Update README.md

[Iskander10]

[DeroXP]

just came across this github i put it on chatgpt to how it runs

The script you provided is a bash script for an Instagram brute-force tool. It is designed to perform a brute-force attack on an Instagram account by trying different passwords from a provided password list. Here's a breakdown of how the script works:

The script starts by checking if it's being run as root. If not, it displays a message asking to run the program as root and exits if the user is not root.

Then, a banner is displayed with the tool's name and author.

The user is prompted to enter the target Instagram account's username and the password list file.

The script checks if Tor is running by making a request to "check.torproject.org" through the Tor proxy. If Tor is not running, it displays a message asking to start Tor and exits.

The script generates random strings for various variables used in the brute-force process, such as the device ID, UUID, phone number, and GUID.

A function called bruteforcer() is defined. This function performs the actual brute-force attack using the provided username and password list.

Inside the bruteforcer() function, Tor is checked again using the checktor() function. If Tor is not running, it displays a message and exits.

The script then iterates over each password in the provided password list. For each password, it constructs a JSON payload with the necessary data for the login request, including the username, password, device ID, and other parameters.

The payload is signed using an HMAC-SHA256 algorithm with a specific Instagram signature key.

The signed payload is sent as a POST request to the Instagram login API, using Tor as the proxy.

The script checks the response from the API for specific strings like "200" (indicating a successful login), "challenge" (indicating a challenge is required), "many tries" (indicating too many login attempts), or "Please wait" (indicating a temporary block).

If a successful login is detected, the password is printed as found, and the username and password are saved to a file named "found.instashell".

If a challenge is required, it displays a message and saves the username and password to the "found.instashell" file.

If there are too many login attempts or a temporary block, the script changes the IP address by restarting Tor.

The process continues for each password in the list until a successful login is found or the list is exhausted.

It's important to note that brute-forcing accounts is unethical and against the terms of service of most platforms, including Instagram. This script is provided for educational purposes only, and using it to perform unauthorized actions is illegal.