From 0216b3c2b4456adbf8eab348e5a36dc4d024f56f Mon Sep 17 00:00:00 2001
From: moony <moony@howtouse.email>
Date: Fri, 7 Aug 2020 19:28:21 +0000
Subject: [PATCH] Upload files to ''

---
 package.json      |  20 ++
 sensorData.js     | 139 +++++++++++++
 server.js         | 496 ++++++++++++++++++++++++++++++++++++++++++++++
 virtualization.js |  23 +++
 4 files changed, 678 insertions(+)
 create mode 100644 package.json
 create mode 100644 sensorData.js
 create mode 100644 server.js
 create mode 100644 virtualization.js

diff --git a/package.json b/package.json
new file mode 100644
index 0000000..db1bba4
--- /dev/null
+++ b/package.json
@@ -0,0 +1,20 @@
+{
+  "name": "akamai",
+  "version": "1.0.0",
+  "description": "",
+  "main": "server.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node server.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/xsploited/akamai.git"
+  },
+  "author": "Moony",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/xsploited/akamai/issues"
+  },
+  "homepage": "https://github.com/xsploited/akamai#readme"
+}
diff --git a/sensorData.js b/sensorData.js
new file mode 100644
index 0000000..615e802
--- /dev/null
+++ b/sensorData.js
@@ -0,0 +1,139 @@
+/*
+ * ByePASS by Moony
+ * Version 1.0.0
+ * This file processes and decrypts the sensor data.
+*/
+
+const request = require('request');
+var beautify = require('js-beautify').js;
+
+module.exports = {
+    grab: (urls, cocaine, hostName, callback) => {
+        url = new URL(urls);
+            getUrl = hostName ? `${url.protocol}//${url.hostname}` : urls;
+            request.get(getUrl, {
+        headers: {
+            ACCEPT: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
+            'ACCEPT-ENCODING': 'gzip, deflate, br',
+            'ACCEPT-LANGUAGE': 'en-US,en;q=0.9',
+            'HOST': url.hostname,
+            'SEC-FETCH-MODE': 'navigate',
+            'SEC-FETCH-SITE': 'none',
+            'SEC-FETCH-USER': '?1',
+            'UPGRADE-INSECURE-REQUESTS': 1,
+            'USER-AGENT': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36',
+            cookie: cocaine
+        },
+        encoding: null,
+        gzip: true,
+        jar: request.jar()
+    }, (err, resp) => {
+        if (err != null) {
+            console.log(err);
+        } else {
+            let pattern = /var _cf = _cf.*?><script type=".*?  src=\"(.*?)\"/g;
+            let match = pattern.exec(resp.body);
+            if (match[1]) {
+                let scriptUrl = `${url.protocol}//${url.hostname}${match[1]}`
+                getScript(scriptUrl, (e) => { return callback({err: false, d: e, url: scriptUrl }); }); 
+            }
+            else
+                return callback({err: true, d:"Couldn't find akamai script."});
+        }
+    });
+    },
+ /*   grabScriptUrl: (urls, cocaine, callback) => {
+        console.log(urls)
+        url = new URL(urls);
+            request.get(url, {
+        headers: {
+            ACCEPT: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng;q=0.8,application/signed-exchange;v=b3;q=0.9',
+            'ACCEPT-ENCODING': 'gzip, deflate, br',
+            'ACCEPT-LANGUAGE': 'en-US,en;q=0.9',
+            'HOST': url.hostname,
+            'SEC-FETCH-MODE': 'navigate',
+            'SEC-FETCH-SITE': 'none',
+            'SEC-FETCH-USER': '?1',
+            'UPGRADE-INSECURE-REQUESTS': 1,
+            'USER-AGENT': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36',
+            cookie: cocaine
+        },
+        encoding: null,
+        gzip: true,
+        jar: request.jar()
+    }, (err, resp, bd) => {
+        if (err != null) {
+            console.log(err);
