Tamanoir

Tamanoir

Tamanoir is an eBPF-based keylogger designed for educational purposes, enabling the extraction of keystrokes via DNS queries. It consists of three main components:

1. eBPF Program: Runs on the target host, capturing keystrokes and sending them via DNS queries. The attacker can deliver RCE payloads through DNS responses.
2. Command & Control (C2) Server: Acts as a DNS proxy, injecting RCE payloads into DNS responses and managing reverse shell connections.
3. TUI Client: A terminal user interface client that communicates with the C2 server, built using Ratatui.

Key Features:

• Educational Use: Developed for learning and research purposes.
• Modular Architecture: Composed of distinct components for flexibility.
• RCE Payload Delivery: Allows for remote code execution through DNS responses.

Benefits:

• Hands-on Learning: Provides practical experience with eBPF and network security concepts.
• Open Source: Available for modification and improvement by the community.

Highlights:

• Built with modern Rust libraries like Aya, Tokio, and Tonic.
• Supports Linux-based operating systems for deployment.