https://github.com/lamcw/keylog
Stealthy Linux keylogger
https://github.com/lamcw/keylog
keylogger loadable-kernel-modules rootkit
Last synced: 2 months ago
JSON representation
Stealthy Linux keylogger
- Host: GitHub
- URL: https://github.com/lamcw/keylog
- Owner: lamcw
- License: gpl-3.0
- Created: 2019-07-16T07:05:52.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2019-07-30T01:28:13.000Z (almost 7 years ago)
- Last Synced: 2025-10-06T18:05:04.697Z (8 months ago)
- Topics: keylogger, loadable-kernel-modules, rootkit
- Language: C
- Homepage:
- Size: 20.5 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Keylog
A stealthy Linux kernel-based keylogger that hides itself from `lsmod` and
`/proc/modules`.
## Usage
This rootkit is in the form of a loadable kernel module. It receives keyboard
events from the kernel and outputs to a character device. Install using
`insmod`:
```console
$ insmod keylog
$ dmesg | tail -n1
[ 498.484687] keylog: Registered device major number 249
$ mknod chrdev0 c 249 0 # create a character device, 249 is the major no.
$ cat chrdev0
dmesg | tail -n1
mknod chrdev0 c 249 0
cat chrdev0
```
## Build
Make sure you have `linux-headers` installed.
```console
$ make
```
To hide the module from kernel, compile with `-DHIDE_MODULE`. You can also
change the buffer size `BUFLEN` that is used to store key events. By default it
is 1024 bytes.
```console
$ KCPPFLAGS="-DHIDE_MODULE -DBUFLEN=2048" make
```
## Development
A Vagrant box with essential tools/packages is provided. Simply run the
following commands to build the box:
```console
$ vagrant up
$ vagrant ssh
vagrant@stretch:~$ cd /vagrant
```