A Python script demonstrating Discord's authentication flow, supporting both standard and 2FA-protected accounts for educational purposes only.
- 🌟 Features
⚠️ Critical Disclaimer- 🛠️ Installation
- 🚀 Usage Guide
- ⚙️ Technical Overview
- 🔒 Security Notes
- 🐛 Troubleshooting
- 📞 Contact
- Dual Authentication: Supports standard email/password login and Time-based One-Time Password (TOTP) 2FA.
- Modern API: Utilizes Discord's current v9 API endpoints with proper
X-Super-Propertiesand headers. - User-Friendly: Provides clear, color-coded console prompts and output.
- Secure Design: Does not store or log tokens and has minimal dependencies.
This project is intended solely for:
- Educational demonstrations of OAuth2 flows.
- Security research (with explicit permission).
- API interaction studies.
Strictly prohibited:
- Unauthorized access to Discord accounts.
- Harvesting user tokens.
- This code violates Discord's Terms of Service.
By using this code, you acknowledge and accept full responsibility for your actions.
- Python 3.8 or higher
- pip (Python package installer)
# Clone the repository
git clone https://github.com/RealRahan/discord-token-fetcher.git
cd discord-token-fetcher
# Install the required library
pip install requests
# Run the script
python discord_token.py- Run the
discord_token.pyscript. - Enter your Discord email and password when prompted.
- If your account has 2FA enabled:
- Open your authenticator app.
- Enter the 6-digit verification code.
- Upon successful login, your Discord token will be displayed.
- The script sends an initial login request to Discord's
/auth/loginendpoint. - The server response indicates if 2FA is required (HTTP status code 400 with the
mfaflag). - For 2FA-enabled accounts, the script exchanges a temporary ticket for TOTP verification.
- Finally, upon successful authentication, the access token is retrieved.
- Token Display: The fetched token is displayed only once and is not stored by the script.
- Clipboard Avoidance: The script does not automatically copy the token to the clipboard to minimize potential exposure.
- HTTPS Only: All network communication is conducted over secure HTTPS.
- No Proxies: The script connects directly to Discord's servers without using intermediate proxies.
- Isolated Environment: It is recommended to run this script in an isolated environment for testing purposes.
- Token Revocation: After you have finished using the script for its intended purpose, consider revoking the generated token through your Discord settings.
| Error | Solution |
|---|---|
| Captcha required | Wait 1-2 hours before attempting to log in again. |
| Invalid email/password | Double-check your login credentials. |
| Invalid 2FA code | Ensure the code from your authenticator app is current and entered correctly. |
| Rate limited | Reduce the frequency of your requests. |
requests module not found |
Run pip install requests in your terminal. |
For questions you can dm me:
