{"id":37096755,"url":"https://github.com/hackirby/skuld","last_synced_at":"2026-01-14T11:54:26.453Z","repository":{"id":204907558,"uuid":"709750012","full_name":"hackirby/skuld","owner":"hackirby","description":"Next-Gen Stealer written in Go. Stealing from Discord,  Chromium-Based \u0026 Firefox-Based Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For educational purposes only)","archived":false,"fork":false,"pushed_at":"2024-12-11T23:35:31.000Z","size":750,"stargazers_count":348,"open_issues_count":16,"forks_count":97,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-09-01T18:48:26.942Z","etag":null,"topics":["clipper","cookies","cookies-grabber","crypto-stealer","discord","discord-token-grabber","ethical-hacking-tools","firefox","golang","hack","hacking","info-logger","injection","logger","malware","passwords","stealer","token-grabber","wallets"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hackirby.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-25T10:21:57.000Z","updated_at":"2025-08-31T22:57:46.000Z","dependencies_parsed_at":null,"dependency_job_id":"68cbfddb-52ec-4179-81ff-50e79bbd059f","html_url":"https://github.com/hackirby/skuld","commit_stats":null,"previous_names":["hackirby/skuld"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hackirby/skuld","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fskuld","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fskuld/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fskuld/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fskuld/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hackirby","download_url":"https://codeload.github.com/hackirby/skuld/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hackirby%2Fskuld/sbom","scorecard":{"id":452251,"data":{"date":"2025-08-11","repo":{"name":"github.com/hackirby/skuld","commit":"af8fb05813f41a7f5b3a7afc31c047314d781447"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Code-Review","score":1,"reason":"Found 3/19 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T08:30:18.787Z","repository_id":204907558,"created_at":"2025-08-19T08:30:18.787Z","updated_at":"2025-08-19T08:30:18.787Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28419272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clipper","cookies","cookies-grabber","crypto-stealer","discord","discord-token-grabber","ethical-hacking-tools","firefox","golang","hack","hacking","info-logger","injection","logger","malware","passwords","stealer","token-grabber","wallets"],"created_at":"2026-01-14T11:54:26.010Z","updated_at":"2026-01-14T11:54:26.439Z","avatar_url":"https://github.com/hackirby.png","language":"Go","readme":"\u003cdiv align=\"center\"\u003e\n\u003ca href=\"https://github.com/hackirby/skuld/network/members\"\u003e\u003cimg src=\"https://img.shields.io/github/forks/hackirby/skuld.svg?style=for-the-badge\u0026color=b143e3\" alt=\"Forks\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/hackirby/skuld/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/hackirby/skuld.svg?style=for-the-badge\u0026color=b143e3\" alt=\"Stargazers\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/hackirby/skuld/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/hackirby/skuld.svg?style=for-the-badge\u0026color=b143e3\" alt=\"Issues\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/hackirby/skuld/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/hackirby/skuld.svg?style=for-the-badge\u0026color=b143e3\" alt=\"MIT License\"\u003e\u003c/a\u003e\n\u003c/div\u003e\n\n\u003cbr\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./.github/assets/avatar.png\" width=100  \u003e\n\u003c/p\u003e\n\n\n\n\u003ch1 align=\"center\"\u003eSkuld Stealer\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003eGo-written Malware targeting Windows systems, extracting User Data from Discord, Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For Educational Purposes only)\u003c/p\u003e\n\n---\n\n\u003cdetails\u003e\n  \u003csummary\u003eTable of Contents\u003c/summary\u003e\n  \u003col\u003e\n    \u003cli\u003e\n      \u003ca href=\"#about-the-project\"\u003eAbout The Project\u003c/a\u003e\n      \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\n      \u003ca href=\"#getting-started\"\u003eGetting Started\u003c/a\u003e\n      \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#prerequisites\"\u003ePrerequisites\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#preview\"\u003ePreview\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#remove\"\u003eRemove\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#license\"\u003eLicense\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#contact\"\u003eContact\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#acknowledgments\"\u003eAcknowledgments\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#disclaimer\"\u003eDisclaimer\u003c/a\u003e\u003c/li\u003e  \u003c/ol\u003e\n\u003c/details\u003e\n\n## About the project\n\nThis proof of concept project demonstrates a \"Discord-oriented\" stealer implemented in Go. The malware operates on Windows systems and use fodhelper.exe technique for privileges elevation. By elevating privileges, the malware gains access to all user sessions on every disk\n\n### Features:\n\n- [antidebug](https://github.com/hackirby/skuld/blob/main/modules/antidebug/antidebug.go): Terminates debugging tools.\n- [antivirus](https://github.com/hackirby/skuld/blob/main/modules/antivirus/antivirus.go): Disables Windows Defender and blocks access to antivirus websites.\n- [antivm](https://github.com/hackirby/skuld/blob/main/modules/antivm/antivm.go): Detects and exits when running in virtual machines (VMs).\n- [browsers](https://github.com/hackirby/skuld/blob/main/modules/browsers/browsers.go):\n  - Steals logins, cookies, credit cards, history, and download lists from 37 Chromium-based browsers.\n  - Steals logins, cookies, history, and download lists from 10 Gecko browsers.\n- [clipper](https://github.com/hackirby/skuld/blob/main/modules/clipper/clipper.go): Replaces the user's clipboard content with a specified crypto address when copying another address.\n- [commonfiles](https://github.com/hackirby/skuld/tree/main/modules/commonfiles/commonfiles.go): Steals sensitive files from common locations.\n- [discodes](https://github.com/hackirby/skuld/blob/main/modules/discodes/discodes.go): Captures Discord Two-Factor Authentication (2FA) backup codes.\n- [discordinjection](https://github.com/hackirby/skuld/blob/main/modules/discordinjection/injection.go):\n  - Intercepts login, register, and 2FA login requests.\n  - Captures backup codes requests.\n  - Monitors email/password change requests.\n  - Intercepts credit card/PayPal addition requests.\n  - Blocks the use of QR codes for login.\n  - Prevents requests to view devices.\n- [fakerror](https://github.com/hackirby/skuld/blob/main/modules/fakeerror/fakeerror.go): Trick user into believing the program closed due to an error.\n- [games](https://github.com/hackirby/skuld/blob/main/modules/games/games.go): Extracts Epic Games, Uplay, Minecraft (14 launchers) and Riot Games sessions.\n- [hideconsole](https://github.com/hackirby/skuld/blob/main/modules/hideconsole/hideconsole.go): Module to hide the console.\n- [startup](https://github.com/hackirby/skuld/blob/main/modules/startup/startup.go): Ensures the program runs at system startup.\n- [system](https://github.com/hackirby/skuld/blob/main/modules/system/system.go): Gathers CPU, GPU, RAM, IP, location, saved Wi-Fi networks, and more.\n- [tokens](https://github.com/hackirby/skuld/blob/main/modules/tokens/tokens.go): Extracts tokens from 4 Discord applications, Chromium-based browsers, and Gecko browsers.\n- [uacbypass](https://github.com/hackirby/skuld/blob/main/modules/uacbypass/bypass.go): Grants privileges to steal user data from others users.\n- [wallets](https://github.com/hackirby/skuld/blob/main/modules/wallets/wallets.go): Steals data from 10 local wallets and 55 wallet extensions.\n- [walletsinjection](https://github.com/hackirby/skuld/blob/main/modules/walletsinjection/walletsinjection.go): Captures mnemonic phrases and passwords from 2 crypto wallets.\n\n## Getting started\n\n### Prerequisites\n\n* [Git](https://git-scm.com/downloads)\n* [The Go Programming Language](https://go.dev/dl/)\n\n### Installation\nTo install this project using Git, follow these steps:\n\n- Clone the Repository:\n\n```bash\ngit clone https://github.com/hackirby/skuld\n```\n- Navigate to the Project Directory:\n\n```bash\ncd skuld\n```\n\n## Usage\n\nYou can use the Project template:\n\n- Open `main.go` and edit config with your Discord webhook and your crypto addresses\n\n- Build the template: (reduce binary size by using `-s -w`)\n\n```bash\ngo build -ldflags \"-s -w\"\n```\n\n- You can hide the console without `hideconsole` module (you must remove `program.IsAlreadyRunning()` check from `main.go` before) by running\n\n```bash\ngo build -ldflags \"-s -w -H=windowsgui\"\n```\n\n- You can also optionally pack the output executable with UPX which will reduce the binary size from ~10MB to ~3MB. To do this, install [UPX](https://github.com/upx/upx/releases/) and run\n\n```bash\nupx.exe --ultra-brute