nullsec-keysniff

    ███▄    █  █    ██  ██▓     ██▓      ██████ ▓█████  ▄████▄  
    ██ ▀█   █  ██  ▓██▒▓██▒    ▓██▒    ▒██    ▒ ▓█   ▀ ▒██▀ ▀█  
   ▓██  ▀█ ██▒▓██  ▒██░▒██░    ▒██░    ░ ▓██▄   ▒███   ▒▓█    ▄ 
   ▓██▒  ▐▌██▒▓▓█  ░██░▒██░    ▒██░      ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒
   ▒██░   ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
   ░ ▒░   ▒ ▒ ░▒▓▒ ▒ ▒ ░ ▒░▓  ░░ ▒░▓  ░▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░
   ░ ░░   ░ ▒░░░▒░ ░ ░ ░ ░ ▒  ░░ ░ ▒  ░░ ░▒  ░ ░ ░ ░  ░  ░  ▒   
      ░   ░ ░  ░░░ ░ ░   ░ ░     ░ ░   ░  ░  ░     ░   ░        
      ░   ░    ░   ░       ░       ░         ░     ░   ░ ░      
            ░                          ░    ░           ░        
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   █░░░░░░░░░░░░░░░ K E Y S N I F F ░░░░░░░░░░░░░░░░░░░░░░░░░█
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                       bad-antics

Overview

nullsec-keysniff is a keyboard event monitor and analyzer written in F#. Uses .NET eventing for cross-platform input capture with pattern detection, session logging, and real-time analysis.

Features

• 📝 Keyboard Event Capture - Monitor keystrokes with timestamps
• 🔍 Pattern Detection - Detect passwords, credit cards, SSNs
• 📊 Session Statistics - WPM, common sequences, timing analysis
• 🔐 Encrypted Logging - AES-256 encrypted output files
• 🌐 Remote Exfiltration - Optional HTTP/DNS data transmission
• ⏰ Time-based Triggers - Capture during specific timeframes

Requirements

• .NET 6.0 or higher
• F# 6.0+
• Linux/Windows/macOS

Installation

# Clone repository
git clone https://github.com/bad-antics/nullsec-keysniff.git
cd nullsec-keysniff

# Build
dotnet build -c Release

# Or run directly
dotnet run --project keysniff.fsproj

Usage

# Start capture with default settings
dotnet run -- capture

# Capture with encrypted output
dotnet run -- capture -o sessions.log -e -k "secretkey"

# Capture with pattern detection
dotnet run -- capture --detect-patterns

# Analyze existing log
dotnet run -- analyze -f sessions.log

# Real-time monitoring
dotnet run -- capture -v --realtime

Options

Flag	Description
-o, --output	Output file path
-e, --encrypt	Enable AES-256 encryption
-k, --key	Encryption key
-v, --verbose	Verbose output
--detect-patterns	Enable pattern detection
--realtime	Real-time display
--duration	Capture duration (seconds)

Pattern Detection

Automatically detects:

• Password entry sequences
• Credit card numbers (Luhn validation)
• Social Security Numbers
• Email addresses
• Phone numbers
• Common credentials

Output Format

{
  "session_id": "a1b2c3d4",
  "start_time": "2024-01-15T10:30:00Z",
  "events": [
    {
      "timestamp": 1705313400123,
      "key": "a",
      "modifiers": [],
      "window": "Terminal"
    }
  ],
  "patterns_detected": [
    {
      "type": "password_entry",
      "confidence": 0.85,
      "position": 150
    }
  ]
}

Disclaimer

This tool is intended for authorized security testing and educational purposes only. Unauthorized monitoring of user input is illegal. Always obtain proper authorization.

License

NullSec Proprietary License

Author

bad-antics - NullSec Security Team

---

Part of the NullSec Security Toolkit

---