Create your own virtual machine on Linode with a 60-day $100 credit: davidbombal.wiki/linode If that link doesn't work for you, try this link: www.linode.com/lp/youtube-viewers/?ifso=davidbombal Please note: Credits expire in 60 days. Big thanks to Linode for sponsoring this video! I wrote a Python program that saves keystrokes to a cloud server. I compiled the script to run on a Windows 11 computer with anti-virus enabled. May this be a warning to both you and your family. Don't download software that you don't trust. Only download software from reputable software developers and those you trust. Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place. // MENU // 00:00 - Be careful what you download 00:07 - Intro 00:16 - How to capture keystrokes with Python 00:41 - Keylogger demo 03:30 - How to setup the keylogger 10:34 - Conclusion // Code // Keylogger: github.com/davidbombal/python-keylogger Server: github.com/davidbombal/express-server-basic // Video mentioned // Python keylogger bypasses Windows 11 Defender: kzbin.info/www/bejne/p5K9XnyYqNiDeqs // SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin: kzbin.info // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

This keylogger scripting technique through other scripting mediums has been around for years. Dave, you just made it worldwide for Python. Well done.

Always great content! I've done something similar using SMTP to shoot over emails of the logged keystrokes on a timed interval. Love the use of a js server approach! About to jump into the code and have a look around. Keep up the amazing work and for making people aware of the real dangers that hide in plain site.

Great tutorial David! Please keep them coming!

one of the few channels that show content of relevance!!!!!! I wish you were my mentor... I managed to reproduce another keylogger on the desktop! it also prints every click along with a notepad with text captures and creates folders separated by date!!! finally I managed to reproduce your code and forward the log file to a server... thank you very much for sharing your knowledge!!!!!! I am a Programming and Information Security enthusiast🇧🇷

I created a python key-logger like this couple years ago sending it to my free web hosting server. Awesome video.

Rather than outputting to a text file, you could use a nosql db and output the processes running at the time of the key logging to have a better picture of what the target is using at the time they are typing.

This is awesome, it's more effective If the keylogger run as a daemon in the background and it is start running on system boot up

Things that can be improved, make the script work like a blind shell, like not including the ip address in the program itself, instead we will initiate a call to the program via some authentication, also encrypted data transfer is necessary to avoid AV detection.

Amazing content David I like that you bring us the best reputable personalities in their speciality field so we can learn from the best no need for fancy botcamps😄 ✅🖥️🙏

Awesome video, thank you David 😊! Those PoCs are really good for us to build countermeasures to that kind of stuff. I got curious about python compilation actually, I've did some Python install before but never compiled it as a binary, will give it a try later.

I've once used python on my PC to give a demo to my friends that how getting passwords is easy and asked them to avoid using internet cafes, as getting the key strokes is pretty easy. That was way back in 2015.

I started to smile after I saw the first thumbnail of this video. It was like Saurons Eye from the Lord of the Rings is watching you. And now it's like a Ringwraith.

what about how to stop remote keyloggers? what antivirus or app can detect them?

thank you very much for this content, i love how you explain so good and simple to knowledge!

Great content again. Reading the comments and your responses is very helpful in educating us, thanks!

This is one of the most complex python keyloger ever. I can do the same with aprox 20 lines of code without any extra software or anything.

Haha I love this content David! I am doing the 30 day challenge of networkchuck right now the juniper ccna

Hey David, thanks for sharing this! I don’t suppose you could maybe consider a pivot into voice ? Enough material with that to keep you occupied. Could maybe lead back into security related items (wire shark and RTP streams). I know network engineers tend to grimace at voice, but steel yourself and think about it ;)

Hello Mr Bombal it seems that python is great langage to learn thx for u re constant effort God bless u

What would happen if the target is typing in another layout or language

The problem with spying on your partner is sometimes you find out something you wish you didn't

I wrote keylogger to spy on my wife also. Found out she was communicating with my best friend. Now he lives in my house.

Thank you for this informative and educational video!

Ive tried to do it. Only one issue: when I run the compiled keylogger.exe it opens an empty command prompt, when I close it, it will close the keylogger as well. Idk how to make it so it opens stealthy as yours.

Bad Mr Bombal Bad, keep the videos coming thank you learned alot!!

David, you said you were going to show us how to capture a handshake with Kali Linux installed on our android phones.

Thank you for your continued commitment to education.

What bugs me is that the program doesn't even need administrator permission like those KMS Trojans.

Make a video to show us how to create own server to save the data without Linode, please?? Thank you David for the fantastic videos!!

Thank you for demonstrating this.

sir why dont you create a structured course on various language which is in demad in copporate sector....beleive me your channel will boom

Yeah, sure, you can do that, Windows doesn't block it but what it does block is my compiled production-ready program without any single malware in it for absolutely no reason...

I'm new. What does he mean when he says we? Is there a team who worked on this?

Do you have any recommendations on books in Computer Science? I want to learn Computer Science before JavaScript and Python.

Genuinely interested in what this community has to say, now that everyone has seen the source code and how it functions, what are some methods anyone here would use, to defend against it?

thanks for the awesome content David

Nice video, if i was do it this i would use sockets for real time communication and a common port such as 443 + inject a binary blob into memory for a listener to setup a shell, that the program can load using a pointer. easy web c&c.

