Signal Keylogger

Overview

Signal Keylogger is a security research tool that demonstrates the principles behind endpoint monitoring and threat detection. Built entirely in Python, the application injects a background monitoring agent onto a target system that silently captures keystrokes and system activity, then streams that data in real time over an encrypted SSL/TLS socket to a PyQt5-powered command-and-control dashboard.

The project is structured as a client-server architecture where the agent module runs on the monitored machine and the dashboard operates on a separate host. A dedicated listener thread on the server side handles incoming connections concurrently, allowing multiple agents to report simultaneously without blocking the UI. All data in transit is wrapped in TLS to simulate secure C2 communication patterns studied in offensive security research.

This project was built to deepen hands-on understanding of network socket programming, multi-threaded Python applications, and the interplay between offensive techniques and the defensive detection strategies that counter them. It serves as a practical complement to coursework in cyber threat intelligence.

Key Features

• Real-time keystroke capture and remote streaming
• PyQt5 live monitoring dashboard
• SSL/TLS encrypted C2 communication channel
• Multi-threaded server handles concurrent agents
• Injectable agent module with background persistence
• System activity and clipboard monitoring
• Python socket-level networking (no external C2 framework)
• Graceful connection/disconnection handling

Screenshot