+        } else {
+            let pattern = /var _cf = _cf.*?><script type=".*?  src=\"(.*?)\"/g;
+            let match = pattern.exec(resp.body);
+            if(!match) return callback(null);
+           return callback(`${url.protocol}//${url.hostname}` + match[1]);
+        }
+    });
+    } */
+};
+
+function replaceStuff(script, url, protocol)
+{
+  script = script.replace(`bmak["pen"] = window["_phantom"] ? 1 : 0, bmak["wen"] = window["webdriver"] ? 1 : 0, bmak["den"] = window["domAutomation"] ? 1 : 0`, `bmak["pen"] = 0, bmak["wen"] = 0, bmak["den"] = 0`);
+  script = script.replace(`a = window["\$cdc_asdjflasutopfhvcZLmcfl_"] || document["\$cdc_asdjflasutopfhvcZLmcfl_"] ? "1" : "0";`, `"0"`);
+  script = script.replace(`t = null != window["document"]["documentElement"]["getAttribute"]("webdriver") ? "1" : "0"`, `t = null != "0";`);
+  script = script.replace(`e = void 0 !== navigator["webdriver"] && navigator["webdriver"] ? "1" : "0";`, `e = void 0 !== "0";`);
+  script = script.replace(`n = void 0 !== window["webdriver"] ? "1" : "0";`, `n = void 0 !== "0";`);
+  script = script.replace(`o = void 0 !== window["XPathResult"] || void 0 !== document["XPathResult"] ? "1" : "0";`, `o = void 0 !== "0";`);
+  script = script.replace(`m = null != window["document"]["documentElement"]["getAttribute"]("driver") ? "1" : "0";`, `m = null != "0";`);
+  script = script.replace(`return r = null != window["document"]["documentElement"]["getAttribute"]("selenium") ? "1" : "0", [a, t, e, n, o, m, r]["join"](",")`, `return r = null != 0, [a, t, e, n, o, m, r].join(",");`);
+  script = script.replace(`return bmak["enReadDocUrl"] ? document["URL"]["replace"](/\\\\|"/g, "") : ""`, `return "${url}"`);
+  script = script.split(`document["location"]["protocol"]`).join(`"${protocol}"`)
+  script = script.split(`document["location"]["hostname"]`).join(`"${url}"`)
+  script = script.replace(`var o = "{"sensor_data":"" + bmak["sensor_data"] + ""}";`, `var o = \`{"sensor_data":"\` + bmak["sensor_data"] + \`"}\`;`)
+  script = script.replace(`t["fpValstr"] = e["replace"](/\\"/g, "\\\\"");`, `t["fpValstr"] = e["replace"](/\"/g, "\\\\\\\\\\"");`);
+  script = script.replace(`bmak["auth"] = ","auth" : "" + n + """, e["setRequestHeader"] && (e["setRequestHeader"]("Content-type", "application/json"), e["setRequestHeader"]("Authorization", "Basic " + n), bmak["auth"] = "");`, `bmak["auth"] = ",\\"auth\\" : \\"" + n + "\\"", e.setRequestHeader && (e.setRequestHeader("Content-type", "application/json"), e.setRequestHeader("Authorization", "Basic " + n), bmak["auth"] = "");`);
+  script = script.replace(`var o = "{"session_id" : "" + bmak["session_id"] + "","sensor_data" : "" + bmak["sensor_data"] + """ + bmak["auth"] + "}";`, `var o = "{\\"session_id\\" : \\"" + bmak["session_id"] + "\\",\\"sensor_data\\" : \\"" + bmak["auth"] + "\\"" + bmak["auth"] + "}";`)
+  return script;
+}
+ 
+function getScript(url, cb)
+{
+    var uri = new URL(url);
+  request.get(url, {
+    headers: {
+            ACCEPT: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
+            'ACCEPT-ENCODING': 'gzip, deflate, br',
+            'ACCEPT-LANGUAGE': 'en-US,en;q=0.9',
+            'HOST': uri.hostname,
+            'SEC-FETCH-MODE': 'navigate',
+            'SEC-FETCH-SITE': 'none',
+            'SEC-FETCH-USER': '?1',
+            'UPGRADE-INSECURE-REQUESTS': 1,
+            'USER-AGENT': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36',
+            cookie: ''
+    },
+    gzip: true
+  }, (err, resp) => {
+    if (err != null) {
+      console.log(err);
+    }
+    else {
