Trying to test the security of your Instagram account ? A dictionary attack is one of the easiest way to do it. Instainsane is a Shell Script that performs a multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number of passwords with a rate of about 1000 passwords/min with 100 attemps at once. This script features:
- Multi-thread (100 attempts at once)
- Hability to Save/Resume sessions
- Anonymous attack through TOR
- Check valid usernames
- Default password list (best +39k 8 letters)
- Check and Install all dependencies
For more information about this tool, please visit the official repository at Github here.
1. Download Instainsane
As first step, you need to download the Instainsane repository in some directory of your Kali Linux system. Proceed to clone the repository with the following command:
git clone https://github.com/thelinuxchoice/instainsane
Then, switch to its directory and provide execution permissions to the Instainsane and Install scripts:
# Switch to the directory cd instainsane # Provide execution permissions to both shell scripts chmod +x install.sh chmod +x instainsane.sh
Now you can run the scripts in order to perform the attack on the next steps.
2. Install dependencies
The Instainsane script requires basically Tor as a dependency, so you will need to have Tor installed on your system. Tor is short for The Onion Router (thus the logo) and was initially a worldwide network of servers developed with the U.S. Navy that enabled people to browse the internet anonymously. Now, it's a non-profit organization whose main purpose is the research and development of online privacy tools. The Tor network disguises your identity by moving your traffic across different Tor servers, and encrypting that traffic so it isn't traced back to you. Anyone who tries would see traffic coming from random nodes on the Tor network, rather than your computer.
Besides, you will need
cURL, however they're included on Kali Linux by default. Proceed to run the install script with the following command:
This will install Tor and the other dependencies if they aren't installed.
3. Run Instainsane
Finally, after installing the dependencies, just run instainsane with the command line executing the following command:
This will start instainsane and it will prompt for the username of the instagram account that you want to attack. After providing it, it will start multiple instances of Tor in the background and will start the attack using the
passwords.lst list file provided in the default repository of the project (if you want to use another list, the script will prompt its path at the beginning). Then, as mentioned the attack will start and won't stop until the list of passwords ends or you stop it. You can pause it as well and store the session, so the next time you start it, it will start in the same place where you left it before.
The script uses an Android ApkSignature to perform authentication in addition using TOR instances to avoid blocking. The script uses Instagram-py algorithm (Python), see the project at: https://github.com/antony-jr/instagram-py.
Happy coding !