├── config ├── targets.txt └── account.json ├── README.md └── main.go /config/targets.txt: -------------------------------------------------------------------------------- 1 | awesome 2 | epic 3 | rareusername 4 | ogname 5 | -------------------------------------------------------------------------------- /config/account.json: -------------------------------------------------------------------------------- 1 | { 2 | "email": "email@gmail.com", 3 | "username": "hiusername", 4 | "password": "password1234" 5 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IG-Sniper 2 | An Instagram username taker/claimer - Check desired usernames availability. When it becomes available, original username will be changed to desired username. 3 | 4 | 5 | ## About 6 | This program monitors usernames and checks their availability. It checks each username from `targets.txt` with two methods. The first method is by checking with the web create api, and 7 | the other method is by checking the URL of the username, which can be slightly inaccurate. If the response doesn't show that the username is taken, a post request will be 8 | sent to the account that has been logged in to update their details (changing username). 9 | 10 | ## Preview 11 | ![img1](https://i.ibb.co/Lx53N0h/Screenshot-547.png) 12 | 13 | ## Usage 14 | ``` 15 | go get "github.com/dlclark/regexp2" 16 | go get "github.com/gookit/color" 17 | ``` 18 | 19 | - Edit `account.json` and put your Instagram login details. 20 | - Edit `targets.txt` and put your desired usernames to check and claim when available 21 | - It is recommended to add a high sleep time such as 1800 to avoid being rate limited. (Check username availabilty every 30 minutes) 22 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "bytes" 6 | "encoding/json" 7 | "fmt" 8 | "io/ioutil" 9 | "net/http" 10 | "net/http/cookiejar" 11 | "os" 12 | "strconv" 13 | "strings" 14 | "syscall" 15 | "time" 16 | "unsafe" 17 | 18 | "github.com/dlclark/regexp2" 19 | "github.com/gookit/color" 20 | ) 21 | 22 | var ( 23 | client = &http.Client{} 24 | cookieClient = &http.Client{} 25 | in = color.HiBlue.Render 26 | ) 27 | 28 | type Account struct { 29 | Email string 30 | Username string 31 | Password string 32 | } 33 | 34 | func decode(toDecode []byte) map[string]string { 35 | var output map[string]string 36 | json.Unmarshal([]byte(toDecode), &output) 37 | return output 38 | } 39 | 40 | func getCSRF() string { 41 | regx := regexp2.MustCompile("(?<=\"csrf_token\":\")\\w+", 0) 42 | 43 | req, _ := http.NewRequest("GET", "https://www.instagram.com/", nil) 44 | req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/83.0.4103.116 Safari/537.36") 45 | resp, _ := client.Do(req) 46 | body, _ := ioutil.ReadAll(resp.Body) 47 | defer resp.Body.Close() 48 | 49 | if m, _ := regx.FindStringMatch(string(body)); m != nil { 50 | return m.String() 51 | } 52 | return "" 53 | } 54 | 55 | func updateDetails(csrfToken string, email string, username string) { 56 | data := "first_name=&email=" + email + "&username=" + username + "&phone_number=&biography=" + "" + "&external_url=&chaining_enabled=on" 57 | req, _ := http.NewRequest("POST", "https://www.instagram.com/accounts/edit/", bytes.NewBuffer([]byte(data))) 58 | req.Header.Set("accept", "*/*") 59 | req.Header.Set("accept-language", "en-US,en;q=0.9") 60 | req.Header.Set("content-type", "application/x-www-form-urlencoded") 61 | req.Header.Set("sec-fetch-dest", "empty") 62 | req.Header.Set("sec-fetch-mode", "cors") 63 | req.Header.Set("sec-fetch-site", "same-origin") 64 | req.Header.Set("x-csrftoken", csrfToken) 65 | req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/83.0.4103.116 Safari/537.36") 66 | resp, err := cookieClient.Do(req) 67 | 68 | if err != nil { 69 | color.Red.Println("An error has occured") 70 | fmt.Scanln() 71 | } 72 | 73 | body, _ := ioutil.ReadAll(resp.Body) 74 | response := string(body) 75 | defer resp.Body.Close() 76 | 77 | fmt.Printf("%v - Update Detail Resp: %v", resp.StatusCode, response) 78 | 79 | if strings.Contains(response, "Please wait a few minutes before you try again") { 80 | color.Red.Println("[+] Rate limited") 81 | } 82 | 83 | } 84 | 85 | func urlCheck(check string) bool { 86 | req, _ := http.NewRequest("GET", "https://www.instagram.com/"+check, nil) 87 | req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/83.0.4103.116 Safari/537.36") 88 | resp, _ := client.Do(req) 89 | 90 | body, _ := ioutil.ReadAll(resp.Body) 91 | defer resp.Body.Close() 92 | 93 | if resp.StatusCode == 404 { 94 | color.Green.Printf("[+] [%s] available\n", check) 95 | return true 96 | } else if resp.StatusCode == 200 && strings.Contains(string(body), "Login • Instagram") { 97 | color.Red.Println("[+] Failed to check username") 98 | return false 99 | } else { 100 | color.Yellow.Printf("[+] [%s] currently unavailable\n", check) 101 | return false 102 | } 103 | } 104 | 105 | func createCheck(check string) bool { 106 | csrfToken := getCSRF() 107 | data := "username=" + check + "&email=random@gmail.com&first_name=firstname&opt_into_one_tap=false&enc_password=#PWD_INSTAGRAM_BROWSER:0:0:password0000" 108 | req, _ := http.NewRequest("POST", "https://www.instagram.com/accounts/web_create_ajax/attempt/", bytes.NewBuffer([]byte(data))) 109 | req.Header.Set("accept", "*/*") 110 | req.Header.Set("accept-language", "en-US,en;q=0.9") 111 | req.Header.Set("content-type", "application/x-www-form-urlencoded") 112 | req.Header.Set("sec-fetch-dest", "empty") 113 | req.Header.Set("sec-fetch-mode", "cors") 114 | req.Header.Set("sec-fetch-site", "same-origin") 115 | req.Header.Set("x-csrftoken", csrfToken) 116 | req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/83.0.4103.116 Safari/537.36") 117 | 118 | resp, err := client.Do(req) 119 | 120 | if err != nil { 121 | fmt.Println("Error occured") 122 | fmt.Scanln() 123 | } 124 | 125 | body, _ := ioutil.ReadAll(resp.Body) 126 | response := string(body) 127 | defer resp.Body.Close() 128 | 129 | if strings.Contains(response, "spam") { 130 | color.Red.Println("[+] Spam detected") 131 | fmt.Println(response) 132 | return false 133 | } 134 | 135 | if strings.Contains(response, "try again") || resp.StatusCode == 403 { 136 | color.Red.Println("[+] Rate limited") 137 | return false 138 | } else if !strings.Contains(response, "\"username\":") && !strings.Contains(response, "username isn't available") && !strings.Contains(response, "username_is_taken") && !strings.Contains(response, "username_held_by_others") && resp.StatusCode != 403 { 139 | color.Green.Printf("[+] [%s] available\n", check) 140 | fmt.Println(response) 141 | return true 142 | 143 | } else { 144 | color.Yellow.Printf("[+] [%s] currently unavailable\n", check) 145 | return false 146 | } 147 | } 148 | 149 | func login(username string, password string) (*http.Response, string) { 150 | data := "username=" + username + "&enc_password=" + password + "&queryParams={}&optIntoOneTap=false" 151 | req, _ := http.NewRequest("POST", "https://www.instagram.com/accounts/login/ajax/", bytes.NewBuffer([]byte(data))) 152 | csrfToken := getCSRF() 153 | 154 | req.Header.Set("accept", "*/*") 155 | req.Header.Set("accept-language", "en-US,en;q=0.9") 156 | req.Header.Set("content-type", "application/x-www-form-urlencoded") 157 | req.Header.Set("sec-fetch-dest", "empty") 158 | req.Header.Set("sec-fetch-mode", "cors") 159 | req.Header.Set("sec-fetch-site", "same-origin") 160 | req.Header.Set("x-csrftoken", csrfToken) 161 | req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/83.0.4103.116 Safari/537.36") 162 | 163 | jar, _ := cookiejar.New(nil) 164 | cookieClient = &http.Client{Jar: jar} 165 | 166 | resp, err := cookieClient.Do(req) 167 | 168 | if err != nil { 169 | fmt.Println("Error occured when trying to login.") 170 | fmt.Scanln() 171 | } 172 | return resp, resp.Cookies()[0].Value 173 | } 174 | 175 | func getLines(path string) []string { 176 | file, err := os.Open(path) 177 | 178 | if err != nil { 179 | color.Red.Println("\nUnable to open text file:", path) 180 | color.Red.Printf("Make sure path \"%v\" is available\n", path) 181 | fmt.Scanln() 182 | } 183 | defer file.Close() 184 | 185 | var lines []string 186 | scanner := bufio.NewScanner(file) 187 | for scanner.Scan() { 188 | lines = append(lines, scanner.Text()) 189 | } 190 | return lines 191 | 192 | } 193 | 194 | func readAcc() Account { 195 | var obj Account 196 | data, err := ioutil.ReadFile("config/account.json") 197 | if err != nil { 198 | color.Red.Println("\nUnable to read