+      let pretty = beautify(resp.body, { indent_size: 2, space_in_empty_paren: true, unescape_strings: true });
+ 
+      let arrayPattern = /var _ac = (\[.*?])/g;
+ 
+      let array = arrayPattern.exec(pretty)[1];
+      let _ac = eval(array);
+ 
+      let pattern = /_ac\[([0-9]+)\]/g;
+ 
+      var matches;
+      while (matches = pattern.exec(pretty)) {
+       pretty = pretty.split(matches[0]).join(`"${_ac[matches[1]]}"`)
+      }
+
+      pretty = pretty.replace(array, '[]')
+      pretty = replaceStuff(pretty, uri.hostname, uri.protocol);
+
+      return cb(pretty)
+    }
+  });
+}
diff --git a/server.js b/server.js
new file mode 100644
index 0000000..af90dab
--- /dev/null
+++ b/server.js
@@ -0,0 +1,496 @@
+/*
+ * ByePASS by Moony
+ * Version 1.0.0
+ * This file file handles the API on the web server.
+*/
+
+const express = require('express');
+const bodyParser = require('body-parser');
+const sensor = require('./src/sensorGather');
+const bcrypt = require('bcrypt');
+const crypto = require('crypto');
+const fs = require("fs");
+const whitelist = require('./whitelist.json');
+const uuid = require('uuid/v1');
+const WebSocket = require('ws');
+const request = require('request');
+const cookieParser = require('cookie-parser');
+const db = require('better-sqlite3')('database.db');
+const virtualization = require('./src/virtualization');
+const scriptCache = require('./cache.json')
+const app = express();
+const jsdom = require("jsdom");
+const { JSDOM } = jsdom;
+
+process.on('uncaughtException', (err) => {});
+
+app.set('view engine', 'ejs');
+app.use(bodyParser.json());
+app.use(cookieParser());
+app.use(express.static('./public'));
+
+app.use((req, res, next) => {
+    if(req.get('host') && req.get('host').includes('platinbots.')) return res.end(require('fs').readFileSync('./closed.html')); else next();
+});
+
+app.use((req, res, next) => {
+    var path = (req.url === '/' ? '/index.html' : req.url);
+    if (fs.existsSync('./sites/'+req.get('host').toLowerCase())) {
+        fs.readFile('./sites/'+req.get('host').toLowerCase() + path, (err, data) => {
+            if(err) return res.status(404), res.end('path ' + path + ' not found');
+            return res.end(data);
+        });
+    } else next();
+});
+
+app.get('/', async (req, res) => {
+    return res.render('index', {
+        avg: calculateAvg(),
+        servers: getServers().length
+    });
+});
+
+app.get('/login', async (req, res) => {
+    let row = databaseOperations.checkToken(req.cookies.token);
+    if(!row)return res.render('login');
+    return res.redirect('/panel');
+});
+
+app.get('/register', async (req, res) => {
+    let row = databaseOperations.checkToken(req.cookies.token);
+    if(!row) return res.render('register');
+    return res.redirect('/panel');
+});
+
+app.get('/panel', async (req, res) => {
+    let row = databaseOperations.checkToken(req.cookies.token);
+    if(!row)return res.render('login');
+    if(!databaseOperations.getMetadataValue(row.id, 'expire')) databaseOperations.updateOrSetMetadataValue(row.id, 'expire', -1); 
+    if(!databaseOperations.getMetadataValue(row.id, 'admin')) databaseOperations.updateOrSetMetadataValue(row.id, 'admin', false); 
+    if(!databaseOperations.getFromId(row.id).apiKey) databaseOperations.setApiToken(row.id);
+    return res.render('panel', {
+        apiToken: row.apiKey,
+        sub: databaseOperations.hasActiveSub(row.id),
+        admin: databaseOperations.getMetadataValue(row.id, 'admin'),
+        uid: row.id,
+        subExpire: getExpire(row.id),
+        limited: databaseOperations.isLimitedAccount(row.id),
+        users: db.prepare('SELECT id, username FROM users').all()
+    });
+});
