Surveillance Tools


Surveillance Tools captures and sends to a server a user’s keystrokes, files, system information and directory structures. It consists of a keylogger, Windows Service, and Node.js server.

I built this project for educational reasons: to learn new technologies and develop something technically challenging. Typically, I make my projects open-sourced for anybody to download and use. However, because Surveillance Tools can be abused to harm others, I decided to place it in a private repository. This page provides an overview of its features

Technical Components

Surveillance Tools consists of a server and two clients. The clients send data to the server and polls the server for instructions (eg, which files to send, how frequently to send data).


  • Built with Node.js, MongoDB, React, and HTML/CSS/Bootstrap/jQuery. Deployed on Heroku and integrates with mLab and S3
  • Contains dashboards to view settings associated with each client and to input new instructions
  • Stores data and files sent from clients to S3
  • Dashboards require login credentials and client requests must contain valid Basic Authentication credentials

Client 1: Windows Service (requires Admin access)

  • A Windows Service built with C# that initially sends to the server the non-recursive directory structure of the user’s Desktop, Documents, Downloads, Music, and Pictures directories
  • Polls server for instructions, such as which other directory structures or which files to send (eg, pdf, jpeg, mp3)
  • Stores settings in Windows Registry
To install the service:
  1. Build the project and in Developer Command Prompt (Admin mode), run $installutil serviceName.exe. To uninstall, run $installutil /u serviceName.exe
  2. In Services (Admin mode), might need to set the installed service to run as a Local System account (Properties -> Log on -> check Local System account)

Client 2: Keylogger

  • A keylogger built with C#/C++ that runs on a background process. It consists of two threads: one attaches a global keyboard hook that writes captured keystrokes and names of foreground applications to a specified file; the other contains a state machine that determines when to send captured data to server and handles networking exceptions. The first time this program is run, it sends to server the computer’s information (eg, name, # of cores, model)
  • Polls server for instructions, such as how long to pause capturing data, new URL to send captured data to, and how frequently to send captured data
  • Stores settings in either a local file or Windows Registry