Internship on

“KEYLOGGER FOR SYSTEM MONITORING USING

PYTHON”

Submitted by

HRITIK RAJ (1RV19EI023)

PRASHANT VERMA(1RV19EI034)

Centre of Competence in Visual Computing

 CONTENTS

PAGE NO’s
LIST OF TABLES

1. INTRODUCTION 4

1.1. LITERATURE SURVEY 4

1.2. PROBLEM STATEMENT 5

1.3. OBJECTIVES 5

2. METHODOLOGY… 6

2.1. COMPONENTS 6

2.2. BLOCK DIAGRAM 7

2.3. PROCESSING MECHANISM 8

3. CODE & RESULTS 11

4. CONCLUSION 13

4.1. FUTURE SCOPE 13

4.2. REFERENCES 14
 ABSTRACT

The proposed point Keylogger which is likewise called a keystroke logger is a product that tracks or
logs the key stroke on your console, regularly in a mysterious way that you have no clue about that
your activities are being observed. Most people tend to see only the bad side of this particular
software but it also has legitimate use.

Aside from being utilized for vindictive purpose like gathering account data, Visa numbers, client
names, passwords, and other private information, it can be used in office to check on your
employees, at home to monitor your children’s activities and by law enforcement to examine and
follow occurrences connected to the utilization of PCs.

The project will be completely based on Python where we will make use of a pynput module which
is not a standard python module and needs to be installed. The software that I am going to build
should monitor the keyboard movement and store the output in a file. To elevate the project I will
also add a feature where the logs will be directly sent to the e- mail.
2. INTRODUCTION
Key logging program also known as keyloggers is a kind of malware that has capability to
maliciously track input of the user from the keyboard in order to retrieve private information.
Keyloggers thus cause a major threat to business and personal activities of kind like transactions,
online banking, email and chat. The keyboard is the prime target as it allows keyloggers to retrieve
user input to the system as it is the most common way users interact with a computer. There are two
types of keyloggers that exist in the market, a software keylogger and a hardware keylogger among
which software keyloggers are widely used and are easy to plant and cause substantial damage.

Keyloggers essentially perform two tasks that are guiding into client input stream to get keystrokes
and moving the information to a distant area (for example- mail). The fundamental goal of
keyloggers is to meddle in the chain of occasions that happen when a key is squeezed and when the
information is shown on the screen because of a keystroke. Keylogger can be used for legitimate as
well as illegitimate purposes, it basically depends on the user who is using it. System administrators
can use keyloggers for systems, i.e. for detecting suspicious users. Keyloggers can effectively assist
a computer forensics analyst in the examination of digital media. Keyloggers are especially
effective in monitoring ongoing crimes. Keystroke loggers can be used to capture and compile a
record of all typed keys.

Keyloggers can at times be utilized as a spying instrument to bargain business and state-possessed
organization's information. Attackers can utilize keylogger to gain admittance to the clients' private
and delicate data, they can exploit the separated information to perform online cash exchange the
client's record or different vindictive stuff.
 3. LITERATURE REVIEW
To recognize keyloggers all the more conceivably, it is significant for an individual to get a handle on top
to bottom information about what keyloggers really are, how they are implemented, and understand
different approaches to it.

To respond to this kind of queries we will discuss different kinds of algorithms proposed so far to
overcome the problem and also the drawbacks of those proposed systems. Key logging is a security trading
off procedure which should be possible from multiple points of view.

When an attacker gains physical access to your computer devices they can wiretap the physical hardware
like a keyboard to collect the valuable data of the user. This strategy is totally reliant on some actual
properties, either the sound transmission created when a client is composing or the electromagnetic spread
of a remote console
.
External keyloggers or hardware keyloggers are small electronic devices which are placed in between
keyboard and motherboard, this procedure requires the attackers to have physical access to the system
which they are intended to compromise. Keyloggers are executed on the focused machine to record client's
keystrokes logging movement, lastly giving over that private information to an outsider (Thorsten Holz,
2009).
 3.1 MOTIVATION
Keystroke logging has become an established method used by hackers for fetching passwords and other
confidential data. Not only for hackers, but also for others such as: system administrators for systems,
detecting suspicious users. In research for different areas such as for research by parents for monitoring
children for detecting special behaviors and criminals to name a few areas.

Keystroke logging can also be a very useful method to detect attacks and their attack mechanisms, when
setting up keylogger in honeypots. An important part of this research will be to actually find out how
keylogging works under different technologies and set up a honeypot to log the keystrokes, entered as
commands or executable scripts entered by the attackers. With the purpose to viewing exactly what the
hackers are doing.

This will monitor which method that is going to be used. This may also cause successfully interaction with
the hacker. To detect keystrokes might prepare against such attacks in the future. There are several attack
methods all over the world, with the purpose to harm people, groups or unknown targets. One type of
attack that is interested to detect, is especially when the hacker trying to compromise the hacked computer
to be a part of the bot-net.

3.2 PROBLEM STATEMENT

“Keyloggers are a genuine danger to clients and the clients' information, which is considered exploitative
movement. The problem statement is that the keyloggers can be detected using antiviruses. Installation of
hardware keyloggers is difficult without the knowledge of the owner of the system.”

3.3 OBJECTIVES:-
There exists surveys of keylogging on bare-metal technology for Linux and Windows based systems
today, but not surveys of keylogging for virtual technologies.

1. To detect attacks and their attack mechanisms, when setting up keyloggers in honeypots.

2. Purpose to view exactly what the hackers are doing. This will monitor which method that is going to
be used.
3.Analyze to what extent keyloggers can be detected.