+
+app.get('/panel/support', async (req, res) => {
+    let row = databaseOperations.checkToken(req.cookies.token);
+    if(!row)return res.render('login');
+    if(!databaseOperations.getMetadataValue(row.id, 'expire')) databaseOperations.updateOrSetMetadataValue(row.id, 'expire', -1); 
+    if(!databaseOperations.getMetadataValue(row.id, 'admin')) databaseOperations.updateOrSetMetadataValue(row.id, 'admin', false); 
+    return res.render('support', {
+        apiToken: row.apiKey,
+        sub: databaseOperations.hasActiveSub(row.id),
+        admin: databaseOperations.getMetadataValue(row.id, 'admin'),
+        uid: row.id,
+        subExpire: getExpire(row.id),
+        limited: databaseOperations.isLimitedAccount(row.id)
+    });
+});
+
+function getExpire(id)
+{
+    let distance = new Date(databaseOperations.getMetadataValue(id, 'expire')) - new Date().getTime();
+
+    var days = Math.floor(distance / (1000 * 60 * 60 * 24));
+    var hours = Math.floor((distance % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60));
+
+    return `${days} days and ${hours} hours.`;
+}
+
+app.get('/api/regenerate', (req, res) => {
+    let row = databaseOperations.checkToken(req.cookies.token);
+    if(!row)return res.json({err: true, msg: 'authorization error'});
+    return res.json({err: false, token: databaseOperations.setApiToken(row.id)});
+});
+
+app.post('/api/login', (req, res) => {
+    let result = databaseOperations.checkCredentials(req.body.username, req.body.password);
+    if(!result) return res.json({err: true, msg: 'incorrect credentials'});
+    let token = databaseOperations.setToken(result.id);
+    res.cookie('token', token);
+    res.json({err:false})
+});
+
+app.post('/api/extendsub', (req, res) => {
+    let row = databaseOperations.checkToken(req.cookies.token);
+    let isAdmin = databaseOperations.getMetadataValue(row.id, 'admin');
+    if(!isAdmin) return;
+    databaseOperations.updateOrSetMetadataValue(req.body.target, 'expire', req.body.time);
+    res.end(null);
+});
+
+app.post('/api/setrestrictions', (req, res) => {
+    let row = databaseOperations.checkToken(req.cookies.token);
+    let isAdmin = databaseOperations.getMetadataValue(row.id, 'admin');
+    if(!isAdmin) return;
+    if(req.body.modules !== '') databaseOperations.updateOrSetMetadataValue(req.body.target, 'modules', req.body.modules.split('\n')); else databaseOperations.updateOrSetMetadataValue(req.body.target, 'modules', []);
+    res.end(null);
+});
+
+app.post('/api/register', (req, res) => {
+    let token = databaseOperations.register(req.body.username, req.body.password);
+    if(!token) return res.json({err: true, msg: 'username taken'})
+    res.cookie('token', token);
+    res.json({err:false})
+});
+
+function ab(a) {
+    if (null == a) return -1;
+    try {
+        for (var t = 0, e = 0; e < a.length; e++) {
+            var n = a.charCodeAt(e);
+            n < 128 && (t += n)
+        }
+        return t
+    } catch (a) {
+        return -2
+    }
+}
+
+function getO9()
+{
+    var a = get_cf_date() % 1e7
+    for (var t = a, e = 0; e < 5; e++) {
+        var n = pi(a / Math.pow(10, e)) % 10,
+            o = n + 1,
+            m = "return a" + cc(n) + o + ";";
+        t = new Function("a", m)(t)
+    }
+    return t;
+}
+
+function cc (a) {
+    var t = a % 4;
+    2 == t && (t = 3);
+    var e = 42 + t;
+    return String.fromCharCode(e)
+}    
+
+function pi(a) {
+    return parseInt(a)
+}
+
+function get_cf_date() {
+    return Date.now ? Date.now() : +new Date
+}
+
+function rir(a, t, e, n) {
+    return a > t && a <= e && (a += n % (e - t)) > e && (a = a - e + t), a
