WebBreacher/WhatsMyName
1
Fork 0
mirror of https://github.com/WebBreacher/WhatsMyName.git synced 2025-06-18 14:25:31 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
main
WhatsMyName/CONTRIBUTING.md
WebBreacher d7303d3500 General "housekeeping" 
- Fixed white spaces
- Alphabetized sites
- Added contributor
- Adjusted copyright year
2025-01-22 11:50:44 -05:00

140 lines
5.3 KiB
Markdown
Raw Permalink Blame History

You can contribute to the project in at least a couple ways.
## Method 1. Non-technical
Suggest a new site to be covered by the tool.
How to do that:
- Find the new site which has public profiles of people (with no authentication required)
- Use [this form](https://forms.office.com/r/TscnNQqrD1) to tell us about it.... OR....
- Create a Github Issue and submit the link to an example profile. You can
do that by navigating to [Issues](https://github.com/WebBreacher/WhatsMyName/issues)
and clicking "New issue"
## Method 2. Technical, no programming skills required
Requires a basic understanding of how Web/HTTP works (HTTP status codes, how
what you see in a website translates to the source code).
And some experience in Github contributions (fork, pull-request).
Implement support for a new site or fix an existing implementation for a site.
How to do that:
- Among existing [Issues](https://github.com/WebBreacher/WhatsMyName/issues)
or from somewhere else, establish which site you want to add
- Using a web client of your choice (preferred `curl` or `wget`) perform
simple requests for two different scenarios: existing profile,
non-existing profile, e.g.
```
# existing
curl https://infosec.exchange/WebBreacher
# non-existing
curl https://infosec.exchange/ThisDoesNotExistForSure504
```
- Observe the outcome for non-existing profile. Some sites use 404 (error), some use 302
(redirection), some confusingly use 200 (OK) for profiles which don't exist.
```
$ curl https://github.com/ThisDoesNotExistForSure504
[...]
HTTP request sent, awaiting response... 404 Not Found
```
- Observe the outcome for existing profile. The response code should be 200.
And among the downloaded source code find a text expected to be observed in
all profiles. Avoid picking a text which might be dynamic (e.g. include the
profile name).
This seems right:
```
<h2>You are browsing the profile of
```
This is too specific:
```
<h2>You are browsing the profile of WebBreacher</h2>
```
This is too general:
```
the profile
```
- Add a section to `wmn-data.json`
- Test your configuration by running a tool for a given site
- Submit a pull request with that change
- There is also the `sample.json` file that you can use for testing. Simply replace the existing content with new data and test.
## Format of the JSON File
### Format of the JSON file
#### Alphabetize by "Name"
We try to keep the entries in the `wmn-data.json` file alphabetized (A-Z) by the `name` value. So you can find `"name" : "Github"` earlier in the file than `"name" : "Snapchat"`.
#### `wmn-data.json` JSON has 3 main elements
1. License - The license for this project and its data
2. Authors - The people that have recently contributed to this project
3. Sites - This is the main data
Within the `sites` elements, the format is as follows (with several parameters being optional):
```json
...
{
"name" : "name of the site",
"uri_check" : "URI to check the site with the {account} string replaced by a username",
"uri_pretty" : "[OPTIONAL] if the check_uri is for an API, this element can show a human-readable page",
"post_body" : "[OPTIONAL] if non-empty, then this entry is an HTTP POST and the content of this field are the data",
"strip_bad_char" : "[OPTIONAL] checking apps should ignore or strip these characters from usernames",
"e_code" : "the HTTP response code for a good 'account is there' response as an integer",
"e_string" : "the string in the response that we look for for a good response",
"m_string" : "this string will only be in the response if there is no account found",
"m_code" : "the HTTP response code for a bad 'account is not there' response as an integer",
"known" : ["a list of user accounts that can be used to test", "for user enumeration"],
"cat" : "a category for what the site is mainly used for. The current categories are found at the top of the JSON",
"valid" : "[OPTIONAL] single value of False. If it is present and False, then checkers should skip this site",
"protection" : "[OPTIONAL] a list of 1 or more site protections like: [captcha, cloudflare, userauth, multiple, other]",
"headers": {"[OPTIONAL] a dictionary of headers that should be passed to a site"}
},
...
```
Here are examples of the site elements for both HTTP GET and HTTP POST entries:
**HTTP GET entry:**
```json
{
"name" : "Example GET",
"uri_check" : "https://www.example.com/load_profile_info.php?name={account}",
"uri_pretty" : "https://www.test.com/profile/{account}",
"e_code" : 200,
"e_string" : "regist_at",
"m_code" : 404,
"m_string" : "Account not found",
"known" : ["whoami", "johndoe"],
"cat" : "images",
"protection" : ["captcha", "cloudflare"],
"headers" : {
"accept": "text/html"
}
},
```
**HTTP POST entry:**
```json
{
"name" : "Example POST",
"uri_check" : "https://www.example.com/interact_api/load_profile_info.php",
"post_body" : "Name=Gareth+Wylie&Age=24&Formula=a%2Bb+%3D%3D+21",
"e_code" : 200,
"e_string" : "regist_at",
"m_code" : 404,
"m_string" : "Account not found",
"known" : ["whoami", "johndoe"],
"cat" : "images"
},
```
Reference in New Issue View Git Blame Copy Permalink