This easy to use, but yet powerful script will brute force logins on Facebook using a list of passwords. Every wrong attempt will change the proxy used, and every 5 attempts Cookies and Headers to prevent blocks.
Tested on:
- Parrot security 4.11.2
- kali-linux 2021.3
Issues:
- Attacking the same account multiple times in a row will result in block giving this error similar to this plus others: [Python] requests.exceptions.TooManyRedirects: Exceeded 30 redirects or other error
- Solution? Only attempt to brute force a single account once every hour or so if no password from list isn't found. If you already have errors you'll need to restart and wait as your connection is blocked or reset IP and use a VPN and wait at least 15min to try again. Btw you should always use a VPN regarless of activity :P
If you don't already, first get:
- Python 3
- pip
ShadowFBrute:
git clone https://github.com/shadow-sec/ShadowFBrute.gitcd ShadowFBrutepip install -r reqs.txt- Open Interface:
python3 sfb.py---> [?] Password List Filename: sfblist.txt
(You can add passwords to default sfblist.txt found in main folder or add your own .txt file)
---> [?] Email or Phone#: target@email.com or phone-number
Done! Now wait for the results :) Additionally all finished sessions are saved in logging.log with results & other info.
- Command Line Usage: {To use password list} You can ignore the -l (log) argument for default logging file.
python3 sfb.py -u <Email or Phone#> -p <UrPassList.txt> -l <Name_ur_Log_File>{To use a single password}
python3 sfb.py -u <Email or Phone#> -sp <ThePassword> -l <Name_ur_Log_File>{To show help message}
python3 sfb.py -hTHIS REPOSITORY AND SCRIPTS INCLUDED IN IT IS FOR EDUCATIONAL, TESTING, AND RESEARCH PURPOSES ONLY! THE OWNER/CREATOR NOR ANY CONTRIBUTOR IS NOT RESPONSIBLE FOR YOUR ACTIONS.