+  }
+
+function od(a, t) {
+    try {
+        a = String(a), t = String(t);
+        var e = [],
+            n = t.length;
+        if (n > 0) {
+            for (var o = 0; o < a.length; o++) {
+                var m = a.charCodeAt(o),
+                    r = a.charAt(o),
+                    i = t.charCodeAt(o % n);
+                m = rir(m, 47, 57, i), m != a.charCodeAt(o) && (r = String.fromCharCode(m)), e.push(r)
+            }
+            if (e.length > 0) return e.join("")
+        }
+    } catch (a) {}
+    return a
+}
+
+app.post('/api/sensor', async (req, res) => {
+    let row = false;
+    let old = false;
+    if (req.body.old) {
+      row = whitelist.includes(req.body.auth);
+      old = true;
+    } else row = databaseOperations.checkApiToken(req.body.auth);
+    if(!row) return res.json({msg: 'incorrect auth'});
+    if(!req.body.cookie) return res.json({msg: 'no cookie string'});
+    if(!req.body.url) return res.json({msg: 'no url string'});
+    if(!old && !databaseOperations.hasActiveSub(row.id)) return res.json({msg: 'sub expired'});
+    if(!old && databaseOperations.isLimitedAccount(row.id) && !databaseOperations.isInLimitedList(row.id, req.body.url)) return res.json({msg: 'invalid url'})
+
+    var useHost = true;
+    if (req.body.host) {
+        useHost = (req.body.host.toLowerCase() === 'true');
+    }
+
+    if (!req.body.url.startsWith('http')) return res.json({msg: 'invalid url'})
+
+   /* fs.readFile("akamai.js", 'utf8', function (err,data) {
+        if (err) {
+            res.status(500).end("Error getting script...");
+            return console.log(err);
+        }
+
+        var url = new URL(req.body.url)
+        var script = data.replace(/document.URL/g, '"' + req.body.url + '"').replace(/document.location.protocol/g, '"' + url.protocol.replace('//', '') + '"').replace(/document.location.hostname/g, '"' + url.hostname + '"').replace(/window.navigator.userAgent/g, '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"');
+        const dom = new JSDOM(`<script>document.cookie="_abck=${req.body.cookie}";${script};bmak.bpd();document.title = bmak.sensor_data</script>`, {runScripts: "dangerously" })
+        
+        let sensordata = dom.window.document.title;
+        dom.window.close();
+        //console.log(sensor_data);
+        */
+       /* if(!scriptCache.find((z) => z.url === req.body.url)) sensor.grabScriptUrl(req.body.url, `_abck=${req.body.cookie}`, (grabbedScript) => {
+            scriptCache.push({
+                url: req.body.url,
+                location: grabbedScript
+            });
+            getCookie(grabbedScript, req.body.url, req.body.cookie, sensor_data, (cookie) => 
+            {
+                cookie.forEach((x) => {
+                    res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
+                })
+                res.end("sup bro");
+            });
+        }); else {
+            getCookie(scriptCache.find((z) => z.url === req.body.url).location, req.body.url, req.body.cookie, sensor_data, (cookie) => {
+                cookie.forEach((x) => {
+                    res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
+                })
+                res.end("sup bro");
+            });
+        }*/
+      //  res.json({sensor_data: sensordata})
+   // });
+ //   JSDOM.fromFile('akamai.html', {runScripts: "dangerously", resources: "usable"}).then((dom) => {
+      
+   // });
+  /*  var api_public_key = "afSbep8yjnZUjq3aL010jO15Sawj2VZfdYK8uY90uxq"
+    var cs = "0a46G5m17Vrp4o4c"
+    var ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
+    var ver = "1.4.5"
+    var aaaa = get_cf_date();
