A express/socketio keylogger server with administrator interface
The backend consist of an expressjs webserver which serves the administrator interface using Basic HTTP Authentication customizable from the options and a socket.io server wait and handle the receiving of key logs from various sources, stores them and forward them to the administrator interface for be seen and analyzed.
The administrator interface for visualize the key logs archive and the live key logs feed from various clients is built with Angular using Angular CLI version 1.6.6. The administrator interface comes with a basic HTTP authorization which defaults to: keylog-io
The client script is a socketio.io client with key logger functions that try to hide himself by pausing when the dev-tools (inspector) is open. It catches only relevant keys and send them back to the server as a buffer with additional information, take a look at the code if you want to see more.
This project comes in three different ways, you can use it as a node module, as a command (globally installed package) or through the official docker image.
First install the module locally using your favourite package manager:
npm install keylog.io
yarn add keylog.io
Than you can start it manually in your code when you need it:
import keyloggerServer from 'keylog.io'
keyloggerServer({
serveDemo: true,
serveClient: true
});
Install it as global package using your favorite package manager:
npm install -g keylog.io
yarn global add keylog.io
Once has been installed you can access it through the command keylog-io
like the example below:
$ keylog-io --help
Usage: keylog-io [options] [command]
A express/socketio keylogger server with administrator interface
Options:
-V, --version output the version number
-h, --help output usage information
Commands:
start [options] Start the keylogger server
build [options] <hostname> [port] Build the client flle for the given endpoint
You can also print the usage information for the sub commands, for example keylog-io start --help
will print the start
command usage informations.
Pull the official image from the docker hub:
docker pull b4dnewz/keylog-io
Than run it with some options to bind the port to your host:
docker run -it --rm -p 3000:3000 b4dnewz/keylog-io
You can now access it via http://localhost:3000 and you should be able to access the administrator interface.
If you want to further customize the execution you can set environment variables to enable/disable features:
docker run -d --name keylogger -p 3000:3000 -e SERVECLIENT=true b4dnewz/keylog-io
Here a list of all the available environment variables that will be forwarded to the module execution:
- SERVECLIENT: Serve the keylogger client accessible at
hostname:port/client.min.js
- SERVEDEMO: Serve a demo page accessible on
hostname:port/demo
- DBUSER: The database user name
- DBPASS: The database user password
- DBNAME: The database name where store the data
By default the administrator interface will have Basic HTTP Authentication with values: keylog-io
For a full list of options see the default options on source code.
If you want to persist the keylog entries across time or for using the archive page to analyze your findings later or using the filters and more, you must have a working MySQL instance and tell to keylog.io to use it.
It will create automatically a table called keylogs where it will store all the received keylogs from clients. You can customize the database connection options such as database name using the database.name
option or more in general the database
option object when starting the server.
The default table structure created is the following but you can customize it later using a mysql client or suggest me a better structure using the issues section of this project.
CREATE TABLE IF NOT EXISTS `keylogs` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`hostname` varchar(50) NOT NULL,
`element` varchar(50) NOT NULL,
`key` varchar(50) NOT NULL,
`path` varchar(255) NOT NULL,
`timestamp` timestamp NOT NULL DEFAULT current_timestamp(),
KEY (`id`),
INDEX `HOSTNAME_INDEX` (`hostname`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
You can also link a database using docker links if you are using keylog.io from a container.
- Basic HTTP Authentication for administrator interface with options for username and password
- Optionally save key logs results on a MySQL database
- Change behavior, pausing and trying to hide when devtools is open
- Create different routes for live feeds and archive
- Handle mobile input events (mobile browsers support)
- Automatic database table setup when using database mode
- Test key logger performances with multiple different hosts
- Complete the administrator interface with filters, groups, labels and stuff..
- Write a good documentation with examples and video use during simulated MITM attacks
- Write tests for backend and frontend code
- Get drunk at the end of all this
Run npm run start
this will concurrently spin up the express/socketio development server and start angular-cli. It should open a browser page with the administrator interface, if not, vavigate to http://localhost:4200/
. The app will automatically reload if you change any of the source files.
Also it will serve a keylogger client demo page at the address: http://localhost:3000/demo/
Run ng generate component component-name
to generate a new component. You can also use ng generate directive|pipe|service|class|guard|interface|enum|module
.
Run npm run build
to build the project. The build artifacts will be stored in the dist/
directory. Use the -prod
flag for a production build.
Run npm run build-client
to build the key logger-client file which is a socket.io-client module with a payload for capturing key presses and send them to a remote server.
Run npm run test
to execute the unit tests via Karma.
Run npm run e2e
to execute the end-to-end tests via Protractor.
To get more help on the Angular CLI use ng help
or go check out the Angular CLI README.
To get more informations about Socket.io visit the official page or visit the documentation.
- Fork it ( https://github.com/b4dnewz/keylog.io/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Write and run the tests (
npm run test
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
The keylog.io is released under the MIT License by b4dnewz.