简体繁体 English

跨平台键盘记录器

[英]Cross platform keylogger

原文 2008-12-13 11:10:29 9 2 python/ cross-platform/ time-management/ keylogger

I'm looking for ways to watch mouse and keyboard events on Windows, Linux and Mac from Python.我正在寻找通过 Python 在 Windows、Linux 和 Mac 上观看鼠标和键盘事件的方法。

My application is a time tracker.我的应用程序是一个时间跟踪器。 I'm not looking into the event, I just record the time when it happens.我不是在调查事件，我只是记录它发生的时间。 If there are no events for a certain time, say 10 minutes, I assume that the user has left and stop the current project.如果某段时间内没有事件，比如 10 分钟，我假设用户已经离开并停止当前项目。

When the user returns (events come in again), I wait a moment (so this doesn't get triggered by the cleaning crew or your pets or an earthquake).当用户返回（事件再次出现）时，我会等待片刻（因此这不会被清洁人员或您的宠物或地震触发）。 If the events persist over a longer period of time, I assume that the user has returned and I pop up a small, inactive window where she can choose to add the time interval to "break", the current project (meeting, etc) or a different project.如果事件持续较长时间，我假设用户已经返回，我会弹出一个小的非活动窗口，她可以在其中选择将时间间隔添加到“中断”、当前项目（会议等）或一个不同的项目。

I've solved the keylogger for Windows using the pyHook .我已经使用pyHook解决了 Windows 的键盘记录器。

On Linux, I have found a solution but I don't like it: I can watch all device nodes in /etc/input and update a timestamp somewhere in /var or /tmp every time I see an event.在 Linux 上，我找到了一个解决方案，但我不喜欢它：我可以查看 /etc/input 中的所有设备节点，并在每次看到事件时更新 /var 或 /tmp 中某处的时间戳。 There are two drawbacks: 1. I can't tell whether the event if from the user who is running the time tracker and 2. this little program needs to be run as root (not good).有两个缺点：1. 我无法判断事件是否来自运行时间跟踪器的用户 2. 这个小程序需要以 root 身份运行（不好）。

On Mac, I have no idea, yet.在 Mac 上，我还不知道。

Questions:问题：

Is there a better way to know whether the user is creating events than watching the event devices on Linux?有没有比在 Linux 上观看事件设备更好的方法来了解用户是否正在创建事件？
Any pointers how to do that on a Mac?任何指示如何在 Mac 上做到这一点？

2 个解决方案

There are couple of open source apps that might give you some pointers:有几个开源应用程序可能会给你一些提示：

PyKeylogger is python keylogger for windows and linux PyKeylogger是用于 windows 和 linux 的 python 键盘记录器
logKext is a c++ keylogger for mac logKext是一个适用于 mac 的 c++ 键盘记录器

There's a great article on Writing Linux Kernel Keyloggers有一篇关于编写 Linux 内核键盘记录器的很棒的文章
http://www.phrack.com/issues.html?issue=59&id=14#articlehttp://www.phrack.com/issues.html?issue=59&id=14#article

If you are attempting to run a honeypot, then definitely give Sebek a try:如果您正在尝试运行蜜罐，那么一定要试试 Sebek：
https://projects.honeynet.org/sebek/ https://projects.honeynet.org/sebek/

Sebek is a data capture tool designed to capture attacker's activities on a honeypot, without the attacker (hopefully) knowing it. Sebek 是一种数据捕获工具，旨在捕获攻击者在蜜罐上的活动，而攻击者（希望）不知道它。 It has two components.它有两个组成部分。 The first is a client that runs on the honeypots, its purpose is to capture all of the attackers activities (keystrokes, file uploads, passwords) then covertly send the data to the server.第一个是在蜜罐上运行的客户端，其目的是捕获所有攻击者的活动（击键、文件上传、密码），然后秘密地将数据发送到服务器。 The second component is the server which collects the data from the honeypots.第二个组件是从蜜罐收集数据的服务器。 The server normally runs on the Honeywall gateway, but can also run independently.服务器通常运行在 Honeywall 网关上，但也可以独立运行。 For more information on Sebek, please see http://www.honeynet.org/tools/sebek有关 Sebek 的更多信息，请参阅http://www.honeynet.org/tools/sebek