+
+    var C = od(cs, api_public_key).slice(0, 16)
+    var S = Math.floor(get_cf_date() / 36e5);
+    var E = C + od(S, C)
+    var start_ts = get_cf_date()
+    var _abck = req.body.cookie;
+    var xagg = "12147" // this is from my chrome installation on my pc
+    var z1 = pi(start_ts / (2016 * 2016)) // 2016 is bmak.y1
+    var d3 = get_cf_date() % 1e7 // x2() just returns get_cf_date()
+    var url = req.body.url.replace(/\\|"/g, "")
+    var sensor_data = `${E}${ver}-1,2,-94,-100,${ua},uaend,${xagg},20030107,en-US,Gecko,0,0,0,0,${z1},${d3},2048,1112,2048,1152,2048,1010,2050,,cpen:0,i1:0,dm:0,cwen:0,non:1,opc:0,fc:0,sc:0,wrc:1,isc:0,vib:1,bat:1,x11:0,x12:1,8330,${Math.random()},${start_ts / 2},loc:-1,2,-94,-101,do_en,dm_en,t_en-1,2,-94,-105,-1,2,-94,-102,-1,2,-94,-108,-1,2,-94,-110,-1,2,-94,-117,-1,2,-94,-111,-1,2,-94,-109,-1,2,-94,-114,-1,2,-94,-103,-1,2,-94,-112,${url},-1,2,-94,-115,1,1,0,0,0,0,0,6,0,${start_ts},${Math.floor(Math.random() * (42 - 35 + 1) + 35) + 1},16896,0,0,2816,0,0,${get_cf_date() - start_ts},49,0,${_abck},${ab(_abck)},${Math.floor(1e3 * Math.random()).toString()},-5098406,30261693-1,2,-94,-106,9,1-1,2,-94,-119,-1-1,2,-94,-122,0,0,0,0,1,0,0-1,2,-94,-123,-1,2,-94,-124,-1,2,-94,-125,`
+    sensor_data = `${sensor_data}-1,2,-94,-70,-739578230;dis;,7,8;true;true;true;300;true;24;24;true;false;1-1,2,-94,-80,4911-1,2,-94,-116,${getO9()}-1,2,-94,-118,${ab(sensor_data)}-1,2,-94,-121,;${get_cf_date() - aaaa};${Math.floor(Math.random() * (2 - 10 + 1) + 10) + 1};0`
+    res.json({sensor_data: sensor_data});*/
+    var uriObject = new URL(req.body.url);
+    var realURL = useHost ? uriObject.protocol + '//' + uriObject.hostname : req.body.url;
+    if(!scriptCache.find((z) => z.url === realURL)) sensor.grab(realURL, `_abck=${req.body.cookie}`, useHost, (e) => {
+        if(e.err) return res.json(e);
+        var owo = scriptCache.push({
+            url: realURL,
+            scripturl: e.url,
+            script: e.d
+        });
+        
+        /*virtualization.getSensorData(e.d, {target: req.body.url, cookievalue: req.body.cookie},(h) => {
+            res.json({sensor_data: h});
+        });*/
+        let timedOut = false;
+        getSensorData(e.d, req.body.cookie, (h) => {
+            if(!timedOut) res.json({sensor_data: h}), timedOut = true;
+           /* getCookie(e.url, uriObject.hostname, uriObject.origin, `_abck=${req.body.cookie}`, h, (eee) => {
+             //   res.json({cookie: eee});
+             eee.forEach((x) => {
+                res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
+            })
+            res.end("sup bro");
+                timedOut = true;
+            });*/
+        });
+        setTimeout(() => {if(!timedOut)res.json({err: 'Request timed out'}), timedOut = true;}, 10*1000);
+    }); else {
+        let timedOut = false;
+        var sex = scriptCache.find((z) => z.url === realURL);
+        getSensorData(sex.script, req.body.cookie, (h) => {
+            if(!timedOut)res.json({sensor_data: h}), timedOut = true
+         /*   if(!sex.scripturl) sensor.grabScriptUrl(realURL, `_abck=${req.body.cookie}`, (de) => {
+                sex.scripturl = de;
+                getCookie(de, req.body.url, `_abck=${req.body.cookie}`, h, (eee) => {
+                    timedOut = true;
+                    return res.status(200), res.send(eee);
+                });  
+            }); else */
+             /*getCookie(sex.scripturl, uriObject.hostname, uriObject.origin, `_abck=${req.body.cookie}`, h, (eee) => {
+                timedOut = true;
+                //return res.status(200), res.send(eee);
