**Developed by DRCrypter for authorized security testing and educational purposes only.
Warworm Stealer is a simple as another stealer using for collecting many information details of pc, browser password, data, crypto wallet, many useful information but in this part I have combine idea with worm on networking (LAN) that helpful you understanding security research framework designed for authorized penetration testing, cybersecurity education, and threat simulation. It represents a sophisticated implementation of modern information gathering and lateral movement techniques commonly observed in advanced persistent threats (APTs), packaged within an accessible web-based builder interface (Easy to use).
Warworm Stealer a builder-stub architecture with three primary components:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BUILDER LAYER (Flask) β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββ
β β Web Dashboardβ β Config API β β PyInstaller ββ
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CONFIGURATION LAYER β
β feature off/on & delivery settings β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β EXECUTABLE LAYER (Stub) β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββ
β β Data Collectionβ Network Worm β β Persistence ββ
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
- Configuration Step: User selects capabilities via web dashboard (WebUI)
- Compilation Step: Builder injects configuration into template stub
- Distribution Step: PyInstaller packages modules into single executable
- Execution Step: Execute our *Exe to your lab with configuration (setup from WebUI)
- Delivery Results Step: Sent all Success Data Reporting by zip to Discord or Telegram
π v1.3.0 Update: Introducing Remote Management - Control client remotely via browser!
Live desktop streaming, web-based file manager, and ngrok tunnel support. Features a clean WebUI dashboard with secure token authentication.
| βοΈ Module | π― Purpose | π Key Highlights |
|---|---|---|
| π§ Info Gathering | System profiling | Hardware, OS, IP, users, installed apps |
| π Credential Access | Extract sensitive data | Browser passwords, WiFi creds, session tokens |
| πΈ Surveillance | Monitor environment | Screenshots, active windows, multi-monitor |
| π Network Ops (Worm) | Spread & scan network | Host discovery, port scanning, brute-force services (FTP, SSH, Telnet, SMB, RDP) |
| π° Crypto Clipper | Hijack transactions | Replaces crypto wallet addresses (BTC, ETH, XMR, LTC, DOGE) |
| π Persistence | Maintain access | Registry, startup (Startup) |
| π€ Exfiltration | Send collected data | Telegram / Discord delivery |
| π₯ Debug Telemetry | Error tracking & diagnostics | Auto-logs errors.txt with timestamps, included in zip delivery |
| π₯οΈ Remote Management (NEW 1.3.0) | Remote monitoring & control | Remote Desktop (real-time streaming), File Manager (web-based), Ngrok tunnel, unified password auth |
Secure Build Dashboard |
Build Settings |
New Builder |
Remote Desktop - Live Streaming |
File Manager - Web Based |
RMM Page |
Secure Authentication Login |
System Overview |
Credentials & Passwords |
Network Scan Results |
Telegram Delivery |
||
Remote Access Panel (New v1.3.0) |
||
.
Warworm-Stealer/
β
βββ π Root Configuration
β βββ builder.py # Flask application entry point
β βββ stub.txt # Template loader with configuration injection
β βββ main_debug.py # Standalone execute on VM-LAB (debug mode or developer mode)
β βββ dashboard.html # Frontend interface (embedded in builder)
β
βββ π modules/ # Core functionality
β βββ bot.py # Delivery by method Discord Webhook or Telegram bot
β βββ browser_stealer.py # Multi-browser credential login
β βββ collected_info.py # System collect in USER-PC
β βββ crypto_clipper.py # Clipboard monitoring
β βββ discord_token.py # Grab Discord session
β βββ persistence.py # Auto STARTUP
β βββ telegram_steal.py # Grab Telegram session
β βββ wifi_stealer.py # Grab WIFI Password
β βββ worm_network.py # Network scanner & brute force
β
βββ π templates/ # Web interface assets
β βββ dashboard.html # Web UI for configuration
β
βββ π upx/ # Compression binaries
β βββ upx.exe # Ultimate Packer for eXecutables
β
βββ π builds/ # Temporary compilation directories
β βββ build_YYYYMMDD_HHMMSS/ # Timestamped build folders
β
βββ π File_Generated/ # π₯ Final output directory
β βββ Cliented_*.exe # Compiled executables
β
βββ π dist/ # PyInstaller default output (Source code *.py)
ββββ π requirements.txt # Dependency
# Clone repository
git clone [repository-url]
cd Warworm-Stealer
# Create virtual environment
python -m venv .venv
# Activate environment
# Windows:
.venv\\Scripts\\activate
# Linux/Mac:
source .venv/bin/activate
# Install dependencies
pip install -r requirements.txt
# Optional: Place UPX binary
mkdir upx
# Copy upx.exe to upx/ directory
# Launch builder
python builder.pyOpen web browser to: http://127.0.0.1:5000
β Authorized Activities:
- Penetration testing with written authorization
- Security research in isolated environments
- Educational demonstrations in classroom settings
- CTF competition challenge creation
- Personal system security auditing
- Malware analysis sandboxing
β Illegal Activities:
- Deployment on systems without explicit permission
- Credential theft from unauthorized targets
- Network scanning of infrastructure without authorization
- Cryptocurrency address substitution in real transactions
- Any activity violating CFAA, GDPR, or local laws
| Version | Date | Changes |
|---|---|---|
| 1.3.0 | 2026-04-07 | Remote Monitoring Management (Remote Desktop streaming, File Manager, Ngrok tunnel), Clean WebUI Dashboard with token auth |
| 1.2.0 | 2026-03-25 | Debug Telemetry (Error tracking, auto-logs errors.txt with timestamps) |
| 1.0.0 | 2026-03-17 | Initial release with full module suite |
Primary Development: DRCrypter.ru
Framework Architecture: Sentinel Builder v1.2 base
UI Design: Cyberpunk theme with neon accents
Module Contributions: Community security researchers
- PyInstaller (GPL-compatible)
- Flask (BSD)
- Paramiko (LGPL)
- Cryptography (Apache/BSD)
Join Telegram: https://t.me/burnwpcommunity
Website: https://drcrypter.net
More tools, resources, and updates are shared on the website + community.
These techniques are commonly studied by security teams to understand threats such as:
- Infostealer malware
- Botnets
- Ransomware loaders
- Advanced Persistent Threats (APT)
Understanding them helps build:
- π malware detection tools
- π‘οΈ endpoint security systems
- π SIEM detection rules
β Star this repository if you find it valuable for security education and research!
This tool is for educational purposes only. π« The creator and contributors are not responsible for any misuse or damages caused. Use responsibly, and only on systems you own or have permission for. β
