Scheduled keylogger


I need a keylogger script that knows the schedule.

I want to save all the data entered and copied from the keyboard.

To give an example. Let the keylogger run for an hour. After an hour, let him save the data he received in a txt file. While doing this recording, the name of the txt file should be the date of that day.

There should be no limit on the keylogger’s runtime. It shouldn’t be less than twelve hours.

The language of our country is Turkish. When saving the data taken from the keyboard, it should also properly save Turkish characters.
Like [ç, ğ, ı, ö, ş, ü]

Can you help about this topic

I wish you good work

Hi @hguler07,

Thanks for your script request. We have asked our script developers to check and provide feedback.

Kind Regards,

Hi hguler07,

Please try this script prepared by our script developers and provide your feedback

Kind Regards,

Hello ,

Yes, I am reviewing the scripts you have written. I’ve seen this sharing before, I’ve tried it and I’ve seen it doesn’t work. That’s why I made a separate request.

I’m running the script file. It says successful, but I cannot find the file “C: \ ProgramData \ keylogger.txt”) keyglogger.txt at the specified file path.

I don’t know how long this script has been recording. If we can determine the period of registration, can you tell me how to do this.

But as I said, I’m testing it on myself. Keylogger.txt file does not occur. Can you help me with this.

I am attaching the relevant screenshots

Hi @hguler07,

We have shared your request to our script developers to provide their input, will update you here.

Kind Regards,

Hello @hguler07

I have a similar script I have updated and used. You or anyone else is welcome to use it if it will work for your needs

Script Run-Keylogger
This procedure runs a powershell script that logs keys pressed and outputs to a txt file for a duration defined by the timeout variable

Configurable Variables

  • Timeoutminutes. By default, no timeout is set (or set to 0) therefore logging will run indefinitely. Caution should be used when not applying a timeout and its not recommended, even if just setting it to a high number (like a full day) is better. I am unsure how ITSM handles a script running indefinitely and if it will cancel it
  • Logfolder. By default if you dont configure a log folder path (or set to 0), it will use the current environment temp folder (Ex: C:\Users\CURRENTUSER\AppData\Local\Temp\). Note, you must include the trailing \ at the end of the path if specified
  • LogFileName By default if you don't configure a log file name (or set it to 0), it will use the name "COMPUTERNAME-CURRENTDATETIME-keylog.log" where COMPUTERNAME is the current computer the script is run on and CURRENTDATETIME is the current date and time the script was run
How to setup and use
  • Download the procedure: temporarily removed until better security can be implemented for the output
  • Import the procedure under Configuration Templates - Procedures - Import Procedure
  • Configure the default parameters for the procedure from the Parameters tab of the script. You can set this up at run-time if desired. The parameters are explained above.
  • There is nothing configured specifically to capture Turkish characters and I have not tested it in any other language other than English. It may or may not work for you, will need to be tested
  • I have set the default parameters for a timeout of 60 minutes as a test. You can set this to however long you like or set it to 0 to unlimited
  • The default logfolder is set to the current environment temp folder. If run as user this will be (Ex: C:\Users\CURRENTUSER\AppData\Local\Temp\). Any valid UNC path can be used
  • Run the script as logged on user.
  • If a user logs out or the machines is rebooted, the script will cancel. To keep it always running, I could see maybe setting up a monitor for windows logins and then kicks off the script when detected.
I hope this is helpful is anyway. Perhaps the script team can expand or improve on it. If you have any questions on how to use it, please let me know.


Hello @eztech

Thank you so much for your time and help.
I am also very grateful for you to explain it in such a simple and detailed way.

I tried the code you shared immediately as soon as I started working today.

I can’t find a word to say. This is exactly what I want. The code works great.

There is no problem with Turkish characters, it records them too. Health in your hands. Everything you get your heart desires <3

Hello everyone,

It might be a security concern the fact that the keylogger stores the text in plain text format. I wonder if maybe it could be somehow obfuscated or scrambled. For example, it could call the certutil app to encode the keylogger file in base64, which is not a very strong obfuscation but at least avoids showing sensitive data in plain text.

What do you think?

– Javier Llorente
Endpoint Security - Devoteam