Whats My Name ProjectWhy should use WhatsMyName data for username enumeration? There are many other sites that "do" username enumeration but most don't do what we do.
When @webbreacher created WMN in 2015, username checker sites at that time were providing many false positive results. All they did was send a request to a target website and, if the site didn't give them an error code in response, then the username must exist on that site. Right?
Absolutely not. Web server responses vary so our tools must as well. WMN has a list of responses that it expects to receive from the target web server. If it gets one response, then the user account is likely there. If it gets another response, it is likely the user account does not exist. We do NOT just look at the HTTP response code from the server.
These extra steps mean that checking tools like https://whatsmyname.app and others (https://github.com/WebBreacher/WhatsMyName#toolsweb-sites-using-whatsmyname) can be more accurate than other checkers.