eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-02-15 00:09:18 UTC
- JSON Representation
https://github.com/kubernetes-sigs/blixt
Layer 4 Kubernetes load-balancer
ebpf gateway golang kubernetes operator rust
Last synced: 15 May 2025
https://github.com/coroot/coroot-node-agent
A Prometheus exporter based on eBPF that gathers comprehensive container metrics
ebpf logs monitoring network-metrics node-metrics observability prometheus prometheus-exporter prometheus-metrics
Last synced: 30 Jan 2026
https://github.com/digma-ai/digma
🧑💻🔭 Digma helps you fix performance issues in your code by automatically profiling the code execution. Using APMs to identify code bottlenecks, query problems and scalability issues takes time and effort - Digma automates all of that. Digma is free for developers - get it here: https://digma.ai/get-digma/
csharp developer-tools devops dotnet ebpf ebpf-programs intellisense jaeger observability opentelemetry python tracing
Last synced: 16 May 2025
https://github.com/YutaroHayakawa/ipftrace2
A packet oriented Linux kernel function call tracer
bpf ebpf linux-kernel network tracing
Last synced: 11 Jul 2025
https://github.com/mechpen/sockdump
Dump unix domain socket traffic with bpf
bcc ebpf packet-capture tcpdump unix-domain-socket
Last synced: 24 Oct 2025
https://github.com/ntop/libebpfflow
Container traffic visibility library based on eBPF
containers docker ebpf kubernetes linux netflow traffic-monitoring
Last synced: 06 Apr 2025
https://github.com/open-telemetry/opentelemetry-network
eBPF Collector
ebpf open-telemetry opentelemetry
Last synced: 16 May 2025
https://github.com/esonhugh/sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
backdoor ebpf offensive-security
Last synced: 07 Apr 2025
https://github.com/gojue/ebpfmanager
A golang ebpf libary based on cilium/ebpf and datadog/ebpf.
Last synced: 08 Apr 2025
https://github.com/aquasecurity/btfhub
BTFhub, in collaboration with the BTFhub Archive repository, supplies BTF files for all published kernels that lack native support for embedded BTF. This joint effort ensures that even kernels without built-in BTF support can effectively leverage the benefits of eBPF programs, promoting compatibility across various kernel versions.
Last synced: 05 Apr 2025
https://github.com/Esonhugh/sshd_backdoor
/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
backdoor ebpf offensive-security
Last synced: 11 Jul 2025
https://github.com/DualHorizon/blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
ebpf hypervisor linux-rootkit rootkit
Last synced: 11 Jun 2025
https://github.com/epickrram/grav
Performance visualisation tools
ebpf flamegraph monitoring observability performance
Last synced: 09 Apr 2025
https://github.com/odigos-io/opentelemetry-go-instrumentation
OpenTelemetry auto-instrumentation for Go applications
ebpf go golang kubernetes observability opentelemetry
Last synced: 06 Apr 2025
https://github.com/chriskalix/hades
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
agent ebpf ebpf-programs ebpf-sec golang hids libbpf linux netlink runtime-security rust security
Last synced: 16 May 2025
https://github.com/lac-dcc/honey-potion
Writing eBPF programs with Elixir!
bpf bpftool c clang compiler compiler-construction compiler-design compilers ebpf elixir elixir-lang elixir-library framework libbpf linux linux-kernel metaprogramming network-monitoring optimizer tracing
Last synced: 16 Jan 2026
https://github.com/chriskaliX/Hades
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
agent ebpf ebpf-programs ebpf-sec golang hids libbpf linux netlink runtime-security rust security
Last synced: 11 Jul 2025
https://github.com/clouddetail/apo
APO is a comprehensive observability platform combining OpenTelemetry with eBPF. Leveraging LLM to enable automated analysis and troubleshooting 🚀.
apm ebpf logs metrics microservice monitoring observability opentelemetry tracing
Last synced: 16 May 2025
https://github.com/dualhorizon/blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
ebpf hypervisor linux-rootkit rootkit
Last synced: 12 Apr 2025
https://github.com/falcosecurity/libs
libsinsp, libscap, the kernel module driver, and the eBPF driver sources
ebpf falco-drivers kmod libscap libsinsp
Last synced: 15 May 2025
https://github.com/OpenCloudOS/nettrace
nettrace is a eBPF-based tool to trace network packet and diagnose network problem.
