Twitch Chat Bot that allows viewers to run arbitrary code on broadcasters machine
Commands | TwitchIO Commands Docs
Show/Hide Basic Commands
| Command | Outcome | Condition |
|---|---|---|
!hello |
Says hello to author | - |
!lurk |
let the streamer know you're lurking | - |
!death_counter <+/-/+n/reset> OR !death <+/-/+n/reset> OR !ded <+/-/+n/reset> OR !dc <+/-/reset> |
Increment / decrease death count for each +/- (or reset) | - |
!raids <@username> |
displays how many raids you've received from the user | - |
!shoutout <@username> OR !so <@username> |
Sends a shoutout announcement message | - |
!redemptions |
Creates custom channel point rewards (The same outcome as stream_start event just incase the bot wasn't active when the stream_start event occurred.) | - |
!infosec_streams OR !streams OR !streams |
Creates custom channel point rewards (The same outcome as stream_start event just incase the bot wasn't active when the stream_start event occurred.) | - |
!add_channel_subs |
Adds current channel subscribers to sub database table | - |
!kill_everyone **NOT IMPLEMENTED** |
Invoke the bots inner skynet | John Connor is dead |
!virustotal <hash> OR !virustotal <url> |
Lookup a hash or url report on virustotal | 500 requests per day, and a rate of 4 requests per minute |
Show/Hide RCE Cog Commands
| Command | Outcome | Condition |
|---|---|---|
!exec <command> OR !cmd <command> |
Runs any bash command (if it's in the allow list) | Streaming in Science & Technology OR Software and Game Development category. |
killmyshell [REDEMPTION] |
Closes the last opened qterminal | A qterminal window is already open |
Show/Hide VIP Cog Commands
| Command | Outcome | Condition |
|---|---|---|
add_channel_vip [REDEMPTION] |
Adds the redeemer as a VIP, and auto-fulfill the redemption | Broadcaster has spare VIP slots AND Redeemer does not have a Moderator or a VIP role. |
Show/Hide User Specific Cog Commands
| Command | Outcome | Condition |
|---|---|---|
stairs1 OR stairsthetrashman1 OR ohlook |
Triggers a user specific sound command | Author in stairsthetrashman, msec |
stairs2 OR stairsthetrashman2 OR because |
Triggers a user specific sound command | Author in stairsthetrashman, msec |
stairs3 OR stairsthetrashman3 OR sonofagun |
Triggers a user specific sound command | Author in stairsthetrashman, msec |
lottie OR lottiekins |
Triggers a user specific sound command | Author in lottiekins, msec |
Show/Hide Sound Cog Commands
| Command | Outcome | Condition |
|---|---|---|
youtube <url> |
Fetches a video from youtube and plays the audio | - |
later |
Plays "A few moments later" spongebob narrator sound clip | - |
ahfuck |
Plays "I can't believe you've done this" sound clip | - |
wow |
Plays "anime wow" meme sound clip | - |
bruh |
Plays "bruh" meme sound clip | - |
dialup |
Plays "dial up modem" sound clip | - |
emodmg |
Plays "emotional damage" meme sound clip | - |
buzzer |
Plays "family fortune fail buzzer" meme sound clip | - |
fbi |
PLays "fbi open up" meme sound clip | - |
friend |
Plays "friend" inbetweeners sound clip | - |
fthis |
Plays "fuck this shit i'm out" meme sound clip | - |
gg |
Plays "gg" team fortress meme sound clip | - |
goforit |
Plays "go for it" diddy kong racing sound clip | - |
hackerman |
Plays "hackerman" meme sound clip | - |
hellomf |
Plays "hello mother f*cker" meme sound clip | - |
hexy |
Plays "hexy" meme sound clip | - |
ignore |
Plays "ignore" meme sound clip | - |
wierd |
Plays "god the internets weird" meme sound clip | - |
sellwife |
Plays "i sell my wife for internet" meme sound clip | - |
heknew |
Plays "at this moment he knew" meme sound clip | - |
kerb |
Plays "kerb" meme sound clip | - |
gothim |
Plays "we got him" meme sound clip | - |
leeroy |
Plays "leeroooyyyyy jenkins" meme sound clip | - |
lies |
Plays "lies on the internet" meme sound clip | - |
mgsalert |
Plays "metal gear solid alert" meme sound clip | - |
