Detect keyloggers, rootkits, input hooks, clipboard hijackers, screen capture tools, DLL/.so injection, BadUSB devices, network exfiltration, and persistence mechanisms.
π Quick Start β’ π Web GUI β’ π Detectors β’ π Docs β’ π€ Contributing
# Clone the repository
git clone https://github.com/michaelgregoryibizugbe/KEY-SHIELD.git
cd keyshield
# Automated Professional Setup
python3 -m venv venv
./venv/bin/pip install -e .
# Optional: Create global command (Linux/macOS)
sudo ln -sf $(pwd)/kshield /usr/local/bin/kshield# Professional Global Command
sudo kshield scan
# Or via local wrapper
sudo ./kshield scanLaunch the high-end Command Center dashboard:
sudo kshield web- Interactive Dashboard: Real-time system analytics.
- SSE Progress: Watch detectors work in real-time.
- Rule Management: Manage whitelists and profiles directly.
# Full standard scan
sudo kshield scan
# Quick optimized scan
sudo kshield scan --quick
# Change scan profile
sudo kshield scan --profile paranoid
# Continuous background monitoring
sudo kshield monitor --interval 60KeyShield includes 12 specialized detectors:
| Category | Detectors |
|---|---|
| Input | Keylogger, Hook, Clipboard, USB HID |
| System | Process, Persistence, Memory, Kernel Module, Scheduled Task |
| Data | Network Exfil, Screen Capture, DLL/SO Injection |
KeyShield automatically manages a persistent configuration in your home directory:
~/.keyshield/config.json
You can manage the Process Exclusion List (Whitelist) and Scan Profiles via the Web UI or by editing the JSON file directly.
- Always use
sudo: KeyShield requires root privileges to audit system-owned processes and kernel modules. - False Positive Filtering: v3.0 automatically filters ~95% of common Linux noise (kernel threads, browser sandboxes).
- Reports: All scan reports are saved to
~/.keyshield/reports/in JSON, TXT, and CSV formats.
Made with π‘οΈ by the KeyShield Project