KLDetect is a keylogger detector for the Linux Desktop. It can detect processes reading from /dev/input/event* devices and kernel modules registered to listen to keyboard events.

Dependencies

Setup

Download or clone this repository:

$ git clone https://github.com/sebaschi/keylogger-detector.git

Navigate into the src directory:

$ cd keylogger-detector/src

Run a keylogger. KLDetect has been tested and shown to work on the following keylogger.

User progams:

Kernel Module:

Usage

The programm must be run as root (sudo).

Running without options just runs userspace detection:

# ./kldetect.py

To get a list of options:

# ./kldetect.py -h

To run with kernel module detection:

# ./kldetect.py -k

To run just kernel module detection

# ./kernel_detector.py

Developers

This project is Part of a Univeristy project at the Operating Systems lecture at the University of Basel, Switzerland. A project journal can be found here.

Description

University project for an Operating Systems lecture. The goal is to develope a keystroke-logger-detector for a Linux environment. Developement Environment: Fedora 37 VM under Gnome and Wayland.

keylogging linux linux-iomem linux-kernel linux-programming malware-detection

Readme 1.2 MiB