitMsgs = [
+            '.loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{color:#ee730a;text-decoration:underline}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark #challenge-success-text{background-image:url(data:image/svg+xml;base64,' # 2024-04-08 Cloudflare
+        ]
+
        if error_text is not None:
            error_context = error_text

+        elif any(hitMsg in r.text for hitMsg in WAFHitMsgs):
+            query_status = QueryStatus.WAF
+
        elif error_type == "message":
            # error_flag True denotes no error found in the HTML
            # error_flag False denotes error found in the HTML