login.json file. Make sure that config/account.json exists") 199 | fmt.Scanln() 200 | } 201 | 202 | err = json.Unmarshal(data, &obj) 203 | if err != nil { 204 | color.Red.Println("\nError in json.Unmarshal") 205 | fmt.Scanln() 206 | } 207 | return obj 208 | } 209 | func changeTitle(title string) (int, error) { 210 | handle, err := syscall.LoadLibrary("Kernel32.dll") 211 | if err != nil { 212 | return 0, err 213 | } 214 | defer syscall.FreeLibrary(handle) 215 | proc, err := syscall.GetProcAddress(handle, "SetConsoleTitleW") 216 | 217 | if err != nil { 218 | return 0, err 219 | } 220 | 221 | r, _, err := syscall.Syscall(proc, 1, uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(title))), 0, 0) 222 | return int(r), err 223 | } 224 | 225 | func printLogo() { 226 | color.HiBlue.Println(` 227 | ██╗ ██████╗ ███████╗███╗ ██╗██╗██████╗ ███████╗██████╗ 228 | ██║██╔════╝ ██╔════╝████╗ ██║██║██╔══██╗██╔════╝██╔══██╗ 229 | ██║██║ ███╗ ███████╗██╔██╗ ██║██║██████╔╝█████╗ ██████╔╝ 230 | ██║██║ ██║ ╚════██║██║╚██╗██║██║██╔═══╝ ██╔══╝ ██╔══██╗ 231 | ██║╚██████╔╝ ███████║██║ ╚████║██║██║ ███████╗██║ ██║ 232 | ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═══╝╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝ 233 | by NightfallGT 234 | `) 235 | fmt.Print("\n\n") 236 | } 237 | 238 | func main() { 239 | fmt.Print("\033[H\033[2J") 240 | changeTitle("[IG Sniper] | NightfallGT") 241 | printLogo() 242 | 243 | acc := readAcc() 244 | 245 | var emailLogin string 246 | var usernameLogin string 247 | var passwordLogin string 248 | 249 | accTargets := getLines("config/targets.txt") 250 | 251 | emailLogin = acc.Email 252 | usernameLogin = acc.Username 253 | passwordLogin = acc.Password 254 | 255 | if len(emailLogin) < 1 { 256 | return 257 | } 258 | 259 | fmt.Printf("[%s] Email: %s\n", in("-"), emailLogin) 260 | fmt.Printf("[%s] Username: %s\n", in("-"), usernameLogin) 261 | fmt.Printf("[%s] Password: %s\n\n", in("-"), strings.Repeat("*", len(passwordLogin))) 262 | fmt.Printf("[%s] Press enter to begin.\n", in("+")) 263 | fmt.Scanln() 264 | 265 | fmt.Print("\033[H\033[2J") 266 | printLogo() 267 | fmt.Printf("[%s] Attempting to login through Instagram API.. \n", in("+")) 268 | 269 | resp, csrf := login(usernameLogin, "#PWD_INSTAGRAM_BROWSER:0:0:"+passwordLogin) 270 | body, _ := ioutil.ReadAll(resp.Body) 271 | defer resp.Body.Close() 272 | 273 | if strings.Contains(string(body), "\"authenticated\":true") { 274 | usernameMethod := 1 275 | sleepTime := 0 276 | changeTitle("[IG Sniper] | Logged in as: " + usernameLogin) 277 | fmt.Printf("[%s] Successfully logged in\n", in("*")) 278 | fmt.Printf("[%s] Authenticated: True, userID: %s\n", in("*"), decode(body)["userId"]) 279 | fmt.Printf("[%s] Select username checking method. \n", in("+")) 280 | fmt.Println(in("---------------------------")) 281 | fmt.Println("\n[1] Create Username Check") 282 | fmt.Println("[2] URL Username Check") 283 | 284 | fmt.Print("Enter number choice: ") 285 | fmt.Scan(&usernameMethod) 286 | fmt.Println() 287 | fmt.Print("Enter sleep time [in seconds](0 for none): ") 288 | fmt.Scan(&sleepTime) 289 | fmt.Println() 290 | 291 | fmt.Print("\033[H\033[2J") 292 | printLogo() 293 | 294 | var attemptCount int = 0 295 | 296 | for { 297 | for _, target := range accTargets { 298 | attemptCount += 1 299 | changeTitle("[IG Sniper] | Logged in as: " + usernameLogin + " | Target: " + target + " | Request: " + strconv.Itoa(attemptCount)) 300 | 301 | switch usernameMethod { 302 | case 1: 303 | if createCheck(target) { 304 | updateDetails(csrf, emailLogin, target) 305 | } 306 | case 2: 307 | if urlCheck(target) { 308 | updateDetails(csrf, emailLogin, target) 309 | } 310 | } 311 | } 312 | changeTitle("[IG Sniper] | Logged in as: " + usernameLogin + " | Sleeping.. | Request: " + strconv.Itoa(attemptCount)) 313 | if sleepTime != 0 { 314 | fmt.Printf("[%s] Sleeping for %v seconds..\n", in("+"), sleepTime) 315 | } 316 | time.Sleep(time.Duration(sleepTime) * time.Second) 317 | } 318 | 319 | } else { 320 | fmt.Printf("[%s] Unable to log in. Status Code: %v\n", in("!"), resp.StatusCode) 321 | fmt.Println(string(body)) 322 | } 323 | fmt.Scanln() 324 | } 325 | --------------------------------------------------------------------------------