4. To detect keystrokes might prepare against such attacks in the future.

5. Can be installed remotely and does not need any physical access of the target system to capture all the
 keystrokes of the user while he is logged into the system and to save the logs in a file.

3.4 METHODOLOGY:-
COMPONENTS

Software Requirements:
1. Windows XP/Vista/7/8/10 or macOS

2. Python IDE
 3.5 BLOCK DIAGRAM

OBSERVING USER DATA

The capacity that is expected to catch the keystrokes and mouse occasions will get initiated. The capacity
will get what clients are composing in the console and furthermore catch the mouse click. It will take the
screen capture of the current window title. Consequently, without knowing the client of the framework all
their information will be checked by the proprietor of the product.

SENDING SECRET INFORMATION

The program provides two methods, first one is to save the log information in the specific compiler
output window or to save the log files directly to the text file of the folder created.
 Usage of keyloggers
Both hardware keyloggers and software keyloggers have their advantages and disadvantages. It is
depending on what purpose one will use the keylogger. Keyloggers are used in many different areas.
There is a lot of legitimate software which is designed to allow system administrators to track what
employees do throughout the day, or to allow users to track the activity of third parties on their computers.
Keyloggers are also used in information technology organizations to troubleshoot technical problems with
computers and business networks. Keyloggers can also be used by a family or business to monitor the
network usage of people without their direct knowledge. Malicious individuals, also called hackers may
use keyloggers on public computers to steal passwords or confidential informative entered to the
computer via the keyboard. Hackers are using keyloggers for cyber espionage, identity theft, fraud and
several more methods.

Visibility for keyloggers

A hardware keylogger is easy to spot if a user checks what is connected between the keyboard to the
hardware on a computer, but software keyloggers are more difficult to detect, because they are software
inside a computer. A good feature for a keylogger is that the keylogger is invisible and hard to detect on
the current system. Especially if the purpose is to hide the keylogger for the users.

Features for keyloggers

Keyloggers have different performances to log the interactivity. In the Linux server environment only
the keystrokes are logged. In Windows environments a lot more than keystrokes are logged.
Here is a list of features for keyloggers:
● Keystrokes Logging Record all the keystrokes.
● Clipboard Record Record any words or texts which are copied and pasted on the clipboard or other
file editing programs. The purpose of this is to be able to view the record in detail about which user
at what time have selected and copied what exact text information.
● Application Tracking All attempts to run any program can be logged. The purpose is to easily
understand what time which user is running what applications on the computer.
● Websites Visited All the web activity like site titles, clicking links, visiting web-pages URLs could
be monitored and recorded by Keylogger. The logs are accurate to the exact time hence you are able
to know what the user was involved in the specific computer activities.

● Screen Capture Screen shot allows you to understand what’s going on with the computer without
logging keystrokes. For the screen shot, you can customize the capture interval and capture quality
one the screenshot taken.

● Web-camera recording Periodically makes web-camera pictures and stores them to log.

● Email log delivery Keylogger can send you recorded logs through e-mail delivery at set times.
4. CODE AND RESULTS:-
OUTPUT:-
5. CONCLUSION
The program can play out the proposed work like a fundamental keylogger does to record all illegal
activities done from the client of the framework by getting their keystrokes without the information on
the client. So the client of the framework is ignorant of things occurring in the foundation.
The program is able to monitor data and store the data in a specific text file. Thus, I accept that my
methodology extensively increases current standards for observing the information and gathering it for
either lawful or unlawful reasons.

6. FUTURE SCOPE
During the working with keyloggers and honeypots, several problems occur that could be interesting for
future work. There will always be unsolved problem around the topic keyloggers and honeypots. In this
research two operating systems where used, Linux Ubuntu 12.04 and Microsoft Windows 7.
1. Check keyloggers in other operating systems and other distributions of Windows and Linux.
Examples of other popular modern operating systems include: Mac, Android, BSD, iOS, OS X,
Windows Phone and z/OS.
2. Testing Windows keyloggers that are commercial, and do not offer free trial versions for
downloading.
3. To create and install a keylogger on the host machine that are running a hypervisor type2, for
logging the client virtual machines that are build on top of the current hypervisor.
4. To create and install a keylogger inside a virtual machine(VM), and make that keylogger to log
keystrokes and capturing data from other virtual machines running on the same hypervisor.
5. To create a keylogger that works on both bare-metal and in every virtual environment.

6. To create a kernel keylogger that log every keystrokes into a host. Such as remote SSH-
connection, and other incoming remote connection as well as keystrokes entered by the machine itself.
7. REFERENCES
[1] Martin Vuagnoux, S. P. (2009). Compromising electromagnetic emanations of wired and
wireless keyboards. USENIX security symposium, 1–16.
[2] S. P. Goring, J. R. (2007). Anti-keylogging measures for secure internet login: an example of
the law of unintended consequences. Computers & Security, 1-9.
[3] Strahija, N. (2003, February 8). Student charged after college computers hacked. Retrieved
from Xtrix security: http://www.xatrix.org/article2641.html
[4] Thorsten Holz, M. E. (2009). Learning More about the Underground Economy: A Case-Study
of Keyloggers and Dropzones. Thorsten Holz, Markus Engelberth, Felix C. Freiling, 1-18.
[5] S. Sagiroglu and G. Canbek, “Keyloggers,” IEEE Technology and Society Magazine, vol. 28, no. 3,
pp. 10 –17, fall 2009.
[6] A. Emigh, “The crimeware landscape: Malware, phishing, identity theft and beyond,” A Joint
Report of the US Department of Homeland Security — SRI International Identity Theft Technology
Council, the Anti-Phishing Working Group, October 2006.