We install and run the keylogger on Linux

6 May 2023 3 minutes

Keystroke logger

Sometimes there is a situation when someone has access to your computer and it may not always be a third party, most often it is a parent or a sibling, and you want to see what they have been doing on your computer when you were away. To do this, you can simply run a keylogger and spy on them! A keylogger is a device or software for intercepting data entered from the keyboard. It recognizes button presses, secretly stores and transmits information. The name of the term is formed by merging the English words “key” (“key”) and “logger” (“recording device”). Accordingly, a keylogger is a recorder of keystrokes. However, such a spy can record information not only about which buttons the user presses, but also about a number of other actions, for example, about mouse movements. The keylogger also captures the time and date of clicks, which is important for building a chronology of events. Keyloggers are classified according to many features: by type, location of log storage, option of sending it, method of application. According to the method of implementation of the danger, keyloggers are distinguished as hardware, software.

Penetration of a software keylogger into a computer is easy and imperceptible. Keyloggers interfere with the operation of the computer, but they harm the operating system. A keystroke logger can be a good means of security management, and an effective means of breaching it. To see the fine line between these functions, only the targets with which the keylogger was used will help. Protecting yourself from a keylogger is possible and not very difficult. A simple but effective way to protect against many keyloggers is on-screen keyboards, which replace pressing a keyboard button with a mouse click on an area of the screen.

Using a keylogger

A keylogger can be used to record sensitive information such as usernames, passwords or credit card details, etc. Now I will show you how to use it.

1. We download the keylogger from the repository on GitHub:

2. Go to the folder with the keylogger:

3. Now we collect:

4. Go to the build directory and continue assembly:

5. We create a log file where the keylogger will record the entered data:

6. Start the keylogger:

  • -s -this is start

  • -u – is to use us-keymap (English layout)

  • -o – output (output file). By default, the log file is located at /var/log/logkeys.log

7. To stop the keylogger, enter the command:

There are two utilities in this package:

  • /bin/llk which is meant to start the logkeys daemon and /bin/llkk which is meant to kill it.
  • /bin/llk starts /etc/logkeys-start.sh and /bin/llkk starts /etc/logkeys-kill.sh.

You can use these two setuid root utilities (llk and llkk) to quickly and stealthily start and stop the keylogger. Feel free to modify the .sh scripts as you see fit. Since both programs are installed with the setuid bit set, the root password does not need to be specified at runtime. You can also add /bin/llk to autostart so that the daemon starts at system startup. Well, if you have access to someone else’s computer, I think I won’t have to explain here what you can do with someone else’s PC.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.