RESEARCH PAPER ON SOFTWARE KEYLOGGER

Rishabh Chauhan Mohit Lalit

Student, Bachelor of Technology, Assistant Professor, Department of
Department of Computer Science and Computer Science and Engineering
Engineering Panipat Institute of Engineering and
Panipat Institute of Engineering and Technology
Technology
Delhi, India

Abstract— Keyloggers are a type of rootkit malware that having a physical access to the system for which they are
records keystroke events on the keyboard and saves them to a developed to compromise. Keyloggers are used on the
log file, allowing it to intercept sensitive information such as targeted computer machine to log client keystrokes and
usernames, PINs, and passwords and transmit it to a malicious movement finally, disclosing private information to
attacker without drawing the attention of users. Keyloggers are
outsiders.
used for a variety of purposes, ranging from employee
monitoring to cyber-espionage and malware. Understanding Keyloggers are utilised for both legitimate and illicit
how they work is critical if you want to avoid sensitive data being purposes.
secretly captured in your organization. This article focuses on Keylogger
software-based keyloggers written primarily in the Python Purpose Description
programming language. In the project, I will make use of use
pynput module which isn't a general python module and must
be installed. The program that I am aiming to construct ought
to screen the keyboard movement and stores the output in a log
record. To raise the level of project I have added two feature
Parental Monitoring children’s
where the logs will be specifically sent through the email and the Monitoring internet browsing
logs will be encrypted.
habits and activities
Keywords—Keylogger, malware, pynput, rootkit,
cybersecurity, python, software (key words) and preventing them
1. INTRODUCTION from being involved in
Cyber attackers are constantly looking for ways to create any harmful activity.
and distribute malicious software programmes to
unsuspecting users in order to steal, damage, or exploit data
on end user systems. Spyware, keyloggers, rootkits, and
adware are examples of malware.Meanwhile, keyloggers are
becoming more varied, evasive, and sophisticated, and anti-
virus software and anti-keyloggers based on signature analysis
are finding it increasingly difficult to detect them. Keylogger Improving Productivity tracking
is a type of malware rootkit that intercepts keystrokes typed
on the keyboard by the user. The keylogger's first primary goal Employee of the employee by
is to secretly record confidential information of user input via
keystroke monitoring and then relay this valuable information Positive Productivity monitoring time spent
to others. The keyboard is the primary means of entering on non-productive sites
textual and numerical data into a computer.
As a result, an attacker can easily retrieve and access with his consent.
critical information by logging keystrokes. There is no
intelligence built into keyloggers in general, but logs provide
information about every single keyboard event and
application that users clicked or typed. Passwords, user IDs,
document contents, and other critical information are among
the data captured.
Performing
2. LITERATURE REVIEW
vulnerability
To recognise keyloggers more effectively, it is critical Ethical
for an individual to have a solid understanding of what assessment and
keyloggers are, how they are used, and how different Hacking
approaches to it are. To respond to these types of questions,
penetration testing to
we will discuss the various algorithms proposed thus far to exploit user’s system
solve the problem, as well as the drawbacks of those proposed
systems. and then patching it to
External keyloggers, also known as hardware keyloggers, are
mitigate future threats
small electronic devices that are placed between the keyboard
and the motherboard; this procedure necessitates the attackers

978-1-6654-6071-2/22/$31.00 ©2022 IEEE

 Finally mailed to the
attacker who has the key

Helps in digital The log file is encrypted

Forensic using AES 128
forensics for cyber
Investigation
crime investigation.

keystrokes noted in the log

Taking personal
information from
Log File created in the
system
users, such as
Gathering
passwords, debit/credit Keys pressed
Information
card information,
OTPs, and so on.
Negative

