caseyscarborough / keylogger Goto Github PK

A no-frills keylogger for macOS.

C 93.60% Makefile 6.40%

keylogger c

keylogger's Introduction

macOS Keylogger

This repository holds the code for a simple and easy to use keylogger for macOS. It is not meant to be malicious, and is written as a proof of concept. There is not a lot of information on keyloggers or implementing them on macOS, and most of the ones I've seen do not work as indicated. This project aims to be a simple implementation on how it can be accomplished on OS X.

Note: This keylogger is currently unable to capture secure input such as passwords. See issue #3 for more information.

Usage

Start by cloning the repository and running the proper make commands, shown below. By default, the application installs to /usr/local/bin/keylogger, which can easily be changed in the Makefile. make install may require root access.

$ git clone https://github.com/caseyscarborough/keylogger && cd keylogger
$ make && make install

The application by default logs to /var/log/keystroke.log, which may require root access depending on your system's permissions. You can change this in keylogger.h if necessary.

$ keylogger
Logging to: /var/log/keystroke.log

If only modifier keys are logging (e.g. in macOS ≥ 10.10), run with root access.

If you'd like the application to run in the background on startup, run the startup make target:

$ sudo make startup

To run the application now (note: you will need to run the sudo make startup command first):

$ sudo make load

To quit the application now (note: you will need to run the sudo make startup command first)::

$ sudo make unload

Uninstallation

You can completely remove the application from your system (including the startup daemon) by running the following command (logs will not be deleted):

$ sudo make uninstall

Optional Parameters

You can pass in two optional parameters to the program. The clear option will clear the logs at the default location. Any other argument passed in will be used as the path to the log file for that process. See below:

# Clear the logfile.
$ keylogger clear
Logfile cleared.

# Specify a logfile location.
$ keylogger ~/logfile.txt
Logging to: /Users/Casey/logfile.txt

Issues

Unable to Create Event Tap

If you get the following error:

ERROR: Unable to create event tap.

Go into System Preferences and go to Security & Privacy, click the Privacy tab, choose Accessibility in the left pane, and ensure that Terminal is checked.

Contributing

Feel free to fork the project and submit a pull request with your changes!

keylogger's People

Contributors

Stargazers

Watchers

Forkers

yurieco ssbozy lcusdtech jesusl22 leoneckert bsk0 emmamm05 howti wasdee shizonic security-geeks wutoz captheflag fer-dev cloudxtreme ztaira pulkitsharma07 hardbox keefo realglobe-inc solertis michaelrandrianantenaina schappim reiaaoyama d4v1ncy rithie hmwildermuth anubhav722 leetcodes wolfiex robyc amloelxer edwardluke bigfoxses francof 0x6b386f olivertappin kidapu aronszabo lbxa pilgrim2go olets asorourx maksbd19 ll2b socmap ast spajus megamindat singh-prabh m41doror yosmelvin chmnoh mkultrax wec7 dykemasarah tlehman rmr1012 diegocaridei yaoxiangg leepro ro9ueadmin welljsjs andrew-js-wright jrgutier secretnonempty icodeland orrt cvogler ericbaranowski teguhash mingqing sixpetrov joekarma matt-morris p13i marijnkoesen dougray muralisc vvzhukov speedyplane2247 chaskane geolffrey cdufour amandeep7838 seaunderwater dmitrysigaev simplesoftmx purplebyteone ii0 zegerm4n planetminguez hsswiki ssh352 lwx5924 hdixon qwweee alexpyoung ogiekako drsh4dow

keylogger's Issues

possible to "play" the log file in reverse?

great script!
running mac osx catalina, its a different keyboard layout but no problem.
but my question its possible to "play" the keylogged file reverse to see what happened exactly bcs
sometimes its a bit confusing....

keep on

Compile Error

Hello,
i'm new in programming on mac.

I get an Error if I do "make && make install" in Terminal.

The Terminal give me this error:

clang: error: cannot specify -o when generating multiple output files
make: *** [all] Error 1

I used Comand Line Tools Xcode 5.0.2

Do you have an idea?

Unable to compile for architecture x86_64

When i try to directly compile the keylogger.c program, i get the following error:
<hostname>:keylogger <username>$ gcc keylogger.c Undefined symbols for architecture x86_64: "_CFMachPortCreateRunLoopSource", referenced from: _main in keylogger-d948c0.o "_CFRunLoopAddSource", referenced from: _main in keylogger-d948c0.o "_CFRunLoopGetCurrent", referenced from: _main in keylogger-d948c0.o "_CFRunLoopRun", referenced from: _main in keylogger-d948c0.o "_CGEventGetIntegerValueField", referenced from: _CGEventCallback in keylogger-d948c0.o "_CGEventTapCreate", referenced from: _main in keylogger-d948c0.o "_CGEventTapEnable", referenced from: _main in keylogger-d948c0.o "_kCFAllocatorDefault", referenced from: _main in keylogger-d948c0.o "_kCFRunLoopCommonModes", referenced from: _main in keylogger-d948c0.o ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation)

cannot work on 10.12

Only can detect left-ctrl on 10.12(sierra)

How do I make changes in key logger.h file for root access ?