Someone said this virus is undetectable ! So funny maybe they are recently using windows 7 !

Thanks for this. Ill fire up a demo for our monthly meeting.

We dont deserve you David. Thank you so much!

With a security key for sign in the keylogger won't be able to fetch anything. The threat would be a cookie session stealer malware, but that would have to bypass the virus detection which is not likely.

in other words this can also bypass a separate firewall? wow this is crazy stuff.

Awesome video David, but, how can we prevent our machines from these tools?

Great video man. Love the server

Lol I ruined my dads $2000 computer when I was 12 by downloading a virus on purpose and executing it.

0:00 so running it on my desktop would be fine?

The question is: how is this prevented? I like to see the responses for both; Enterprise level and single host.

may add -y to the install script in the install lines (and merge the lines)

Can we mirroring site using cors method with python? In php we can use php get_content. How about python ?

if you want you can also create a python scripting course on youtube

So recompiling PyInstaller bypasses Defender, but wouldn't SmartScreen block the EXE as it is unknown (if it was real malware and actually was downloaded from the Internet by "your victim")?

I am ok with python code but I have no idea about C code. When you say you used a C compiler to compile it does that mean you can compile python code in C compilers or did you have to use C code to make it work? Thanks for the video.

I need an example file of someone who wrote a longer text (a story or a masters thesis) - is there any such public repository?

keep getting "This process is not trusted! Input event monitoring will not be possible until it is added to accessibility clients." any ideas?

How can i send the keylogging data to my own server. Do i just open a port on my server like 8080 shown in the scipt and add my server ip in the scipt too?

Spyware are shown in procexplorer? like sketchy process running. Or they are just not visible?

Are the sample softs there when you open the software or do you have to download them from sowhere

Hi, David. What would you recommend for scanning pdf's and images for rats and loggers? These day's many of us download quite a number of pdf's for education and images for our own curating.

UAC doesn't popup at all when you execute?

It's OK; my family runs any software we download from the internet from our PC, but never our laptops, haha.

set up a small local server that is running on cellular network and have it set up on the local network then forward the traffic from there.

Great video...thanks David.

What do you recommend for someone who has remote keylogger (victim) on their computer and wants to remove it? Many thanks

Just the title!! Hahaa this is why I joined your army

More videos like this but easy one's please for beginners.

Awesome video David !

Hi David, just wondering if there's a way to encrypt the keylogged traffic / passwords as I'm sending them to my linode. Maybe I want to test this with my own passwords but I don't want the connection to be readable by eavesdroppers.

I did the same thing and uploaded it to my github page It send keystrokes to my email using SMTP library

Can this be done within windows and to keylog another windows machine? I don't really want to spin up a entire Linux vm just for logging.

Will EDR not detect this kind of activity? since EDR is based on anamolies I'm pretty sure it will catch as suspicious no?

sir can you please tell me if i need to NAT port to sending logs through WAN?

Windows Defender can detect it now,

what if we run this file as a script on the AD .... and it will automatically run right? fun but scarry ...

what if i just want the capture file on my my on PC?

Can you make this on replit online code editor

Hello 👋 Thank for this video Is it possible to do it in local network with private adress ?

Dave could you create a GNS3 topology for key logging?

Hello, what program do you use to record the windows desktop?

Reminds me of some of my earliest experiments in writing my own penetration tools. The logger I wrote worked poorly and only locally on my own computer. Hilariously bad but still somewhat functional. The more fun experiments were controlling pointers remotely. Good times.

Amazing as always ❤

Hackers: Alright copy that run that and the keylogger is complete! Me: So do you have a github repository or something?

Hey David can you make a video for osinteers

Great Content! I am a big fan. I did all of this and windows defender did not detected it but when i sent it to my friend to check it out by uploading it to google drive. When he downloaded it windows defender picked it up. Is there something i can do to avoid this?

this script is getting detected in my computer(windows 11) and automatically being deleted in vs code after saving showing the warning that this file contains virus

Should we not clear the global variable text after a successful send? Otherwise with time its size will be huge.

8:45 that makes no sense, unless msft compiler adds something to the code... but i highly doubt that. I see no reason why you would have to re-compile py-installer....

How to prevent Android mobile getting attacked by spy ware. How to know if the mobile is comprised by spyware

Heya David. Nice video, as usual :) I have a small question though. Why is windows Defender not picking up the exe file ? It usually picks up python scripts quite easily and the library you did use, is using winapi and that is not even trying to evade detection. Could you explain, please ? :)

I started making soft recently, I was wondering if you wanna do any features.

That Windows is still this.... bad in this regard. On macOS you cannot intercept non-modified keys without being granted the permission to be an accessibility application.

Can this keylogger program be put in non executable files like PDF files, pictures, videos etc?

Thanks for all.

how can I test this out with a VM in kali VirtualBox?

Thanks for the nice scripting.. but i am curious.. Did you find some concerned keystrokes on you'r wife's computer???

is it possible to modify the code that the data can be saved in a local database

good stationary computer safe as you only said laptop!

5:28 seeing a white stripe in the german flag makes me feel more uncomfortable than i would have imagined... wierd darkmode coincidences^^

i m from india ....your content is great ...... really

Please how did you get it to run in the background