Last synced: 06 Mar 2025
https://github.com/mehrdadrad/tcpdog
eBPF based TCP observability.
bpf ebpf linux monitoring observability socket tcp tool
Last synced: 15 Jun 2025
https://github.com/furkanonder/beetrace
Trace your python process line by line with eBPF!
Last synced: 06 Apr 2025
https://github.com/newtools/ebpf
eBPF Utilities, Maps, and more
ebpf ebpf-opcode linux network-programming security-tools tracing
Last synced: 10 May 2025
https://github.com/yadutaf/tracepkt
Trace a ping packet journey across network interfaces and namespace on recent Linux. Supports IPv4 and IPv6.
Last synced: 11 May 2025
https://github.com/CloudDetail/apo
APO is a one-stop observability platform combining OpenTelemetry with eBPF. Leveraging LLM capabilities to enable auto-pilot analyzing and troubleshooting 🚀.
apm ebpf logs metrics microservice monitoring observability opentelemetry tracing
Last synced: 13 Oct 2025
https://github.com/avilum/secimport
The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now.
3rd-party bpftrace dtrace ebpf import linux profiling python rce sandbox seccomp security security-tools tracing
Last synced: 16 May 2025
https://github.com/apache/skywalking-rover
Monitor and profiler powered by eBPF to monitor network traffic, and diagnose CPU and network performance.
apm ebpf network observability profile service-mesh skywalking
Last synced: 15 May 2025
https://github.com/lockc-project/lockc
Making containers more secure with eBPF and Linux Security Modules (LSM)
containers ebpf kubernetes lsm lsm-hooks security
Last synced: 03 Apr 2025
https://github.com/gojue/ecaptureQ
A cross-platform GUI for ecapture built with Tauri, enabling eBPF-based, non-intrusive TLS inspection on Linux & Android, with remote clients for Windows, macOS, and Linux.
android android-https-capture cross-platform-gui ebpf linux network-capture rust tauri tauri2
Last synced: 15 Jan 2026
https://github.com/pixie-io/pixie-demos
Demos for Pixie: github.com/pixie-io/pixie
cncf demo ebpf linux-foundation pixie
Last synced: 23 Mar 2025
https://github.com/navarrothiago/upf-bpf
An In-Kernel Solution Based on eBPF / XDP for 5G UPF
3gpp 5g 5g-core 5g-core-network 5gc bpf cmake co-re ebpf flex trex-engine trex-traffic-generator upf
Last synced: 25 Oct 2025
https://github.com/gamemann/xdp-proxy
A stateless, high-performance NAT-like proxy that attaches to the XDP hook in the Linux kernel using (e)BPF for fast packet processing. This proxy forwards packets based on configurable rules and performs source-port mapping, similar to IPTables and NFTables.
bpf drv ebpf forwarding icmp kernel l3 layer3 layer4 linux linux-kernel mapping nat processing proxy routing sourceport tcp udp xdp
Last synced: 04 Apr 2025
https://github.com/gamemann/XDP-Proxy
A stateless, high-performance NAT-like proxy that attaches to the XDP hook in the Linux kernel using (e)BPF for fast packet processing. This proxy forwards packets based on configurable rules and performs source-port mapping, similar to IPTables and NFTables.
bpf drv ebpf forwarding icmp kernel l3 layer3 layer4 linux linux-kernel mapping nat processing proxy routing sourceport tcp udp xdp
Last synced: 16 Mar 2025
https://github.com/vmware-archive/p4c-xdp
Backend for the P4 compiler targeting XDP
Last synced: 22 Apr 2025
https://github.com/furkanonder/dnstrace
Monitor DNS queries by host processes using eBPF!
bcc bpf dns ebpf ebpf-programs
Last synced: 12 Apr 2025
https://github.com/sginnora/sharpeye
SharpEye: Advanced Linux Intrusion Detection and Threat Hunting System
anomaly-detection cloud-native cryptominer-detection cybersecurity ebpf golang ids intrusion-detection kubernetes linux machine-learning monitoring python rootkit-detection security sigma-rules threat-hunting
Last synced: 19 Jan 2026
https://github.com/furkanonder/DnsTrace
Monitor DNS queries by host processes using eBPF!