Visual surveillance, Figure 1 – Working of proposed system

tracking specific
Screen Record operations, and Requirements
Hardware Requirements:
sending snapshots on a  Pentium Class or higher Processor
 Minimum 64 MB RAM
routine basis.  20 MB Free Disk Space
Table 1 – Use case of Keylogger Software Requirements:
 Windows XP/Vista/7/8/10/11
 Python IDE or any Code Editor
3. PROPOSED SYSTEM
The solution to the foregoing existing problem is to 4. IMPLEMENTATION
create software keyloggers rather than hardware keyloggers. The developed system will devise the solution using
The proposed model offers a solution that alleviates the the Python language and built-in Python modules. The
difficulties associated with installing the keylogger in the following are some of the modules:
target system. Because software keyloggers can be installed Cryptography fernet module
remotely, they do not require physical access to the target Fernet is just a symmetric encryption/decryption
system. system that employs current best practises. It also verifies the
The proposed software is efficient enough to install message, which implies the recipient can tell if it has been
itself in the targeted system when the user, for example, clicks changed than what was originally sent.
a malicious link sent to him via email or social media, and Fernet avoids many of the egregious errors that a naive
then captures all of the user's keystrokes while he is logged developer might make when designing such a system by:
into the system, saves the logs in a folder in encrypted format, • Providing a secure mechanism for key generation (a key can
and sends the encrypted log directly to the third party's email be assumed as a password).
address. The third party then decrypts the log. • To make the encryption more secure, choose a secure
encryption algorithm (AES using CBS mode and PKCS7
padding) and assign a secure "salt" value IV at random.
• The encrypted message is timestamped. encrypted which makes the developed software better than
The proposed system uses the above module to perform current softwares in use. The software can monitor data and
AES 128 bit encryption. As, AES-128 seems to be faster and store it in a specific folder or send it to the owner's email
more efficient, and it is less likely to be the target of a full- address. The software can also hide itself from the system's
fledged attack (as it has a strong key schedule). owner while running in the background. As a result, I accept
that my methodology significantly raises current standards
for observing and gathering information for either legal or
illegal purposes.

Key stroke logging

• including timestamp

Sending log files through email

Clipboard logging

Figure 1 – Architecture of AES 128

Taking snapshots

Smtplib module to send emails

When it comes to processing email with Python, this Screen recording
is the most popular library. It generates a Simple Mail
Transfer Protocol (SMTP) session object which can be used Camera
to send email to any machine connected to the internet. For
SMTP, smtplib employs the RFC 821 protocol. The examples
in this tutorial will send emails using the Gmail SMTP server, System information
but the same principles apply to other email services.To
encrypt an SMTP connection, two protocols are used i.e. SSL Encryption of logs
(Secure Sockets Layer) and TLS (Transport Layer Security).
Before using smtplib in our project, we must enable a
configuration in your email account. We have to turn on the
"enable access to less secure apps" in the email you will use
as the sender. Figure 3 – Features of proposed system

OS module of Python
In Python, the OS module contains functions for 6. REFRENCES
interacting with the operating system. Python's standard
utility modules include OS. This module allows you to use [1] Bhardwaj, A., & Goundar, S. (2020). Keyloggers: silent
operating system-specific functionality on the go.Many cyber security weapons. Network Security, 2020(2), 14-
operating system tasks can be performed automatically. 19.
Python's OS module includes functions for creating and [2] Royo, Á. A., Rubio, M. S., Fuertes, W., Cuervo, M. C.,
Estrada, C. A., & Toulkeridis, T. (2021, March).
removing directories, retrieving their contents, changing and Malware Security Evasion Techniques: An Original
identifying the current directory, and so on. Many functions Keylogger Implementation. In World Conference on
for interacting with the file system are included in the os and Information Systems and Technologies (pp. 375-384).
os.path modules. Springer, Cham.
[3] Q. Hua and Y. Zhang, "Detecting Malware and Rootkit
via Memory Forensics," 2015 International Conference
on Computer Science and Mechanical Automation
(CSMA), 2015, pp. 92-96, doi: 10.1109/CSMA.2015.25.
5. CONCLUSION [4] Lanzi, A., Sharif, M. I., & Lee, W. (2009, February). K-
The product can perform the proposed work in the same way Tracer: A System for Extracting Kernel Malware
Behavior. In NDSS.
that a basic keylogger does to obtain all secret data from the
framework's clients by recording their keystrokes and mouse
clicks without the client's knowledge. The log files are