logkeys
by kernc
logkeys is a reliable GNU/Linux keylogger that captures all common keystrokes with awareness of Shift and AltGr modifiers, running as a covert daemon.
:memo: :keyboard: A GNU/Linux keylogger that works!
Primary Use Case
logkeys is primarily used for monitoring and logging keystrokes on Linux systems, useful for security researchers, penetration testers, or system administrators who need to detect unauthorized input or investigate user activity. It is designed to run stealthily as a daemon, capturing keyboard input without crashing the X environment or repeating keys unreliably.
- Logs all common character and function keys with Shift and AltGr awareness
- Runs as a daemon for continuous background keylogging
- Setuid root helper programs for quick and covert start/stop
- Uses Linux input subsystem event interface for accurate key capture
- Supports manual device specification for input event devices
- UTF-8 locale support for proper character encoding
- Default log file stored securely at /var/log/logkeys.log
Installation
- Refer to the INSTALL file for detailed installation and build notes
- Build the software according to instructions in INSTALL
- Ensure you have root privileges to install setuid root helper programs
- Test the program manually by creating a test log file
- Run logkeys with appropriate device and locale settings
Usage
>_ logkeys --start --output test.logStarts the keylogger and outputs keystrokes to test.log
>_ tail --follow test.logFollows the log file in real-time to monitor captured keystrokes
>_ logkeys --killStops the running keylogger daemon
>_ bin/llkStarts the logkeys daemon quickly and covertly using setuid root helper
>_ bin/llkkKills the logkeys daemon quickly and covertly using setuid root helper
>_ logkeys --device /dev/input/eventXManually specifies the input event device to be used for keylogging
>_ logkeys --export-keymap my_lang.keymapExports the current keymap for localization or troubleshooting
- Can be chained with post-exploitation frameworks to capture credentials stealthily.
- Useful for red team exercises simulating insider threat or credential theft scenarios.
- Blue teams can deploy modified versions to detect unauthorized keylogging activity by monitoring logkeys processes and logs.
- Integrate with Security Information and Event Management (SIEM) for automated alerting on suspicious input capture.
- Use in purple team exercises to validate detection capabilities and improve endpoint monitoring strategies.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about logkeys. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
rustdesk
rustdesk/rustdesk
An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
osquery
osquery/osquery
SQL powered operating system instrumentation, monitoring, and analytics.
macOS-Security-and-Privacy-Guide
drduh/macOS-Security-and-Privacy-Guide
Community guide to securing and improving privacy on macOS.
How-To-Secure-A-Linux-Server
imthenachoman/How-To-Secure-A-Linux-Server
An evolving how-to guide for securing a Linux server.
Atlas
Atlas-OS/Atlas
🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.
fail2ban
fail2ban/fail2ban
Daemon to ban hosts that cause multiple authentication errors