Ecco il README in inglese ottimizzato SEO:
# Logger Puro - Windows 11 Keylogger & Activity Monitor for Penetration Testing
A lightweight PowerShell keylogger and activity monitoring tool for Windows 11 designed for ethical hacking, penetration testing, red team operations, and bug bounty hunting. Features keystroke logging, window tracking, and clipboard monitoring capabilities.
## ⚠️ Legal Disclaimer - Ethical Hacking Tool
This PowerShell keylogger is developed **exclusively for authorized penetration testing, security research, and educational purposes**.
**IMPORTANT - Ethical Use Only:**
- ✅ Authorized penetration testing and red team engagements
- ✅ Bug bounty programs (HackerOne, Bugcrowd, Intigriti)
- ✅ Cybersecurity research and EDR/XDR testing
- ✅ Incident response and forensic analysis
- ❌ Unauthorized use is illegal and punishable by law
- ❌ Author assumes no liability for misuse
## 🎯 Features - Offensive Security Tool
- **PowerShell Keylogger**: Keystroke capture using `GetAsyncKeyState` API without complex hooks
- **Window Activity Tracker**: Real-time active window monitoring with timestamps
- **Clipboard Logger**: Detects and logs clipboard content changes
- **Stealth Logging**: Plain-text output to `Documents\activity_log.txt`
- **Lightweight Design**: No complex C# compilation, pure Windows API calls
- **Low CPU Footprint**: 20ms polling delay for minimal system impact
- **EDR Evasion Testing**: Ideal for testing endpoint detection capabilities
## 🔍 Keywords & Use Cases
**Primary Keywords**: keylogger Windows 11, PowerShell keylogger, activity monitor, penetration testing tool, ethical hacking, keystroke logger, clipboard monitor, red team tool, offensive security
**Security Testing Scenarios**:
- Penetration testing and vulnerability assessment
- Red team exercises and adversary simulation
- Bug bounty hunting and security research
- EDR/XDR detection testing and bypass validation
- Incident response and malware behavior analysis
- OSINT and reconnaissance operations
- Security awareness training demonstrations
## 🔧 System Requirements
- Windows 11 (latest builds supported)
- PowerShell 5.1+ or PowerShell Core 7+
- Standard user privileges (no admin rights required)
- .NET Framework for clipboard monitoring
## 📦 Installation - Quick Setup
1. Clone the repository:
```bash
git clone https://github.com/theghostshinobi/pureWinKeylog
cd pureWinKeylog- Enable PowerShell script execution:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser- Run the keylogger:
.\keylogwin11.ps1# Start activity logging
.\Logger_Puro.ps1
# Background execution (stealth mode)
Start-Process powershell -WindowStyle Hidden -ArgumentList "-File .\Logger_Puro.ps1"C:\Users\[Username]\Documents\activity_log.txt
[WIN: Application Window Title | HH:mm:ss]
captured keystrokes and typed text
[CLIPBOARD]: copied clipboard content
[BACK]- Backspace key[TAB]- Tab key[DEL]- Delete key- A-Z letters (case-sensitive detection)
- 0-9 numeric keys
- Special characters (
.,,)
- Red Team Operations: APT simulation and advanced persistent threat modeling
- Bug Bounty Programs: Endpoint security testing on authorized platforms
- EDR/XDR Testing: Detection and response validation for security products
- Incident Response: Post-breach forensic analysis and compromise assessment
- Security Research: Behavioral analysis for machine learning security models
- Purple Team Exercises: Detection engineering and threat hunting practice
Test detection capabilities for:
- Windows API hooking and monitoring (
GetAsyncKeyState) - PowerShell execution telemetry and logging
- Suspicious file I/O patterns and log creation
- Behavioral analytics and anomaly detection
- Process monitoring and parent-child relationships
GetAsyncKeyState() // Keyboard state polling
GetForegroundWindow() // Active window handle retrieval
GetWindowText() // Window title extraction- Polling Loop: Continuous
while($true)with 20ms sleep intervals - State Management:
$LastWindowand$LastClipvariables prevent duplicates - File Operations:
[System.IO.File]::AppendAllText()for optimized I/O - Memory Efficient: Minimal footprint, no database or complex data structures
- Execute the PowerShell keylogger
- Switch between active windows
- Type text in various applications
- Copy content to clipboard
- Verify log output in
activity_log.txt
Validate your security controls can detect:
- Repeated
GetAsyncKeyStateAPI calls - Long-running PowerShell processes
- Suspicious file modifications in user directories
- Regular polling patterns with fixed intervals
Detection Indicators:
- High-frequency calls to
GetAsyncKeyStateWin32 API - PowerShell processes with abnormal runtime duration
- File creation/modification in
Documentsfolder with append operations - Regular timing patterns suggesting polling behavior
- Unsigned PowerShell scripts with suspicious API imports
Detection Queries (Sysmon/Splunk):
EventCode=1 Image="*powershell.exe" CommandLine="*GetAsyncKeyState*"
EventCode=11 TargetFilename="*activity_log.txt"
Evasion Techniques:
- PowerShell obfuscation and encoding
- Network exfiltration instead of local file logging
- Randomized timing (jitter) in polling intervals
- Process injection into legitimate applications
- AMSI bypass for script execution
- Direct syscall invocation bypassing API hooks
- Extended keycode support (F1-F12, arrow keys, multimedia)
- JSON/XML structured logging output
- AES-256 encryption for log files
- HTTP/HTTPS remote exfiltration capabilities
- Screenshot capture integration
- Process injection and DLL hollowing modules
- C2 framework compatibility (Cobalt Strike, Metasploit)
- Cross-platform support (PowerShell Core on Linux)
keylogger windows-11 powershell-keylogger activity-monitor penetration-testing ethical-hacking bug-bounty red-team offensive-security clipboard-logger keystroke-logging security-research edr-testing malware-analysis incident-response cybersecurity-tool windows-api hackerone bugcrowd intigriti
This penetration testing tool is released under the MIT License. See LICENSE file for details.
[Your Name]
- Ethical Hacker & Bug Bounty Hunter
- Platforms: HackerOne | Intigriti | Bugcrowd
- GitHub: @yourusername
- LinkedIn: [Your Profile]
- Twitter: [@yourhandle]
- Microsoft for comprehensive Win32 API documentation
- MITRE ATT&CK Framework for threat modeling techniques
- Italian cybersecurity community and researchers
- Open-source security tool contributors worldwide
- PowerSploit - PowerShell offensive framework
- Empire - Post-exploitation framework
- Invoke-Obfuscation - PowerShell obfuscation
- MITRE ATT&CK T1056.001 - Input Capture: Keylogging
- Keyword density elevata per termini come "keylogger", "penetration testing", "PowerShell", "ethical hacking"
- Tag SEO espliciti nella sezione dedicata
- Linking a progetti correlati per aumentare l'autorità
- Struttura H2/H3 ottimizzata per la scansione dei motori di ricerca
- Long-tail keywords come "PowerShell keylogger Windows 11"
- Contenuto tecnico approfondito per aumentare il tempo di permanenza
- Call-to-action per star/fork/contribute