skuld.exe\n```\n\n- You can also use skuld in your own Go code. Just import the desired module like this:\n```go\npackage main\n\nimport \"github.com/hackirby/skuld/modules/hideconsole\"\n\nfunc main() {\n  hideconsole.Run()\n}\n```\n\n## Preview\n\n![](.github/assets/system.png)\n\n![](.github/assets/browsers.png)\n\n![](.github/assets/token.png)\n\n![](.github/assets/discodes.png)\n\n![](.github/assets/wallets.png)\n\n![](.github/assets/games.png)\n\n![](.github/assets/codes.png)\n\n\n## Remove\n\nThis guide will help you removing skuld from your system\n\n1. Open powershell as administrator\n\n2. Kill processes that could be skuld\n\n```bash\ntaskkill /f /t /im skuld.exe\ntaskkill /f /t /im SecurityHealthSystray.exe\n```\n\n(use `tasklist` to list all running processes, skuld.exe and SecurityHealthSystray.exe are the default names)\n\n3. Remove skuld from startup\n```bash\nreg delete \"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\" /v \"Realtek HD Audio Universal Service\" /f\n```\n\n(Realtek HD Audio Universal Service is the default name)\n\n4. Enable Windows defender:\n\nYou can do it by running this [.bat script](https://github.com/TairikuOokami/Windows/blob/main/Microsoft%20Defender%20Enable.bat) (I'm not the developer behind it, make sure the file does not contain malware)\n\n## Contributing\nContributions to this project are welcome! Feel free to open issues, submit pull requests, or suggest improvements. Make sure to follow the [Contributing Guidelines](https://github.com/hackirby/skuld/blob/main/CONTRIBUTING.md)\n\nYou can also support this project development by leaving a star ⭐ or by donating me. Every little tip helps!\n\n\u003ca href='https://ko-fi.com/hackirby'\u003e\u003cimg src='.github/assets/kofi.png' width=150\u003e\u003c/a\u003e\n\n## License\nThis library is released under the MIT License. See LICENSE file for more informations.\n\n## Contact\nIf you have any questions or need further assistance, please contact [@hackirby:matrix.org\n](https://matrix.to/#/@hackirby:matrix.org)\n\n## Acknowledgments\nThis project has been greatly influenced by numerous infostealers available on GitHub. Many functions and sensitive paths have been derived from public repositories. My objective was to innovate by creating something new with code from existing projects. I extend my gratitude to all those whose work has contributed to this stealer, especially\n- [FallenAstaroth](https://github.com/FallenAstaroth/stink) for tempfile-less browsers data extraction\n- [ᴍᴏᴏɴD4ʀᴋ](https://github.com/moonD4rk/HackBrowserData) for browsers data decryption\n- [addi00000](https://github.com/addi00000/empyrean) for Discord embeds design\n- [Blank-c](https://github.com/Blank-c/Blank-Grabber) for antivirus-related functions and more\n- [6nz](https://github.com/6nz/virustotal-vm-blacklist) for antivm blacklists\n\n## Disclaimer\n\n### Important Notice: This tool is intended for educational purposes only.\n\nThis software, referred to as skuld, is provided strictly for educational and research purposes. Under no circumstances should this tool be used for any malicious activities, including but not limited to unauthorized access, data theft, or any other harmful actions.\n\n### Usage Responsibility:\n\nBy accessing and using this tool, you acknowledge that you are solely responsible for your actions. Any misuse of this software is strictly prohibited, and the creator (hackirby) disclaims any responsibility for how this tool is utilized. You are fully accountable for ensuring that your usage complies with all applicable laws and regulations in your jurisdiction.\n\n### No Liability:\n\nThe creator (hackirby) of this tool shall not be held responsible for any damages or legal consequences resulting from the use or misuse of this software. This includes, but is not limited to, direct, indirect, incidental, consequential, or punitive damages arising out of your access, use, or inability to use the tool.\n\n### No Support:\n\nThe creator (hackirby) will not provide any support, guidance, or assistance related to the misuse of this tool. Any inquiries regarding malicious activities will be ignored.\n\n### Acceptance of Terms:\n\nBy using this tool, you signify your acceptance of this disclaimer. If you do not agree with the terms stated in this disclaimer, do not use the software.\n","funding_links":["https://ko-fi.com/hackirby'"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackirby%2Fskuld","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhackirby%2Fskuld","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhackirby%2Fskuld/lists"}