Hey Folks, in this tutorial we are going to talk about an Instagram brute forcing tool called “Instagram-py”. Instagram-Py is a slick python script to perform brute force attack against Instagram accounts. This script can bypass login limiting on wrong passwords , so basically it can test infinite number of passwords. I think you should understand the following features to get a better understanding of this tool.
- Dumps successfully cracked accounts in the dump.
- Maximum Customization! ( This includes multiple attack vectors! ).
- Fast and Clean Code , no ugly selenum drivers! ( Pure Requests ).
- Resumes Attacks when the same wordlist is used on the same Username.
Let’s take a look 🙂 !!
To control this tool we must have some dependencies pre-installed, but you can still install all dependencies using the following command.
apt install python-pip
apt install python3-pip
For Both Kali Linux and Android Application
As we know that nowadays most of the tools are being built in python language due to which we need to install python Tools to control these tools. So you can use the following command to install python and pip tool permanently in kali linux and any android applications.
apt install python && apt install python3 && pkg install python && pkg install python3 && apt install python-pip && apt install python3-pip && pkg install python-pip && pkg install python3-pip
Now it’s time to install tor service to enabling anonymous communication. Simply we can install the tor service by using the following command.
apt install tor
Install Tool Through Pip
We can easily install this tool using the following command but after that we have to install all the requirements ourselves.
pip3 install instagram-py
That is why we will download this tool from gihtub and easily install all the requirements using the following command.
git clone https://github.com/deathsec/instagram-py.git
pip3 install -r requirements.txt
Start Tor Service
We need to start tor service on another terminal using the following command, Because it will hide the actual IP address and try to dump the correct credentials one by one using different-2 IP addresses.
Brute Forcing Attack
Now it’s time have comes to test this tool 🙂 !! All we need to do is give our username/phoneNumber/emial and password wordlist, which is made for bruteforce attack.
Usgae 🙂 !! instagram-py -u < target username > -p < wordlist >
instagram-py -u firstname.lastname@example.org -p pass.txt
Done 🙂 !! After executing the command it will start to find a valid passwold for that username. After getting the correct password you will get the results on the terminal as you can in the image above.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.