+                eee.forEach((x) => {
+                    res.cookie(x.split('=')[0], x.split('=')[1].split(';')[0])
+                })
+                res.end("sup bro");
+            });*/
+        });
+        setTimeout(() => {if(!timedOut)res.json({err: 'Request timed out'}), timedOut = true;}, 10*1000);
+    }
+});
+
+function getCookie(urls, gay, gay2, cocaine, sensor_data, cb) {
+    request.post(urls, {
+        headers: {
+            'Accept': '*/*',
+            'Host': gay,
+            'Referer': gay,
+            'Origin': gay2,
+            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36',
+            'Cookie': `_abck=${cocaine};`,
+            'Content-Type': 'text/plain'
+        },
+        body: {
+            sensor_data: sensor_data
+        },
+        jar: request.jar(),
+        json: true
+    }, (err, res) => {
+        if(err) return cb('err' + err);
+        if(!res.headers['set-cookie']) return cb('nigga wtf no cookie header?!');
+        if(res.body.success)return cb(res.headers['set-cookie']); else return cb('nope')
+    });
+}
+
+app.listen(80, () => console.log('http memes'))
+
+const wss = new WebSocket.Server({ port: 42154 });
+
+wss.on('connection', function connection(ws) {
+    ws.on('message', function incoming(message) {
+        const payload = JSON.parse(message);
+        switch(payload.t)
+        {
+            case 'GOT_SENSOR':
+                var target = respqeueue.find((e) => e.id === payload.d.id);
+                if(!target) return;
+                solveSpeedCache.push(Date.now() - target.timestamp);
+                target.callback(payload.d.sensor_data);
+            break;
+        }
+    });
+    setInterval(() => {
+        ws.send(JSON.stringify({t: 'PING'}))
+    }, 30 * 1000);
+});
+
+var solveSpeedCache = [];
+var respqeueue = [];
+
+function getServers() {
+    var possible = [];
+    wss.clients.forEach((e) => {
+        if(e.readyState === e.OPEN) possible.push(e);
+    });
+    return possible;
+}
+
+function calculateAvg()
+{
+    let tmp = 0;
+    solveSpeedCache.forEach((e) => tmp += e);
+    return Math.floor(tmp / solveSpeedCache.length);
+}
+
+function getSensorData(script, cookie, cb)
+{
+    let sensorSession = randomSession();
+    if(!sensorSession) return cb('error while grabbing sensor data, No servers found!');
+    var identifier = uuid();
+    respqeueue.push({
+        id: identifier,
+        callback: cb,
+        timestamp: Date.now()
+    });
+    sensorSession.send(JSON.stringify({
+        t: 'GET_SENSOR',
+        d: {
+            eval: script,
+            cookie: cookie,
+            id: identifier
+        }
+    }));
+}
+
+function randomSession()
+{
+    let tmp = getServers();
+    return tmp[Math.floor(Math.random() * tmp.length)];
+}
+
+const databaseOperations = {
+    hasActiveSub: (id) => {
+        let expire = databaseOperations.getMetadataValue(id, 'expire');
+        if(expire < 0) return false;
+        return expire - Date.now() > 0 ? true : false;
+    },
+    isInLimitedList: (id, target) => {
+        let modules = databaseOperations.getMetadataValue(id, 'modules');
+        if(modules.includes(target.toLowerCase())) return true;
+        return false;
+    },
+    isLimitedAccount: (id) => {
+        let modules = databaseOperations.getMetadataValue(id, 'modules');
+        if(!modules || modules.length === 0) return false;
+        return true;
+    },
+    register: (username, password) => {
+        if(databaseOperations.isUsernameTaken(username)) return false;
+        let token = crypto.createHash('md5').update(`this timestamp is a nigger =>${Date.now()}GODpls buy me a shiba${Math.random() * 2312831}`).digest('hex');
