A clean Rust rewrite of the original Go-based ZeroTrace Atlas. Built as an input-event telemetry suite for cybersecurity labs and defensive research in controlled environments.
Discontinued. Preserved for archival and research purposes only.
cargo build --release
.\target\release\rust-keylogger.exeNote: output is printed locally to stdout.
- Windows-only, Win32 API hooks for keyboard, mouse, clipboard, and window activity
- System and environment telemetry helpers (windows, monitors, memory, uptime, devices)
- VM/environment checks and hardware fingerprinting utilities
- Local-only output (no network transport, no web dashboard)
- Low-level keyboard hook for keypress capture (Unicode) and common special keys
- Clipboard event detection for copy/paste with clipboard text readback
- Low-level mouse hook with movement filtering and button/wheel events
- Active window change tracking with window title, PID, executable path, and window rect
- Monitor enumeration (device names, rects, primary flag) and virtual screen bounds
- System info helpers: architecture, memory stats, username, uptime, input device counts, and a hashed machine identifier
- UAC/admin check helper
- Startup persistence helper (copies executable to the user Startup folder)
- VM/environment checks for VMware, VirtualBox, and Windows Sandbox
- Wallpaper-based triage/environment signature check
- Hardware serial collection via WMIC (baseboard, disk, BIOS, CPU, keyboards, mice, monitors)
Note: several helpers are present as modules and are not wired into src\main.rs by default.
- Uses the Win32 API for low-level hooks and system calls:
https://learn.microsoft.com/en-us/windows/win32/api/
- VM detection logic is based on the earlier Go implementation, which still works across common VMs:
https://github.com/9dl/goware
- This version only prints output locally.
- The original web dashboard features are not included and will not be released.
- No data collection, remote transport, or web services are provided.
- Persistence behavior is disabled in this public release.
- The Rust rewrite was built by going through the Go project file-by-file to carry over features.
- Some VM detection and other simple checks may not work as expected; I did not fully test them.
Use only in authorized, controlled environments for defensive research, testing, and training. Do not use for covert monitoring or on systems you do not own or have explicit permission to test.
This project is licensed under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) license. See LICENSE for details.
The original Go version (ZeroTrace Atlas) was sold and is no longer maintained.