Keylogger not working when using it from script

Hello,

I am using keylogger for my custom daemon.

Below is a step that I am doing to work with keylogger.

Copy the keylogger in custom path i.e. /usr/local/CustomFolderName.
Using thing command to start service of keylooger. i.e.
sudo /usr/local/CustomFolderName/keylogger.
It starts logging the keyboard pressed the button but the problem is it's only capturing special key i.e. Alt,Ctrl, Shift.

Can you please let me know where I am doing wrong?

When I am trying to access the package from the terminal than all things work well.

Unable to build

When building the app it launches the following error:

Differentiate between left and right modifiers

I would like statistics of how often the left and right hand side modifiers (shift, alt, cmd) are used.

Can you differentiate them into [left-shift], [left-alt], [left-cmd], [right-shift], etc... This link says it's possible.

http://stackoverflow.com/questions/10715910/is-there-a-way-to-differentiate-between-left-and-right-shift-keys-being-pressed

Modifiers are logged twice

All modifiers (shift, fn, ctrl, alt, cmd) are logged both on key down and key up, causing duplicate entries in the log file.

Other keys which are logged on key down only.

Suggest to log key down only for all keys.

Does not capture passwords

This is probably a known issue, but this keylogger doesn't capture passwords, probably due to EnableSecureEventInput

This seems unavoidable with this approach, but would be nice if it was mentioned in the README

https://developer.apple.com/library/mac/technotes/tn2150/_index.html

`sudo make load` does not work

Prerequisites

Running the latest version
I checked the documentation and found no answer
I checked to make sure that this issue has not already been filed
Made sure to run the sudo make startup command first
Made sure everything runs without errors until sudo make load
Made sure that the keylogger command itself runs fine

Expected Behavior

That the keylogger would start after running sudo make load.

Current Behavior

I am getting this error: make: *** No rule to make target 'load'. Stop.

Context

Operating System: Mac OS 12.2

Periodically log timestamps

It would be nice to periodically break to a new line in the log file and list a timestamp, similar to the following format:

Thu May 26 18:09:42 2016
[left-shift]it would be nice to p]eriodically break to w[del]a new line in the log file and list a te[del]imestamp.

Thu May 26 18:09:56 2016
similar to the following format:

Thu May 26 18:10:05 2016
[enter][enter]```[left-cmd]v[left-cmd]

Support for International keyboards

When I press the + key on my keyboard, - is echoed to the log file.

Evidently, an American keyboard is assumed.

Suggest to add support for International keyboards.

Suppose there is a system call that can do the translation.

Run on startup for user, not system

I've created a temporary account on a borrowed computer.
I want to log my own key strokes to diagnose a problem.
I don't want to log key strokes on any other account.
If I run sudo make startup, will it start and run in my temporary account only?
Thanks.

No Permissions

Hello here in Mac OS Monterey.
I tried installing step by step. When I run keylogger it says unable to open log file. Ensure that you have the proper permissions. Can’t seem to get past this part. Can’t figure out how to give root access to the log.

Maps colon as semicolon

Command key recording as "aaa"

When the commend or apple key is used, it records as "aaa" in the log file. Is there a way to have it recorded as [cmd] to be in line with how the other keys record?

Does not record user/password

The keylogger works correctly except for user/password. For example, if you use Safari/firefox to log in your email account, the user/password is not recorded. The same for keychain password and other programs...

Modifier keys log on keydown and keyup

Currently modifier keys log on keydown and keyup events. For example, pressing the left shift once will result in the following in the log file:

[left-shift][left-shift]

There doesn't seem to be an obvious way to fix it, as the modifier keys seem to be triggered on the kCGEventFlagsChanged event type, not on kCGEventKeyDown or kCGEventKeyUp.

keylogger doesn't catch prev/play/next keys

Broken in 10.10.x

Does this work in Yosemite? I don't get any errors, but this is all I get:

Keylogging has begun.
Tue Feb 23 18:52:01 2016

[ctrl][ctrl][ctrl][ctrl][option][option][ctrl][ctrl][ctrl][ctrl][option][option][ctrl][ctrl][option][option]

and there should be other keys in there besides modifier keys.

Are all keys now secure events ?