hellothere |
Plays "hello there" obi wan kenobi meme sound clip | - |
order66 |
Plays "execute order 66" general palpatine meme sound clip | - |
over9000 |
Plays "its over 9000" dragonball meme sound clip | - |
hackercrap |
Plays "hate this hacker crap" jurrasic park meme sound clip | - |
sadviolin |
Plays "sad violin" meme sound clip | - |
satan |
Plays "satan, lucifer" meme sound clip | - |
stepbro |
Plays "what are you doing stepbro" meme sound clip | - |
surprise |
Plays "surprise mother f*cker" meme sound clip | - |
tsdisconnect |
Plays "teamspeak disconnect" meme sound clip | - |
trollolol |
Plays "trollolol" meme sound clip | - |
usbconnect |
Plays "windows 10 usb connection" meme sound clip | - |
usbdisconnect |
Plays "windows 10 usb disconnect" meme sound clip | - |
victory |
Plays "ff7 victory fanfare" meme sound clip | - |
shutdown |
Plays "windows shutdown" meme sound clip | - |
wtfinternet |
Plays "what is the internet" meme sound clip | - |
Redemptions | Managing Channel Point Rewards
Show/Hide Channel Point Reward Events
| Reward | Cost | Outcome | Condition |
|---|---|---|---|
Kill My Shell |
6666 | Immediately closes the last qterminal window that was opened without warning! Confirms success in a chat announcement. | Streaming in Science & Technology OR Software and Game Development category. |
VIP |
80085 | If you have spare VIP slots it will automatically grant the redeemer the VIP role. VIPs have the ability to equip a special chat badge and bypass the chat limit in slow mode! Confirms success in a chat announcement. | Broadcaster has spare VIP slots AND Redeemer does not have a Moderator or a VIP role. |
Publish Subscriptions | TwitchIO PubSub Docs
Show/Hide PubSub Topics
| Topic | Response |
|---|---|
| pubsub.channel_points(user_token)[user_channel_id] | This topic listens for channel point redemptions on the given channel. This topic dispatches the pubsub_channel_points client event. |
Event Subscriptions | TwitchIO EventSub Docs
Show/Hide Event Subscription Webhooks
| Event Type | Response |
|---|---|
| follow | Chat message |
| cheer | Shoutout & Chat message |
| subscription | Shoutout & Chat message |
| raid | Shoutout & Chat message |
| hypetrain_begin | **NOT IMPLEMENTED** |
| hypetrain_end | **NOT IMPLEMENTED** |
| stream_start | Creates custom channel point rewards & Chat message |
| stream_end | Removes custom channel point rewards & Chat message |
| channel_shoutout_create | **NOT IMPLEMENTED** |
| channel_shoutout_receive | **NOT IMPLEMENTED** |
| channel_charity_donate | Sends chat announcement with the donation amount and link to charity |
Show/Hide Environment Variables
- Create an
.envfile with your TWITCH API tokens and your channel name to use this script:
| env key | type | env value |
|---|---|---|
| CLIENT_ID= | string | From Twitch Developer Application |
| CLIENT_SECRET= | string | From Twitch Developer Application |
| VIRUS_TOTAL_API_KEY= | string | From VirusTotal Community |
| DATABASE_FILENAME | string | /home/username/TwitchRCE/db/twitchrce.sqlite |
| AUTH_URI_PORT= | int | 3000 |
| EVENTSUB_URI_PORT= | int | 8080 |
| BOT_USERNAME= | string | msec_bot |
| BOT_JOIN_CHANNEL= | string | msec |
| MAX_VIP_SLOTS= | int | 20 |
The RCECog attempts to limit commands to a allow list so update the settings.py file to include a comma separated list of linux binaries that you will allow to run:
CMD_ALLOW_LIST = ['aux', 'cat', 'echo', 'grep', 'id', 'ifconfig', 'ls', 'netstat', 'nslookup', 'ping', 'pwd', 'which', 'who', 'whoami']
Expect some kind of malicious code to make it through if you leave the RCECog enabled! :)
Ngrok Config | Ngrok Tunnel Definition Docs
Show/Hide Ngrok Config
- Add a
authandeventsubtunnel configuration(s) to yourngrok.ymlfile
tunnels:
auth:
addr: 3000
proto: http
eventsub:
addr: 8080
proto: http
Please help me expand the bots functionality by forking the repo and submitting a PR!