Surveillance-keylogger

When you step away from your machine, what happens? In enterprise environments or personal systems handling sensitive data, blind spots are incredibly dangerous. Existing monitoring software is often bloated corporate spyware that drains system resources, requires complex infrastructure, or is just too invasive.

I wanted a lightweight, invisible way to monitor a local endpoint purely for ethical auditing and backup, capturing exactly what is typed without the heavy footprint.

This tool is built for ethical hackers, security researchers, and system administrators who need a transparent, low-level auditing script.

It is also a lifesaver for power users who have lost paragraphs of typing to a sudden browser crash and want a self-hosted, invisible safety net that logs their own keystrokes locally.

The architecture had to be aggressively simple: intercept keyboard events at the OS level, buffer the data, and securely exfiltrate it at regular intervals. I opted for a pure Python script that binds directly to system input events.

The script runs entirely in the background as a daemon process. Once a threshold of keystrokes or a time limit is reached, it quietly compiles the log and emails it to a secure server using an encrypted SMTP connection, leaving no trace on the local disk.

I chose Python because of its incredible standard library and rapid deployment capabilities. Using pynput, I could hook into the OS-level keyboard events natively across platforms.

Instead of building a complex backend server, I utilized Python's native smtplib and threading modules. The script spawns a background thread that handles the email delivery asynchronously, ensuring that the main listening loop never blocks or misses a single keystroke. The entire payload is incredibly small and highly optimized.

The hardest part was ensuring the tool didn't lock up the system. Initially, the process of sending an email would freeze keyboard input for a fraction of a second, which is a massive red flag. I had to implement a strict producer-consumer threading model where the listener dumps keystrokes into a thread-safe queue, and a separate worker wakes up, drains the queue, and handles network I/O.

Another major challenge was bypassing basic heuristic scans. This required utilizing specific compiling techniques to package the Python script into a standalone executable that doesn't trigger immediate Windows Defender alerts, keeping the process truly stealthy.

Building this keylogger was a masterclass in low-level OS interaction. It was an eye-opening experience to see how easily user input can be intercepted and exfiltrated with just a few lines of Python.

This project fundamentally changed how I view endpoint security. It taught me that the best defense against malicious monitoring is deeply understanding how those very tools are built from the ground up.