Read through keyextract.pl to see how it works, but here is a short description. A database of words (keydd.db) is imported and the output of a keylogger (../xtrapdei-0.2/xtrapdei) is parsed as to extract features for any of the words in the databased. A circular buffer (size=max word length in database) is kept and when a word matches the features are printed out. If you have a word that is a sub-word of another, the features of both are printed out (i.e., it's not just a greedy search). The default features are: total duration, Press(i+1)-Press(i), Release(i+1)-Release(i), Press(i+1)-Release(i), Release(i)-Press(i), but you can modify xFeatures.pm to add any features you want; I wrote the code so that such modifications can be easily integrated. I would suggest using this with xtrapdei, but you can use it with any other keylogger. Note, however, that the expected output of the keylogger is: [Window=$string|Event=$keyevent|type=$d|keycode=$d|keysym=$d|char=$char|screen=$d|rootXY=($x,$y)|root=$d|state=$d|time=$t]] Where: $string is a string. $d is a number. $keyevent is a string: 'KeyPress' or 'KeyRelease'. $char is the character pressed/released. $x x-position of mouse. $x y-position of mouse. $t is the time. =================================================================================== EXAMPLE ./keyextract.pl -t example_output -d keydd.db -kl ../xtrapdei-0.2/xtrapdei =================================================================================== Database (keydd.db): =================================================================================== http:// http://www http://www. http://www.google.com google google.com dimacs deianstefan DIMACS rutgers cooper danfeng yahoo.com mail.google.com https://mail.google.com http://gmail.com https://dimax.rutgers.edu https://dimax.rutgers.edu/REU =================================================================================== Typed input: =================================================================================== deianstefan DIMACS danfeng cooper rutgers https://mail.google.com...................................... =================================================================================== Output of extractor: =================================================================================== @word=deianstefan|window=xterm:XTerm|PP=88,64,200,80,88,112,80,120,96,72|PR=-40,-96,64,-16,-40,40,-48,-24,-64,-72|RR=120,40,160,112,32,168,96,136,80,80|duration=128,160,136,96,128,72,128,144,160,144,152|total=1152 @word=DIMACS|window=xterm:XTerm|PP=112,104,72,176,160|PR=-24,-112,-80,64,48|RR=192,40,32,176,176|duration=136,216,152,112,112,128|total=752 @word=danfeng|window=xterm:XTerm|PP=96,176,136,104,104,120|PR=-80,16,-16,-24,-24,-32|RR=80,168,112,104,128,112|duration=176,160,152,128,128,152,144|total=880 @word=cooper|window=xterm:XTerm|PP=136,176,56,80,120|PR=-24,104,-96,-96,-104|RR=48,256,80,128,104|duration=160,72,152,176,224,208|total=776 @word=rutgers|window=xterm:XTerm|PP=96,144,240,144,88,208|PR=-24,-16,120,32,-64,72|RR=136,104,232,184,72,184|duration=120,160,120,112,152,136,112|total=1032 @word=https://mail.google.com|window=xterm:XTerm|PP=80,160,112,152,760,200,184,200,144,48,80,192,128,168,128,136,96,112,72,120,112,80|PR=-40,88,-8,8,648,112,104,104,40,-96,-72,88,8,56,88,40,-24,24,-72,24,-40,-88|RR=32,208,136,120,736,192,200,208,184,56,32,208,120,96,184,160,64,168,24,176,128,56|duration=120,72,120,144,112,88,80,96,104,144,152,104,120,112,40,96,120,88,144,96,152,168,144|total=3608 ===================================================================================