Instagram contained two distinct vulnerabilities that allowed an attacker to brute-force
passwords of user accounts. Combined with user enumeration, a weak password policy
no 2FA nor other mitigating security controls, this could have allowed an attacker to compromise
many accounts without any user interaction, including high-profile ones.
Facebook fixed both issues and awarded a combined bounty of $5.000.
apt-get install tor
git clone https://github.com/Ha3MrX/InstaBrute
cd InstaBrute
chmod +x insta.sh
./insta.sh
