New Threads, New OSINT — An exploration of Poshmark

I was tossing around ideas for a blog about Poshmark. My first inclination was to check Micah Hoffman’s WhatsMyName tool (also available as Profiler in Recon-ng and as a Web Application). The tool had no support for Poshmark. I am a curious person, and I like to give back to the community. So, naturally, I thought about how I could automate the checks for the closet’s existence. Note: Closet is the term Poshmark uses for sellers and their available inventory.

Another note: 100% of these techniques are UNAUTHENTICATED. When doing the same analysis with a logged-in account, nothing changes.

Building the Automation

Initial Scenario

I use WhatsMyName quite frequently, so I am familiar with the general way that the application works. Sites are assembled in a JSON file that the Python script iterates over and does the checks for the sites, minding the HTTP code (200, 300, 404, etc.) and a string that is displayed in the response if an account exists or not. The script will then display on the screen whether it exists or not.
My downfall is that I was not intimately familiar with where to get the strings to verify the existence or conclude a lack of existence. To accomplish this, I copied the original WhatsMyName Python script (web_accounts_list_checker.py). I…