Skip to content

Commit

Permalink
Add WAF filter
Browse files Browse the repository at this point in the history
  • Loading branch information
ppfeister committed Apr 8, 2024
1 parent 55c680f commit 21ac927
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
11 changes: 10 additions & 1 deletion sherlock/notify.py
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ def update(self, result):
elif result.status == QueryStatus.UNKNOWN:
if self.print_all:
print(Style.BRIGHT + Fore.WHITE + "[" +
Fore.RED + "-" +
Fore.RED + "?" +
Fore.WHITE + "]" +
Fore.GREEN + f" {self.result.site_name}:" +
Fore.RED + f" {self.result.context}" +
Expand All @@ -238,6 +238,15 @@ def update(self, result):
Fore.WHITE + "]" +
Fore.GREEN + f" {self.result.site_name}:" +
Fore.YELLOW + f" {msg}")

elif result.status == QueryStatus.WAF:
if self.print_all:
print(Style.BRIGHT + Fore.WHITE + "[" +
Fore.RED + "?" +
Fore.WHITE + "]" +
Fore.GREEN + f" {self.result.site_name}:" +
Fore.RED + f" Blocked by WAF" +
Fore.YELLOW + " (proxy recommended)")

else:
# It should be impossible to ever get here...
Expand Down
1 change: 1 addition & 0 deletions sherlock/result.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ class QueryStatus(Enum):
AVAILABLE = "Available" # Username Not Detected
UNKNOWN = "Unknown" # Error Occurred While Trying To Detect Username
ILLEGAL = "Illegal" # Username Not Allowable For This Site
WAF = "WAF" # Request blocked by WAF (i.e. Cloudflare)

def __str__(self):
"""Convert Object To String.
Expand Down
12 changes: 11 additions & 1 deletion sherlock/sherlock.py
Original file line number Diff line number Diff line change
Expand Up @@ -378,9 +378,19 @@ def sherlock(
query_status = QueryStatus.UNKNOWN
error_context = None

if error_text is not None:
# As WAFs advance and evolve, they will occasionally block Sherlock and lead to false positives
# and negatives. Fingerprints should be added here to filter results that fail to bypass WAFs.
# Fingerprints should be highly targetted. Comment at the end of each fingerprint to indicate target and date.
WAFHitMsgs = [
'.loading-spinner{visibility:hidden}body.no-js .challenge-running{display:none}body.dark{background-color:#222;color:#d9d9d9}body.dark a{color:#fff}body.dark a:hover{color:#ee730a;text-decoration:underline}body.dark .lds-ring div{border-color:#999 transparent transparent}body.dark .font-red{color:#b20f03}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark #challenge-success-text{background-image:url(data:image/svg+xml;base64,' # 2024-04-08 Cloudflare
]

if error_text is not None and query_status is not QueryStatus.WAF:
error_context = error_text

elif any(hitMsg in r.text for hitMsg in WAFHitMsgs):
query_status = QueryStatus.WAF

elif error_type == "message":
# error_flag True denotes no error found in the HTML
# error_flag False denotes error found in the HTML
Expand Down

0 comments on commit 21ac927

Please sign in to comment.