Instagram is one of the most widely used social media applications. I am pretty confident that at least one of your friends or you are using it pretty much everyday. Today I am going to show you how a hacker could crack someone's Instagram password using a script called Instainsane.
Step 1: Download Instainsane
Unfortunately, Instainsane isn't built into our Kali distribution, so we will have to clone its repository from github.
kali > git clone github.com/thelinuxchoice/instainsane.git
Now, we need to install it. Go to the directory where you cloned the github repository and run the "install.sh" bash script.
kali > cd <path to directory>
kali > chmod +x install.sh
kali > ./install.sh
Step 2: Crack That Password!
It is finally time to crack the target's password. The only thing we need now is the user's Instagram username and you could also prepare a wordlist, though the script provides us with a default one which is actually preferable to use.
Note: the longer and bigger the wordlist, the slower the cracking process. This is due to the way the script handles files, so a big dictionary like rockyou.txt isn't advised.
Start by running the Instainsane script. You will need to be in the directory where you cloned it.
kali > chmod +x instainsane.sh
kali > ./instainsane.sh
Note: depending on your terminal settings or due to a bug in the script, the printing might be cut a little (like on my terminal), but for the most part you should be fine.
You will be prompted for the username that you wish to crack the password of. Enter the target's username. For the purpose of this tutorial I have created an account to test the script on.
Next, you will be asked to set a wordlist. Just press enter here or if you really want to use one, just specify the path to it.
If you have that text being cut bug, you won't be able to see the ports, but you don't need them anyway. For those of you who want to know them they are: 9051, 9052, 9053, 9054 and 9055.
After the connection has been established the cracking process will begin.
The way that Instainsane works is it creates a connection through the TOR network as Instagram only allows for 10 login attempts per IP to the same account. That way every 10 guesses Instainsane switches IPs through TOR to allow the cracking process. To speed up the process the script creates multiple threads.
Step 3: Success
If the password is in the wordlist, given enough patience you will have it.
Now you have your the target's Instagram password! How cool is that?!
Note: there is a bug in the script and sometimes when it finds the password it won't stop the process, so you will see more and more passwords being tested. The script pauses for a few seconds automatically every 100 guesses, so keep an eye out for the password.
Note: also when it finds the right password the target would be told that a suspicious login was attempted. As of now there is no way of getting rid of this, so sorry :(
I am not responsible for your own actions. Use this knowledge at your own risk.
If Instainsane fails to crack the password, try another wordlist.
Ask any questions or problems you have down in the comments and I will be more than glad to respond to them!
Have a nice day hacker and thank you for reading the whole article. Keep coming back for more!
36 Responses
Look what I found
bash: ./instainsane.sh: Permission denied
help plz
Before this command ./instainsane.sh, Run this command chmod +x instainsane.sh.
I faced the same issue and now its working like a charm:)
Can you send me a detailed explanation of how to download the software and run the code.
Thank you.
Email: vichithmere@gmail.com
Instagram id: vichithmere
Downloading the software is just cloning it from the git repository. The running install.sh does the rest of the job. The steps of using the software are explained in the article.
It runs well but didn`t find the right password... I make a list with just 10 passwords and the right one in the middle... it passes thru the correct password but didn't find it.
Any thouts...
Running chmod +x instainsane.sh before the start command will fix the issue.
bash: ./instainsane.sh: Permission denied
Pls help to slove my problem*
Before this command ./instainsane.sh, Run this command chmod +x instainsane.sh.
I faced the same issue and now its working like a charm:)
Hi author.... the default wordlist is working like a charm, though it gave error on 19303 entry.Anyways i wanna ask that how to specify the path to add manually word list.Can you please give an example.
Kali Linux has a lot of built in wordlists, located under /usr/share/wordlists. If you want to use another wordlist, instead of pressing ENTER when asked for a password list, just specify the path to the wordlist. Example:
/usr/share/wordlists/rockyou.txt
but how i can use my own wordlist?
Just specify the path to your own txt file. It's that simple!
I have specified the exact path , but it says cant read(sed: can't read). what should I do??!
I'm having a problem where when I write "./install.sh" it says "Tor is not installed".
Do I need to install Tor for this to work?
Yea but it's easy to get
Type in "pip install mechanize"
Then there will be a line of command to install pip and just type that in and then put in the following commands in order
install mechanize with: pip install mechanize
install requests with: pip install requests
install Tor with: sudo apt-get install tor
Hi, I try to find out the password of instagram rauszu since. but if I forget to password an e-mail address that nobody knows. The account of my girlfriend. and she and I are desperate because we can not find the password anymore. I think they can not help me unfortunately anyway I would be very grateful if there was a possibility.
this is my problem "connection to proxy 9150 : fail "
how fix it ?
thank you
Hello! When i finish the brute force it says that "passwords not tested due IP blocking" and the number of not tested passwords is the same as the number of all passwords that are on my wordlist. That means no passwords are tested at all. Do you know how to fix this problem? Thanks in advance!
Hello, Ivo! Are you sure you have Tor installed?
Yes. Actually, two days ago, when I installed Instainsane, the tool worked, and gradually started to increase the number of not tested passwords per session. I checked if Tor is updated to the last version, and also when the tool starts, all ports on Tor are set without errors. I'm using it on Ubuntu on Windows WSL if that have something to do with the problem.
Oh, that's probably the problem. The first version of WSL doesn't have really good networking support. WSL2 is already available for Windows Insider Program participants and should be available for all windows users soon. Until then, your problem will most likely persist. You can try running Ubuntu in a virtual machine.
hey i am getting a problem in installing tor openssl and curl ...after ./install.sh it is showing not installed can you tell me what to do to install them
I tried to crack my own account by including real password in my wordlist.
but after trying all passwords my real password is not founded.why?
i am getting this line:
<<I require tor but it's not installed. Run ./install.sh. Aborting.>>
i have Tor Browser installed but im guessing its not the right thing for this. please help.
i am running through terminal on a macbook air and this is the only thing not working
is there any way to get apt-get working on terminal?
Hi pls sir can you give me a clearly tutorial on how to install and use the app
I did it till the end of step 1 but after that it didn't download tor browser. What could have gone wrong?
I am using ubuntu on dual boot, after i cancel the attack it shows "Passwords not tested due IP BLocking" along with a number equal to the passwords tested.
I have tor installed and i even tried the command "service tor start" before running the command but it dosent help
I also noticed that if i disconnect my internet connection the attack continues even without internet
Asking me to "please, run this program as root" any suggestions?
Exactly . I have the same problem
just put command "sudo" before it
the program is failing to crack even a simple password it keeps going up to the last password then gets stuck there
Pls solve it ((Require all TOR connection running to continue. Exiting
SocialBox.sh: line 102: service: command not found)
Pls solve this error
please reply to my problem,
first i my attack was just going and going
then I tried adding my actual password to the wordlist.
and then also I didn't got it
but at end it was written "Passwords not tested due IP BLocking: 1"
btw I had only 1 password in wordlist now my IP address has been blocked can anybody help me with that
Btw I used tor in my every attack
If i want to try another password list how do i do that?
I used time on this (instainsane) for like years ago (i guess like 4-5 years ago) and i remember that i tried some other password list too (if i dont remember wrong) but i cant figure out how i did it, i have tried and tried ways that i thought might be how it's done etc. but no luck. Always ended with "no such file or directory" or something like that...
Can someone just tell me what i have to type in, in the last step after you type the username of the account you want to attack?
Share Your Thoughts