White Hat Institute

FBI - Facebook information gathering tool

FBI is a precise Facebook account data gathering tool, in which all sensitive data can be effectively accumulated even though the objective converts the majority of its security to (only me). Sensitive data about home, date of birth, occupation, telephone number, and email address can be retrieved easily.

To download this tool, visit the following GitHub page: https://github.com/xHak9x/fbi.”


Clone FBI tool to the “/opt” directory.

Ex: (root@kali:/opt# git clone https://github.com/xHak9x/fbi.git).

Navigate to the “fbi” folder and install the requirements.

Ex: (root@kali:/opt/fbi# pip install -r requirements.txt).

Then change the permission of the “fbi.py” file (root@kali:/opt/fbi# chmod +x fbi.py) and run it with the “python” command (root@kali:/opt/fbi# python fbi.py). On the welcome page, type “help” to view all available options.


In the screenshot below, we have a legitimate Facebook user that we have created for this tutorial. The username is “jonathan.doer.775,” and the password is “password123”. In real-life scenarios, you’ll need to get that type of information using some social engineering techniques.


Now, let’s see this tool in action by generating an access token using the “token” command. Next, specify the username and password of the victim and hit “Enter.” It will create an access token and save it as a log file.


To view the token, use the “cat” command.

Ex: (root@kali:/opt/fbi/cookie# cat token.log).

This token information can be used in many types of attack vectors, so keep this in mind and store it in the right place.


If you want to know all the available information about the victim and his friends, use the “get_data” command. In this particular example, we have zero data retrieved since we just created this account, so we have no friends.


To retrieve all phone numbers of the victim’s friends, type the “dump_phone” command. This tool will fetch all phone numbers from the friends’ list and save them in the “/fbi/output” directory as a text file.


Another cool feature of this tool is a “bot” menu. It will give you a few options to mess up with the victim’s account altogether.


Facebook is the most widely utilized social media platform. While you’re having a good time on Facebook. Many people are interested in stealing data from a Facebook account. As a result, you must understand how an attacker can take your Facebook information.