bcc bpf dns ebpf ebpf-programs
Last synced: 21 Oct 2025
https://github.com/packetd/packetd
🚀 packetd is a eBPF-powered network traffic capture and analysis project.
ebpf golang netwrok observability
Last synced: 10 Aug 2025
https://github.com/mozillazg/hello-libbpfgo
Examples for libbpf, aquasecurity/libbpfgo and cilium/ebpf
Last synced: 05 Apr 2025
https://github.com/tricorder-observability/Starship
Starship: next-generation Observability platform built with eBPF+WASM
ebpf observability opentelemetry prometheus wasm webassembly
Last synced: 11 Mar 2025
https://github.com/tricorder-observability/starship
Starship: next-generation Observability platform built with eBPF+WASM
ebpf observability opentelemetry prometheus wasm webassembly
Last synced: 03 Sep 2025
https://github.com/ddddddo/packemon
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
ebpf linux network network-programming networking observability packet packet-analyzer packet-generator packet-monitoring pcap penetration-testing pentesting protocol routing-protocols security socket-programming sockets system-programming
Last synced: 05 Apr 2025
https://github.com/ddddddO/packemon
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
ebpf linux network network-programming networking observability packet packet-analyzer packet-generator packet-monitoring pcap penetration-testing pentesting protocol routing-protocols security socket-programming sockets system-programming
Last synced: 28 Mar 2025
https://github.com/parttimenerd/hello-ebpf
Hello eBPF world! Hello Java world! Let's discover eBPF together and write Java user-land library along the way.
Last synced: 30 Jun 2025
https://github.com/netobserv/netobserv-ebpf-agent
Network Observability eBPF Agent
ebpf kubernetes network-observability openshift
Last synced: 12 Apr 2025
https://github.com/alegrey91/harpoon
🔍 Seccomp profiling and function-level tracing tool.
devops devsecops devsecops-pipeline ebpf ebpf-programs golang hacktoberfest hardening seccomp security-audit security-tools syscalls system-calls
Last synced: 05 Apr 2025
https://github.com/linux-lock/bpflock
bpflock - eBPF driven security for locking and auditing Linux machines
bpf containers ebpf iot iot-security kernel kubernetes lsm security
Last synced: 12 Apr 2025
https://github.com/aojea/netkat
netcat using netstack userspace library and eBPF
Last synced: 27 Oct 2025
https://github.com/mbertrone/bpf-iptables
An #eBPF and #XDP iptables firewall
bpf-iptables ebpf iovisor iptables xdp
Last synced: 25 Jul 2025
https://github.com/bpfsnoop/bpfsnoop
Modernized kernel functions, kernel tracepoints and bpf progs tracing tool for the bpf era.
bpf bpflbr bpfsnoop ebpf fgraph funcgraph last-branch-record lbr
Last synced: 14 Feb 2026
https://github.com/cong-or/hud
Find code blocking your Tokio workers. eBPF-powered, no instrumentation.
async cli debugging ebpf linux observability performance profiler rust tokio tui
Last synced: 15 Feb 2026
https://github.com/elastic/bpfcov
Source-code based coverage for eBPF programs actually running in the Linux kernel
bpf c codecoverage coverage cpp ebpf llvm llvm-pass
Last synced: 05 Apr 2025
https://github.com/mozillazg/ptcpdump
Process-aware, eBPF-based tcpdump
bpf ebpf ebpf-go ebpf-tc forensics network-capture packet-capture pcap pcapng process-aware sniffer tcpdump tcpdump-like
Last synced: 09 Apr 2025
https://github.com/polarsignals/kubezonnet
Monitor cross-zone network traffic in Kubernetes.
ebpf gke kubernetes metrics networking prometheus
Last synced: 06 Apr 2025
https://github.com/gui774ume/ebpfkit-monitor
ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits
ebpf kernel linux linux-kernel linux-kernel-hacking rootkit runtime-security security
Last synced: 30 Oct 2025
https://github.com/fuweid/embedshim
Provide task runtime implementation with pidfd and eBPF sched_process_exit tracepoint to manage deamonless container with low overhead.
Last synced: 06 Apr 2025
https://github.com/trailofbits/ebpfpub
ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.
bpf ebpf llvm monitoring security tracepoints tracing
Last synced: 15 Apr 2025
https://github.com/redcanaryco/oxidebpf
A Rust library for managing eBPF programs.
