Instagram-Py – Python Script To Brute Force Attack

Instagram-Py is a straightforward python script to perform brute force attack against Instagram , this script can sidestep login restricting on wrong passwords , so fundamentally it can test boundless number of passwords.

Instagram-Py is demonstrated and can test more than 6M passwords on a solitary instagram account with less resource as possible.

This script copies the exercises of the authority instagram android application and and sends request over tor so you are secure ,but if your tor installation is misconfigured then the blame is on you.

Also Read Evasi0n Jailbreaking Tools For Apple iOS 7.x & 6.x Users

Installing Instagram-Py

using pip to get Instagram-py

Make sure you have got the latest version of pip(>= 9.0 and python(>= 3.6)

$ sudo easy_install3 -U pip # you have to install python3-setuptools , update pip
$ sudo pip3 install requests --upgrade
$ sudo pip3 install requests[socks]
$ sudo pip3 install stem
$ sudo pip3 install instagram-py
$ instagram-py # installed successfully
$ # Now lets copy the config file to your hard drive!
$ wget -O ~/instapy-config.json ""

Configuring Instagram-Py

Open your configuration file found in your home directory , this file is very important located at ~/instapy-config.json , do not change anything except tor configuration

$ vim ~/instapy-config.json # open it with your favorite text editior!

The configuration file looks like this

 "api-url" : "",
 "user-agent" : "Instagram 10.26.0 Android (18/4.3; 320dp..... ",
 "ig-sig-key" : "4f8732eb9ba7d1c8e8897a75d6474d4eb3f5279137431b2aafb71fafe2abe178",
 "ig-sig-version" : "4",
 "tor" : {
    "server" : "",
    "port" : "9050",
    "protocol" : "socks5",
    "control" : {
          "password" : "",
          "port" : "9051"


api-url : do not change this unless you know what you are doing

user-agent : do not change this unless you know your stuff

ig-sig_key : never change this unless new release, this is extracted from the instagram apk file

tor : change everything according to your tor server configuration , do not mess up!

Configuring Tor server to open control port

open your tor configuration file usually located at /etc/tor/torrc

$ sudo vim /etc/tor/torrc # open it with your text editor

search for the file for this specific section

## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
#ControlPort 9051

uncomment ‘ControlPort’ by deleting the # before ‘ControlPort’ , now save the file and restart your tor server

now you are ready to crack any instagram account , make sure your tor configuration matched ~/instapy-config.json


Finally , now you can use instagram-py!

$ instagram-py your_account_username path_to_password_list