pty-capture

This module combines QEMU virtual HID keystroke injection with raw terminal byte capture in the guest, outputting a hex dump of captured PTY/HID-delivered bytes over SSH. While the shown fragment lacks explicit malware indicators like external C2/persistence/obfuscated execution, its keystroke/terminal capture capability is strongly dual-use and could be repurposed for keylogging or sensitive input harvesting if pointed at real interactive sessions. Treat as a security-sensitive, potentially abuse-prone component pending review of the surrounding automation/orchestration code and intended test boundaries.