Last synced: 02 Oct 2025
https://github.com/matheuzsecurity/rootkit
Collection of codes focused on Linux rootkits
collection ebpf ftrace hooking kernel ldpreload linux malware persistence rootkit
Last synced: 22 Jun 2025
https://github.com/redcanaryco/redcanary-ebpf-sensor
Red Canary's eBPF Sensor
Last synced: 13 Apr 2025
https://github.com/trailofbits/ebpfault
A BPF-based syscall fault injector
bpf debugging ebpf fault-injection llvm
Last synced: 15 Apr 2025
https://github.com/CycodeLabs/cimon-action
Runtime Security Solution for your CI/CD Pipeline
cicd ebpf github-actions hardening linux security security-hardening supply-chain-security
Last synced: 11 May 2025
https://github.com/willfindlay/bpfbox
🐝 BPFBox 📦 Exploring process confinement in eBPF
bcc ebpf linux linux-kernel runtime-security sandbox security
Last synced: 09 Jul 2025
https://github.com/pmem/vltrace
Tool tracing syscalls in a fast way using eBPF linux kernel feature
bcc ebpf ebpf-programs kprobes syscall syscalls tracepoints
Last synced: 09 Jul 2025
https://github.com/aya-rs/aya-template
A cargo-generate template for Rust eBPF Projects using Aya
Last synced: 07 May 2025
https://github.com/dkorunic/pktstat-bpf
TC, XDP, KProbe and CGroup eBPF based simple Ethernet interface traffic monitor and reporting tool
bpf cgroup-v2 cgroups-v2 ebpf kprobe kprobes linux network networking observability packet packet-capture tcpdump terminal traffic xdp
Last synced: 10 Apr 2025
https://github.com/nullswan/bpfsnitch
Real-time network & syscall monitoring tool for Linux systems and Kubernetes clusters
ebpf kubernetes monitoring network syscall
Last synced: 07 Apr 2025
https://github.com/0xdeafbeef/jeprofl
Allocations profiler built using ebpf
Last synced: 31 Oct 2025
https://github.com/vbpf/ebpf-samples
Sample ebpf programs to analyze
ebpf ebpf-opcode ebpf-programs
Last synced: 27 Jul 2025
https://github.com/jschwinger233/skbdump
ebpf-based tcpdump
bpf ebpf network-sniffer tcpdump
Last synced: 05 May 2025
https://github.com/aya-rs/book
The Aya Book is an introductory book about using the Rust Programming Language and Aya library to build extended Berkley Packet Filter (eBPF) programs.
Last synced: 07 May 2025
https://aya-rs.github.io/book/
The Aya Book is an introductory book about using the Rust Programming Language and Aya library to build extended Berkley Packet Filter (eBPF) programs.
Last synced: 07 May 2025
https://github.com/yanivagman/BPFroid
Trace Android framework API, native libraries, system calls and other events using eBPF
Last synced: 11 Mar 2025
https://github.com/yanivagman/bpfroid
Trace Android framework API, native libraries, system calls and other events using eBPF
Last synced: 05 May 2025
https://github.com/sysprog21/sehttpd
A small and efficient web server with 1K lines of C code
asynchronous-programming ebpf epoll http linux nonblocking web-server
Last synced: 08 May 2025
https://github.com/CN-TU/machine-learning-in-ebpf
This repository contains the code for the paper "A flow-based IDS using Machine Learning in eBPF", Contact: Maximilian Bachl
decision-trees ebpf linux machine-learning tree-based-methods
Last synced: 26 Mar 2025
https://github.com/davidcoles/vc5
A horizontally scalable Direct Server Return layer 4 load balancer for Linux using XDP/eBPF
bgp dsr ebpf golang l4lb linux load-balancer networking xdp
Last synced: 04 Oct 2025
https://github.com/yandex-cloud/skbtrace
Helper tool for generating and running BPFTrace scripts which trace and measure timings related to Linux Networking Stack, specifically SocKet Buffer contents
bpftrace ebpf linux network-analysis tracing
Last synced: 15 Apr 2025
https://github.com/ebpfdev/explorer
eBPF explorer is Web UI that lets you see all the maps and programs in eBPF subsystem
Last synced: 10 Apr 2025
https://github.com/aquasecurity/tracee-action
Protect GitHub Actions with Tracee
ebpf github-actions runtime-scanner security
Last synced: 04 Oct 2025
