Uncategorized
- SeeFlowerX/estrace - 基于eBPF的syscall追踪工具,适用于安卓平台
- aliyun/coolbpf - coolbpf's target is to build a platform for libbpf compile collection
- feicong/android_ebpf - android ebpf dev tools and notes
- iovisor/bcc - Tools for BPF-based Linux IO analysis, networking, monitoring, and more - 12.9K star,有python binding,可以直接编译C代码
- aquasecurity/btfhub - This is a Proof-of-Concept to keep a kernel BTF repository allowing portable eBPF objects to be portable in old environments (kernels not supporting BTF in sysfs)
- cloudflare/bpftools - BPF Tools - packet analyst toolkit - 2019停更
- Microsoft/ebpf-for-windows - eBPF implementation that runs on top of Windows
- pathtofile/bad-bpf - A collection of eBPF programs demonstrating bad behavior
- iovisor/bpftrace - High-level tracing language for Linux eBPF - 4.4K star
- pathtofile/bpf-hookdetect - Dectect syscall hooking using eBPF
Network
- Macr0phag3/toast - 通过 ebpf(bcc) 在 TCP 包中插入 TOA,实现任意 TOA 伪造
- alessandrod/snuffy - Snuffy is a simple command line tool to inspect SSL/TLS data
- ehids/ecapture - capture SSL/TLS text content without CA cert using eBPF
Monitoring
- ehids/ecapture - eBPF HOOK uprobe实现的各种用户态进程的数据捕获,无需改动原程序
- hardenedvault/ved-ebpf - VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF - demo阶段,非通用模块
- Gui774ume/krie - Linux Kernel Runtime Integrity with eBPF - 框架可以参考,功能比较鸡肋
- chaitin/systracer - SysTracer: Linux 系统活动跟踪器
Backdoor
- bfengj/eBPFeXPLOIT - Exploit tool implemented using ebpf
- Esonhugh/sshd_backdoor - /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook
- citronneur/pamspy - Credentials Dumper for Linux using eBPF
- h3xduck/TripleCross - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities
- kris-nova/boopkit - Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin - 使用eBPF监听TCP校验和错误信息,作为后门触发条件
Resources