{"id":15617886,"url":"https://github.com/alegrey91/harpoon","last_synced_at":"2025-04-05T03:04:04.920Z","repository":{"id":198872109,"uuid":"694335011","full_name":"alegrey91/harpoon","owner":"alegrey91","description":"🔍 Seccomp profiling and function-level tracing tool.","archived":false,"fork":false,"pushed_at":"2025-03-02T11:03:45.000Z","size":1254,"stargazers_count":151,"open_issues_count":10,"forks_count":8,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-04-02T03:52:57.316Z","etag":null,"topics":["devops","devsecops","devsecops-pipeline","ebpf","ebpf-programs","golang","hacktoberfest","hardening","seccomp","security-audit","security-tools","syscalls","system-calls"],"latest_commit_sha":null,"homepage":"https://alegrey91.github.io/harpoon/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alegrey91.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-20T19:42:52.000Z","updated_at":"2025-04-01T09:47:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"f813f81d-684d-419c-812a-ec007173cb46","html_url":"https://github.com/alegrey91/harpoon","commit_stats":null,"previous_names":["alegrey91/harpoon"],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alegrey91%2Fharpoon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alegrey91%2Fharpoon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alegrey91%2Fharpoon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alegrey91%2Fharpoon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alegrey91","download_url":"https://codeload.github.com/alegrey91/harpoon/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247280263,"owners_count":20912967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","devsecops","devsecops-pipeline","ebpf","ebpf-programs","golang","hacktoberfest","hardening","seccomp","security-audit","security-tools","syscalls","system-calls"],"created_at":"2024-10-03T08:00:51.059Z","updated_at":"2025-04-05T03:04:04.883Z","avatar_url":"https://github.com/alegrey91.png","language":"C","funding_links":[],"categories":["Projects Related to eBPF","Recently Updated","C"],"sub_categories":["Security","[Oct 03, 2024](/content/2024/10/03/README.md)"],"readme":"# Harpoon\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"harpoon.png\" alt=\"gopher\" width=\"200\"/\u003e\n\u003c/p\u003e\n\n**Harpoon** aims to capture the syscalls (as if they were fishes) from the execution flow (the river) of a single user-defined function.\n\n[![Awesome eBPF](https://awesome.re/badge.svg)](https://github.com/zoidyzoidzoid/awesome-ebpf?tab=readme-ov-file#security)\n\n## Introduction\n\nThis tool is designed to provide fine-grained visibility into the syscalls made by specific functions within a program. Unlike traditional system call tracing tools like `strace`, which capture all syscalls made during the entire program's execution, this project leverages the power of **eBPF** to pinpoint and monitor system calls exclusively within targeted functions.\n\n## Getting Started\n\nFirst of all, let's identify the symbol of the function you want to trace from the binary. Suppose you want to trace the function `doSomething()` present in the example program `./binary`. In order to get the symbol from the binary itself, you need to use the following command:\n\n```sh\nobjdump --syms ./binary | grep doSomething\n0000000000480720 g     F .text  0000000000000067 main.doSomething\n```\n\nSo, `main.doSomething` is the symbol of the function we want to trace using `harpoon`.\n\nThen, let's run `harpoon` to extract the syscalls from the function `main.doSomething`:\n\n```shell\nharpoon capture -f main.doSomething -- ./binary\nread\nsigaltstack\ngettid\nclose\nmmap\nfcntl\nwrite\nfutex\nopenat\nclone\ngetrlimit\n```\n\nThese are the syscalls that have been executed by the traced function!\n\n**Documentation:**\n\n* [Commands](docs/commands.md)\n* [Tutorials](docs/tutorials.md)\n\n## Installation\n\nTo install `harpoon` you currently have 2 options:\n\n### Download\n\nYou can easily download the latest release using the installation script:\n\n```sh\ncurl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo bash\n```\n\nAlternatively, if you want to customize your installation, use the following flags:\n\n```sh\ncurl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo bash -s -- --install-version v0.9 --install-dir ~/.local/bin/\n```\n\n(If your current version is `\u003c= v0.8.2`, remove it from `/usr/local/bin/` before installing the new one).\n\n### Build\n\nOr you can build `harpoon` manually by using the following steps:\n\nInstall dependencies (for Ubuntu):\n\n* `clang`\n* `libbpf-dev`\n* `libseccomp-dev`\n* `linux-tools-generic` (for `bpftool`)\n\nBuild the application:\n\n```sh\nmake build\n```\n\nAfter the build is completed, you can find the executable under the `bin/` directory.\n\n## Debugging\n\nIn case you want to run the application locally, I've provided the [`.vscode/launch.json`](.vscode/launch.json) file to easily debug the application with `root` privileges in `vscode`.\n\n## Talks\n\nI had the pleasure of speaking about `harpoon` at the following conferences:\n\n* [**GOLAB**](https://www.youtube.com/watch?v=A5A_Ll9o1Rc) (Nov 24)\n* [**Conf42**](https://www.youtube.com/watch?v=Z8IHOTlG3pM) (Apr 24)\n* [**FOSDEM**](https://fosdem.org/2024/schedule/event/fosdem-2024-1884-how-we-almost-secured-our-projects-by-writing-more-tests/) (Feb 24)\n\n## Adopters\n\nThis is a list of projects that are using `harpoon` for generating **Seccomp** profiles on their pipeline:\n\n* [**alegrey91/fwdctl**](https://github.com/alegrey91/fwdctl)\n* [**projectcapsule/capsule**](https://github.com/projectcapsule/capsule)\n\n## References\n\nI would like to point out that without the references mentioned below this project would never have come to life.\nAs a result, the code draws significant inspiration from the references listed here:\n\n* https://www.grant.pizza/blog/tracing-go-functions-with-ebpf-part-1/\n* https://itnext.io/seccomp-in-kubernetes-part-2-crafting-custom-seccomp-profiles-for-your-applications-c28c658f676e\n* https://github.com/containers/oci-seccomp-bpf-hook\n* https://sysdig.com/blog/ebpf-offensive-capabilities/\n* *Liz Rice. Learning eBPF, 173-176. O'Reilly, 2023*\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falegrey91%2Fharpoon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falegrey91%2Fharpoon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falegrey91%2Fharpoon/lists"}