File empty

All work perfect but when i check the log file i see nothing and keylogger.h is :
" FILE *logfile = NULL; " It's normal ?

errors during make

latest macos

gcc keylogger.c -framework ApplicationServices -framework Carbon -o keylogger
In file included from /System/Library/Frameworks/Security.framework/Headers/AuthSession.h:32:0,
                 from /System/Library/Frameworks/Security.framework/Headers/Security.h:43,
                 from /System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices.framework/Headers/CSIdentity.h:43,
                 from /System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices.framework/Headers/OSServices.h:27,
                 from /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/IconsCore.h:23,
                 from /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/LaunchServices.h:22,
                 from /System/Library/Frameworks/CoreServices.framework/Headers/CoreServices.h:39,
                 from /System/Library/Frameworks/ApplicationServices.framework/Headers/ApplicationServices.h:23,
                 from keylogger.h:7,
                 from keylogger.c:1:
/System/Library/Frameworks/Security.framework/Headers/Authorization.h:193:7: error: variably modified 'bytes' at file scope
In file included from /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/LSInfo.h:530:0,
                 from /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/LaunchServices.h:27,
                 from /System/Library/Frameworks/CoreServices.framework/Headers/CoreServices.h:39,
                 from /System/Library/Frameworks/ApplicationServices.framework/Headers/ApplicationServices.h:23,
                 from keylogger.h:7,
                 from keylogger.c:1:
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/LSInfoDeprecated.h:1244:1: error: expected ',' or '}' before '__attribute__'
In file included from /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/LSOpen.h:174:0,
                 from /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/LaunchServices.h:31,
                 from /System/Library/Frameworks/CoreServices.framework/Headers/CoreServices.h:39,
                 from /System/Library/Frameworks/ApplicationServices.framework/Headers/ApplicationServices.h:23,
                 from keylogger.h:7,
                 from keylogger.c:1:
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Headers/LSOpenDeprecated.h:29:1: error: expected ',' or '}' before '__attribute__'
In file included from /System/Library/Frameworks/CoreGraphics.framework/Headers/CGContext.h:18:0,
                 from /System/Library/Frameworks/CoreGraphics.framework/Headers/CGBitmapContext.h:9,
                 from /System/Library/Frameworks/CoreGraphics.framework/Headers/CoreGraphics.h:11,
                 from /System/Library/Frameworks/ApplicationServices.framework/Headers/ApplicationServices.h:35,
                 from keylogger.h:7,
                 from keylogger.c:1:
/System/Library/Frameworks/CoreGraphics.framework/Headers/CGFont.h:53:1: error: initializer element is not constant
In file included from /System/Library/Frameworks/CoreGraphics.framework/Headers/CGContext.h:21:0,
                 from /System/Library/Frameworks/CoreGraphics.framework/Headers/CGBitmapContext.h:9,
                 from /System/Library/Frameworks/CoreGraphics.framework/Headers/CoreGraphics.h:11,
                 from /System/Library/Frameworks/ApplicationServices.framework/Headers/ApplicationServices.h:35,
                 from keylogger.h:7,
                 from keylogger.c:1:
/System/Library/Frameworks/CoreGraphics.framework/Headers/CGPath.h:391:15: error: expected identifier or '(' before '^' token
/System/Library/Frameworks/CoreGraphics.framework/Headers/CGPath.h:393:53: error: unknown type name 'CGPathApplyBlock'
make: *** [all] Error 1

Does not record keystrokes inputted with Dictation

If you use the osx dictation built in, the keylogger does not record those entries.

Is there a way to do that?

Root privileges required

I tried running this application on OS X 10.10 Yosemite, but it only logs "modifiers", such as "[ctrl][option][cmd][shift]". No other key is logged. Running it with sudo, though, makes it able to log all the keys.
Is there any other way to run it in userspace?

Thank you for sharing your code!

Readme does not specify how to run in the background

The README.md doesn't specifically say how you're able to run this command in the background. This works fine during startup, but not necessary how to run it without restarting.

Raising this issue in anticipation of a pull request.

make fail - load issue

hi. thanks for this great code. trying to make, i get the message:
sh:>make && make install
gcc keylogger.c -framework ApplicationServices -framework Carbon -o keylogger
ld: can't write output file: keylogger for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [all] Error 1

am using admin account... osx 10.9.5 hmmmmmm. it almost looks like the kind of error you'd get if trying to use something designed for the pc, although that would be a million errors i guess... i went to the dir /usr/local/bin/ and created keylogger to see if that would help... no go.

Azerty support ?

Do you have any plan to support AZERTY keyboard ?

Frameworks not found

Unfortunately, the Makefile isn't working for me. I got the following error at first:

./keylogger.h:7:10: fatal error: 'ApplicationServices/ApplicationServices.h' file not found

which turned into the following, after adding -F/System/Library/Frameworks to the gcc command:

/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices.framework/Headers/CSIdentity.h:24:10: fatal error: 'MobileCoreServices/CSIdentityBase.h' file not found

Any thoughts? Seems like it thinks I'm compiling for an iPhone per the lines near the error.

Thanks!

ERROR: Unable to create event tap.

I am getting this error on MacOS Mojave 10.14.4
is there a fix?