+        let hash = bcrypt.hashSync(password, 10);
+        db.prepare('INSERT INTO users (username, password, token) VALUES (?, ?, ?)').run(username, hash, token);
+        return token;
+    },
+    isUsernameTaken: (username) => {
+        let row = db.prepare('SELECT * FROM users WHERE username=?').get(username);
+        return row ? true : false;
+    },
+    checkToken: (token) => {
+        return db.prepare('SELECT * FROM users WHERE token=?').get(token);
+    },
+    checkApiToken: (token) => {
+        return db.prepare('SELECT * FROM users WHERE apiKey=?').get(token);
+    },
+    getFromId: (id) => {
+        return db.prepare('SELECT * FROM users WHERE id=?').get(id);
+    },
+    checkCredentials: (username, password) => {
+        let row = db.prepare('SELECT * FROM users WHERE username=?').get(username);
+        if(!row) return false;
+        let match = bcrypt.compare(password, row.password);
+        if(!match) return false;
+        return row;
+    },
+    setToken: (id) => {
+        let token = crypto.createHash('md5').update(`this timestamp is a nigger =>${Date.now()}GODpls buy me a shiba${id}`).digest('hex');
+        db.prepare('UPDATE users SET token=? WHERE id=?').run(token, id);
+        return token;
+    },
+    setApiToken: (id) => {
+        let token = crypto.createHash('md5').update(`this also this is a api key btw GOD sex timestamp is a nigger =>${Date.now()}GODpls buy me a shiba${id}`).digest('hex');
+        db.prepare('UPDATE users SET apiKey=? WHERE id=?').run(token, id);
+        return token;
+    },
+    getMetadataValue: (id, key) => {
+        let row = db.prepare('SELECT * FROM users WHERE id=?').get(id);
+        return JSON.parse(row.metadata)[key];
+    },
+    updateOrSetMetadataValue: (id, key, value) => {
+        let row = db.prepare('SELECT * FROM users WHERE id=?').get(id);
+        let deserialized = row ? JSON.parse(row.metadata) : {};
+        deserialized[key] = value;
+        db.prepare('UPDATE users SET metadata=? WHERE id=?').run(JSON.stringify(deserialized), id);
+    },
+    destroyMetadataKey: (id, key) => {
+        let row = db.prepare("SELECT * FROM users WHERE id=?").get(id);
+        let deserialized = JSON.parse(row.metadata);
+        delete deserialized[key];
+        db.prepare("UPDATE users SET metaData=? WHERE id=?").run(JSON.stringify(deserialized), id);
+    }
+};
+
+setInterval(() => {
+    require('fs').writeFileSync('./cache.json', JSON.stringify(scriptCache));
+}, 10 * 1000);
diff --git a/virtualization.js b/virtualization.js
new file mode 100644
index 0000000..8dc3253
--- /dev/null
+++ b/virtualization.js
@@ -0,0 +1,23 @@
+/*
+ * Akamai Byepass by Moony
+ * Version 1.0.0
+ * This file uses puppeteer to perform UA testing.
+*/
+
+const puppeteer = require('puppeteer');
+
+module.exports = {
+    getSensorData: async (exec, opts, cb) => {
+        const browser = await puppeteer.launch({headless: true, args: ["--no-sandbox", "--disable-setuid-sandbox",
+        '--proxy-server="direct://"', '--proxy-bypass-list=*']});
+        const page = await browser.newPage();
+        await page.setUserAgent('Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36');
+        await page.goto("https://varvy.com/pagespeed/wicked-fast.html");
+        await page.setCookie({name: '_abck', value: opts.cookievalue})
+        //await page.goto(opts.target);
+        //await page.goto("https://varvy.com/pagespeed/wicked-fast.html");
+        await page.evaluate(exec);
+        await page.evaluate(`bmak.bpd()`);
+        return cb(await page.evaluate(`bmak.sensor_data`))
+    }
+};