NetBull - Keylogger User Manual


NetBull keylogger is a portable (standalone) program designed to run without being installed in the classic way (by running a setup or installer file), it runs from wherever you place it. Basically there are 2 parts to the software, "NetBull.exe" (the main program) and "module.exe" file (the actual keylogger). From the main NetBull program you have to build a "module" (see "Build Module" button) with the settings you want (email log delivery etc.) and that "module" must be run/doubleclicked on the computer you want to monitor.

So, to install the keylogger you have to doubleclick/run the "module" file (it's not enough to only build it) on the computer you want to monitor. After doubleclicking/running the "module" file, the keylogger is auto-copying in the system and runs from there in stealth mode.

NetBull keylogger can be installed on any computer running Windows 2k/XP/VISTA/Windows 7/Windows 8/Windows 10 (32-bit and 64-bit versions).

General Options


The "module" icon can be set to any of the icons included in NetBull or another icon of your choice. The icons included in NetBull are small (16x16px and 32x32px and 256 color depth), so it could be a good idea to use a bigger icon. Sometimes a big icon (more than 100kb) will be likely to lower the keylogger detection probability.

On the "General Options" panel you are able to set the name for the "module" (the name used when the keylogger is installed in the system). The "module" is always saved as "module.exe", the chosen name will be used only when the leylogger is installed.

The easiest way to uninstall the keylogger is with a hotkey (the default is CTRL-ALT-F5). You have the option to not use any hotkey and in that case you have to manually locate and delete the keylogger file.

The "module" can be configured to be active only after the system restart or after a specified time. These "delays" can be useful under specific circumstances, by example if you want to bypass a firewall.

The "Default Settings" button will restore all the settings to NetBull default values.

↑ top of page

Logs Delivery

Keylogger Logs

The logs/reports can be delivered by email or by FTP. The log delivery feature can work with different email/FTP providers, you don't need to purchase email/FTP accounts from us, but you should know the paid-for accounts are more reliable than the free ones.

NetBull is able to use SSL (Secure Sockets Layer - a protocol that provides secure message transmission on the Internet) for the outgoing emails. SMTP protocol typically uses port 465 for SSL connections and ports 587 and 25 for non SSL ones. The most important thing is the email address on "Send Email From" and the SMTP. If those are working fine you can receive the logs to almost any email address (Gmail, Outlook etc.). Our suggestion is not to use a free email account on "Send Email From", the logs will be lost. The best option for log delivery is to use a paid-for email account (on "Send Email From"). Of course, not all the paid accounts will work fine, it depends on the way the accounts are configured.

After configuring the email/FTP settings, do not forget to check the corresponding "enable" option.

The encryption option should be used only in the case your account can be accessed by other people and you want to protect the logs.

↑ top of page

Monitoring Options

Keylogger Monitoring Settings

On the "Monitoring Options" panel you're able to adjust the keylogger monitoring and also to configure how often the logs are sent.

The "clean log" option will remove some potentially unwanted keys (CTRl, SHIFT etc.) from the log and make it more readable.

The "smart keylogger" feature applies the BACKSPACE key to the captured text and this also makes a more readable log.

NetBull is more than a simple keylogger and is able to find the usernames and passwords stored in browsers (Firefox, Internet Explorer, Gogole Chrome, Opera, Safari) and programs like GoogleTalk, Outlook, Windows Live Messenger.

If the option to "include passwords stored in browsers" is checked, the keylogger will include the found usernames/passwords at the start of the log (in the 1st log in a boot session). NetBull can also include in the logs the visited websites history (for Internet Explorer) and the messenger conversations.

↑ top of page

Extra Options

Keylogger Options

The "module" overwriting option allows a 2nd "module" to install over the existing running "module".

The "melting" option will make the "module" delete itself during the installation.

A fully configurable warning window can be displayed at the keylogger run (in this way the user being aware that its activity will be monitored).

The keylogger "module" can be configured to uninstall itself after sending a number of logs. Another possibility for uninstallation is to configure the "module" to check a URL address (if the file from that URL exists the "module" is uninstalling).

NetBull keylogger can be configured to restrict the monitored user access to websites and programs. By clicking the corresponding "Configure" button you'll have the option to set the filters you want.

The "Keylogger filter" option could be handy but needs to be used carefully. If the filters are set, the keylogger will monitor only the windows (websites, programs) that have a keyword in the caption.

↑ top of page


NetBull keylogger is working fine with the most up-to-date security implemented in Windows 10. While running the keylogger, there's no prompt from UAC (User Account Control), DEP (Data Execution Prevention), built-in Windows firewall and Windows Defender.

More than that, we guarantee the full version of the keylogger is undetectable when scanned with Norton AV, Avira, McAfee, Avast and AVG.

↑ top of page