Tamanoir

An eBPF keylogger with C2-based RCE payload delivery for educational purposes.

image for Tamanoir

Introduction

Tamanoir

Tamanoir is an eBPF-based keylogger designed for educational purposes, enabling the extraction of keystrokes via DNS queries. It consists of three main components:

eBPF Program: Runs on the target host, capturing keystrokes and sending them via DNS queries. The attacker can deliver RCE payloads through DNS responses.
Command & Control (C2) Server: Acts as a DNS proxy, injecting RCE payloads into DNS responses and managing reverse shell connections.
TUI Client: A terminal user interface client that communicates with the C2 server, built using Ratatui.

Key Features:

Educational Use: Developed for learning and research purposes.
Modular Architecture: Composed of distinct components for flexibility.
RCE Payload Delivery: Allows for remote code execution through DNS responses.

Benefits:

Hands-on Learning: Provides practical experience with eBPF and network security concepts.
Open Source: Available for modification and improvement by the community.

Highlights:

Built with modern Rust libraries like Aya, Tokio, and Tonic.
Supports Linux-based operating systems for deployment.

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

Tags

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

PINT Benchmark

A benchmark for prompt injection detection systems, providing a neutral way to evaluate their performance.

Prompt Injection Model Robustness Security Auditing

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1