An advanced keylogger with both kernel and userspace mode support. Implements stealth functionality and netlink socket communication.
- Kernel mode (stealth)
- Userspace mode with assembly support
- Netlink socket communication
- Optional debug logging
- Automatic keyboard device detection
- Kernel module hiding
- Separate receiver with human-readable output
- Session logging with timestamps
- JSON configuration support
- Configurable network settings
- Linux kernel headers
- NASM assembler
- GCC compiler
- Make
- Jansson library (for JSON parsing)
- Install dependencies:
# Debian/Ubuntu
sudo apt-get install build-essential linux-headers-$(uname -r) nasm libjansson-dev
# Fedora
sudo dnf install gcc make kernel-devel nasm jansson-devel
# Arch Linux
sudo pacman -S base-devel linux-headers nasm jansson- Clone the repository:
git clone https://github.com/UsboKirishima/0
cd 0- Build the project:
makeThe keylogger can be configured using the config.json file:
{
"network": {
"host": "127.0.0.1",
"port": 8888,
"protocol": "udp"
},
"logging": {
"enabled": true,
"file": "keylog.txt",
"format": "[%timestamp%] %key%",
"timestamp_format": "%Y-%m-%d %H:%M:%S"
},
"security": {
"stealth_mode": true,
"encrypt_logs": false
},
"debug": {
"enabled": false,
"verbose": false
}
}network: Network communication settingshost: Target host for sending keystrokesport: UDP port numberprotocol: Communication protocol (currently only UDP)
logging: Logging configurationenabled: Enable/disable loggingfile: Log file pathformat: Log entry formattimestamp_format: Timestamp format string
security: Security settingsstealth_mode: Enable/disable stealth featuresencrypt_logs: Enable/disable log encryption
debug: Debug settingsenabled: Enable/disable debug outputverbose: Enable verbose logging
- Load the kernel module (requires root):
sudo insmod 0.ko- Start the receiver (can run as normal user):
./receiver [optional_log_file]- Or start the keylogger in kernel mode:
sudo ./0 --kernel- To remove the module:
sudo rmmod 0Simply run:
./0The program will automatically detect the keyboard device.
The receiver provides human-readable output and session logging:
# Default logging to keylog.txt
./receiver
# Custom log file
./receiver /path/to/logfile.txtLog format example:
--- Session started at Wed Mar 13 10:00:00 2024 ---
[2024-03-13 10:00:05] h
[2024-03-13 10:00:05] e
[2024-03-13 10:00:05] l
[2024-03-13 10:00:05] l
[2024-03-13 10:00:05] o
[2024-03-13 10:00:06] [Enter]
--- Session ended at Wed Mar 13 10:00:10 2024 ---
To enable debug logging, compile with the DEBUG flag:
make CFLAGS="-DDEBUG"Logs will be saved using slog.
.
├── src/
│ ├── 0.c # Main file
│ ├── receiver.c # Human-readable output receiver
│ ├── read_event.asm # Assembly implementation
│ └── slog.c # Logger
├── include/
│ ├── 0.h # Main header
│ └── slog.h # Logger header
└── Makefile
- Kernel module requires root privileges
- Kernel mode is hidden from loaded modules list
- Data is transmitted locally via netlink socket
- Receiver can run as normal user
- Log files are created with current user permissions
This project is released under GPL v3 license.
- 333revenge
This software was created for educational purposes only. Misuse of this software may constitute a criminal offense in some jurisdictions. The author assumes no liability for misuse of this software.
- Fork the project
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
- Kernel module might require recompilation when kernel is updated
- Some keyboard layouts might not be detected correctly in userspace mode
- Receiver must be restarted if kernel module is reloaded
For bug reports or feature requests, please open an issue on GitHub.