White Hat Institute

Spying your targets using (s)AINT keylogger

A keylogger (keystroke logging) is a kind of reconnaissance tool that, once introduced on a framework, can record each keystroke made on that framework. The recording is saved in a log document, usually encoded. A keylogger can record texts, email, and capture any data you type whenever utilizing your keyboard, including passwords, usernames, and other personally identifiable information. The log record made by the keylogger would then be able to be sent to a predefined receiver. Some keylogger software will likewise record any email addresses you use and the URLs of any sites you visit.

Authentic programs may have a keylogging capacity that can be utilized to call certain program functions using “hotkeys” or to toggle between keyboard formats. There is a great deal of authentic programming that is intended to enable administrators to monitor what employees do for the day or to allow clients to track the activity of third parties on their PCs. In any case, the moral limit between defended monitoring and surveillance is a barely recognizable difference. Original programming is regularly utilized purposely to steal secret client data, like passwords, usernames, personal information, and so on.



(s)AINT is a Linux-based Spyware Generator for a Windows system written in Java. This tool can generate keyloggers that take screenshots, capture webcam feeds, log every keystroke, and send everything via email to an attacker. Also, all generated keyloggers can be run on the target computer in persistence mode.

To download (s)AINT, visit the GitHub page https://github.com/tiagorlampert/sAINT and copy the downloadable link.


Use the “git clone” command to add it to your “/opt” directory.

Ex([email protected]:/opt# git clone https://github.com/tiagorlampert/sAINT.git).

keylogger 2

Next, we need to install some dependencies like Maven and JDK 8 package.

Ex: ([email protected]:/opt/sAINT# apt install maven default-jdk default-jre openjdk-8-jdk openjdk-8-jre –y).

keylogger 3

To generate “.EXE” files using “launch4j” it is necessary to install the following packages.

Ex: ([email protected]:/opt/sAINT# apt install zlib1g-dev libncurses5-dev lib32z1 lib32ncurses6 –y).

keylogger 4

Lastly, we need to install and configure Maven libraries using the following commands.

Ex: ([email protected]:/opt/sAINT# chmod +x configure.sh), and ([email protected]:/opt/sAINT# ./configure.sh).

keylogger 5

To start (s)AINT, just run ([email protected]:/opt/sAINT# java -jar sAINT.jar). Once you start the program, it will present you with a welcome page. Press “Enter” to continue for the next step where it asks you to edit some options.

For the “Enter your E-mail:” option — add your email address to receive logs and screenshots via email. For the “Enter your Password:” option — specify the password of your email account. If you want to receive a screenshot, you need to enable the “Enable Screenshot (Y/n):” option. If you wish to receive webcam feeds, you need to enable the “Enable Webcam (Y/n):” option. To make your keylogger run in persistence mode, you need to enable the “Enable Persistence (Y/n):” option. Finally, provide the maximum number of captured characters that need to be sent via E-mail.

Once everything is correct, the (s)AINT will generate a keylogger and save it in the “/sAINT/target/” directory.

keylogger 6
keylogger 7

Note: Allow access to less secure apps on your Gmail account by visiting the https://www.google.com/settings/security/lesssecureapps page.

keylogger 8

Now let’s move the keylogger to our web server so we can deliver it to the target computer very quickly.

Ex: ([email protected]:/opt/sAINT/target# mv saint-1.0-jar-with-dependencies.jar /var/www/html/Evil-Files/),

([email protected]:/opt/sAINT/target# mv saint-1.0-jar-with-dependencies.exe /var/www/html/Evil-Files/).

keylogger 9

Go to the target computer, download the keylogger, and run the application.

keylogger 10

Before executing this keylogger, make sure that the target computer runs “java SE runtime environment version 8.” If the target computer doesn’t have java version 8, don’t worry; when the file is executed, the program will prompt the victim to the official java webpage asking to download java version 8 for free. Once everything is complete, the (s)AINT will send an email report to an attacker every few minutes with captured key strobes, screenshots, and webcam feeds, as it is shown in the images below.

keylogger 11
keylogger 12
keylogger 13