Cybersecurity is, to put it bluntly, an enormous and expanding field. The invention (and subsequent growth) of the internet has allowed for communication and the sharing of knowledge on a scale and speed that would have been unfathomable even forty years ago (imagine traveling back in time to 1985 and trying to explain what TikTok and Shopify are to a random person on the street). While this growth has obviously been beneficial to the world at large, exponential growth does not occur without strings attached. Malicious actors (black hat hackers) also have access to the internet, and can use it as an attack vector to steal private/sensitive information. One tool that black hat hackers use are keyloggers.
A keylogger is pretty much exactly what it sounds like-it is a tool to log someones keystrokes that they type into their computer. This is pretty valuable information for someone to have-if someone can record what I type into my laptop keyboard, they would be able to figure out a TON of potentially compromising information about me-like, for example, my username and password for my online banking account. Creating a keylogger is fairly simple, and I have made a local keylogger using Python and its various libraries. I have documented the process below, including pictures and my step-by-step process.
- GOALS OF THE KEYLOGGER
Before writing out the code, I want to figure out exactly what I want my program to do, in the smallest terms possible. I came up with the following flow:
- Keystrokes are typed on a keyboard
- The keylogger recognizes the keystrokes being typed
- The keylogger records the keystrokes being typed
- The record of the keystrokes is saved in a place where it is both A) accessible and B) readable for human eyes.
Every line of code that I write, and every library that I import, is going to be focused on achieving one of the last three points. If I can’t explain why/how the line does that, it gets dropped.
Step 1: Import Libraries
Goals 1 and 2 are both focused on input (the actual keystrokes). Pynput is a Python library that allows for easy monitoring of tools such as the keyboard and the mouse. This is exactly what I am looking for. Within that library are the Listener and Key functions. Listener gives specific “listening” function, and Key is going to be used as the input for the recording function.
Step 2: Record Input
At this point, I can “hear” what is being typed, but I have no way to “write” it down. Luckily, this is easily fixed with a simple function:
My function ‘record_keystroke’ is going to take one input; the keystrokes. Once the keystroke is typed, the function is going to convert it to a string variable, for simplicity sake. This covers non-character inputs, such as numbers or symbols, but what about some of the other “special” keys, like the enter key or the shift key? ‘S’ and ‘s’ are different, and we need a way to recognize that.
Now we have some coverage of special keystrokes. Pressing the enter key will give us a new line in our file, the space key will give an actual space, and the shift keys (there are two!) won’t print out some weird, hard to read (for humans) text. Time to bring it all home.
Step 3: Readable Text
Right now, I have the keylogger recording, but not writing. So the next (and final) addition to the logger is the following:
These two additions will allow for the following:
- Once the program runs, it will create a .txt file that I have named “storedtext”
- The keylogger will append the text file by adding the input (originally I used ‘w’ instead of ‘a’, which resulted in the last input overwriting all of the previous inputs, which is not what I was going for)
At this point, I am almost home. When I run the script, the following happens:
Bing bang boom. File created, text stored, read by my (and your) human eyes.