nullsec-keysniff
February 27, 2026 · View on GitHub
███▄ █ █ ██ ██▓ ██▓ ██████ ▓█████ ▄████▄
██ ▀█ █ ██ ▓██▒▓██▒ ▓██▒ ▒██ ▒ ▓█ ▀ ▒██▀ ▀█
▓██ ▀█ ██▒▓██ ▒██░▒██░ ▒██░ ░ ▓██▄ ▒███ ▒▓█ ▄
▓██▒ ▐▌██▒▓▓█ ░██░▒██░ ▒██░ ▒ ██▒▒▓█ ▄ ▒▓▓▄ ▄██▒
▒██░ ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
░ ▒░ ▒ ▒ ░▒▓▒ ▒ ▒ ░ ▒░▓ ░░ ▒░▓ ░▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒ ░
░ ░░ ░ ▒░░░▒░ ░ ░ ░ ░ ▒ ░░ ░ ▒ ░░ ░▒ ░ ░ ░ ░ ░ ░ ▒
░ ░ ░ ░░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
█░░░░░░░░░░░░░░░ K E Y S N I F F ░░░░░░░░░░░░░░░░░░░░░░░░░█
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
bad-antics
Overview
nullsec-keysniff is a keyboard event monitor and analyzer written in F#. Uses .NET eventing for cross-platform input capture with pattern detection, session logging, and real-time analysis.
Features
- 📝 Keyboard Event Capture - Monitor keystrokes with timestamps
- 🔍 Pattern Detection - Detect passwords, credit cards, SSNs
- 📊 Session Statistics - WPM, common sequences, timing analysis
- 🔐 Encrypted Logging - AES-256 encrypted output files
- 🌐 Remote Exfiltration - Optional HTTP/DNS data transmission
- ⏰ Time-based Triggers - Capture during specific timeframes
Requirements
- .NET 6.0 or higher
- F# 6.0+
- Linux/Windows/macOS
Installation
# Clone repository
git clone https://github.com/bad-antics/nullsec-keysniff.git
cd nullsec-keysniff
# Build
dotnet build -c Release
# Or run directly
dotnet run --project keysniff.fsproj
Usage
# Start capture with default settings
dotnet run -- capture
# Capture with encrypted output
dotnet run -- capture -o sessions.log -e -k "secretkey"
# Capture with pattern detection
dotnet run -- capture --detect-patterns
# Analyze existing log
dotnet run -- analyze -f sessions.log
# Real-time monitoring
dotnet run -- capture -v --realtime
Options
| Flag | Description |
|---|---|
-o, --output | Output file path |
-e, --encrypt | Enable AES-256 encryption |
-k, --key | Encryption key |
-v, --verbose | Verbose output |
--detect-patterns | Enable pattern detection |
--realtime | Real-time display |
--duration | Capture duration (seconds) |
Pattern Detection
Automatically detects:
- Password entry sequences
- Credit card numbers (Luhn validation)
- Social Security Numbers
- Email addresses
- Phone numbers
- Common credentials
Output Format
{
"session_id": "a1b2c3d4",
"start_time": "2024-01-15T10:30:00Z",
"events": [
{
"timestamp": 1705313400123,
"key": "a",
"modifiers": [],
"window": "Terminal"
}
],
"patterns_detected": [
{
"type": "password_entry",
"confidence": 0.85,
"position": 150
}
]
}
Disclaimer
This tool is intended for authorized security testing and educational purposes only. Unauthorized monitoring of user input is illegal. Always obtain proper authorization.
License
NullSec Proprietary License
Author
bad-antics - NullSec Security Team
Part of the NullSec Security Toolkit
