Skip to content

Fixed Instagram false negative #2624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fixed Instagram false negative #2624

wants to merge 1 commit into from

Conversation

@frogtheastronaut
Copy link
Contributor

@frogtheastronaut frogtheastronaut commented Oct 8, 2025

By removing the use of imginn.com, this pull request successfully removes the false negative of Instagram.

What I changed

Instead of using imginn.com as the probing URL for Instagram, i removed it so Sherlock should scan the instagram.com. Note that I ran this without an Instagram account, showing that most, if not all profiles are visible without the use of imginn.com. This is a fix to the false negative.

Proof it works.

This is the result before the change. I've cut it down to only show the section missing Instagram.

python3 -m sherlock_project.sherlock -j sherlock_project/resources/data.json nasa
[*] Checking username nasa on:

...
[+] HudsonRock: https://cavalier.hudsonrock.com/api/json/v2/osint-tools/search-by-username?username=nasa
[+] Hugging Face: https://huggingface.co/nasa
[+] IFTTT: https://www.ifttt.com/p/nasa
[+] Imgur: https://imgur.com/user/nasa
[+] Instructables: https://www.instructables.com/member/nasa
[+] Issuu: https://issuu.com/nasa
[+] Itch.io: https://nasa.itch.io/
[+] Itemfix: https://www.itemfix.com/c/nasa
[+] Kick: https://kick.com/nasa
[+] Kongregate: https://www.kongregate.com/accounts/nasa
[+] Laracast: https://laracasts.com/@nasa
[+] Launchpad: https://launchpad.net/~nasa
[+] Letterboxd: https://letterboxd.com/nasa
[+] LibraryThing: https://www.librarything.com/profile/nasa
[+] Linktree: https://linktr.ee/nasa
[+] LiveJournal: https://nasa.livejournal.com
[+] MMORPG Forum: https://forums.mmorpg.com/profile/nasa
[+] Medium: https://medium.com/@nasa
[+] Memrise: https://www.memrise.com/user/nasa/
[+] Minecraft: https://api.mojang.com/users/profiles/minecraft/nasa
[+] MixCloud: https://www.mixcloud.com/nasa/
...

This is the result after the change

python3 -m sherlock_project.sherlock -j sherlock_project/resources/data.json nasa
[*] Checking username nasa on:

...
[+] Houzz: https://houzz.com/user/nasa
[+] HubPages: https://hubpages.com/@nasa
[+] HudsonRock: https://cavalier.hudsonrock.com/api/json/v2/osint-tools/search-by-username?username=nasa
[+] Hugging Face: https://huggingface.co/nasa
[+] IFTTT: https://www.ifttt.com/p/nasa
[+] Imgur: https://imgur.com/user/nasa
[+] Instagram: https://instagram.com/nasa
[+] Instructables: https://www.instructables.com/member/nasa
[+] Issuu: https://issuu.com/nasa
[+] Itch.io: https://nasa.itch.io/
[+] Itemfix: https://www.itemfix.com/c/nasa
[+] Kick: https://kick.com/nasa
[+] Kongregate: https://www.kongregate.com/accounts/nasa
[+] Laracast: https://laracasts.com/@nasa
...

As you can see, the change has successfully allowed the detection of NASA's instagram account.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 8, 2025

Automatic validation of changes

Target F+ Check F- Check
Instagram ❌   Fail ✔️   Pass

Failures were detected on at least one updated target. Commits containing accuracy failures will often not be merged (unless a rationale is provided, such as false negatives due to regional differences).

@frogtheastronaut
Copy link
Contributor Author

frogtheastronaut commented Oct 8, 2025

This pull request is as part of efforts in the Hacktoberfest program. Also, the checks may be wrong as it is using the wrong data.json? Or maybe it's because this change cannot detect private accounts. My proposed solution would be to implement an Instagram (public) and an Instragram (private) through imginn.com. This way, users can know if the Instagram account is public, or is private and whether they should use Instagram or Imginn to view the target's profile page.

@akh7177
Copy link
Contributor

akh7177 commented Oct 8, 2025

This pull request is as part of efforts in the Hacktoberfest program. Also, the checks may be wrong as it is using the wrong data.json? Or maybe it's because this change cannot detect private accounts. My proposed solution would be to implement an Instagram (public) and an Instragram (private) through imginn.com. This way, users can know if the Instagram account is public, or is private and whether they should use Instagram or Imginn to view the target's profile page.

The tests are done on modified data.json itself.

Also, when i try to implement your changes locally, I seem to not get any output and all upon checking for a username on Instagram. Is it region specific too?

@frogtheastronaut
Copy link
Contributor Author

frogtheastronaut commented Oct 8, 2025

Yeah, I think Instagram is region-specific. I think that's causing the problems

@frogtheastronaut
Copy link
Contributor Author

frogtheastronaut commented Oct 8, 2025

I think a solution would be to use Error messages instead of status codes. That way, it can detect both public and private accounts in all regions

@akh7177
Copy link
Contributor

akh7177 commented Oct 9, 2025

I think a solution would be to use Error messages instead of status codes. That way, it can detect both public and private accounts in all regions

Instagram currently uses layered WAF and checking whether a username is valid requires Instagram Graph API, which is a pain in itself. Adding Instagram I feel won't be straight forward. However, if you are interested in it. Do go through this article. There seems to be a workaround to directly query Instagram Public profiles.

@frogtheastronaut
Copy link
Contributor Author

frogtheastronaut commented Oct 29, 2025

Hi, should I do any updates on this, or close this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frogtheastronaut @akh7177