eBPF
eBPF is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to change kernel source code or load kernel modules.
- GitHub: https://github.com/topics/ebpf
- Wikipedia: https://en.wikipedia.org/wiki/EBPF
- Created by: Alexei Starovoitov, Daniel Borkmann
- Released: 2014
- Last updated: 2026-06-22 00:09:11 UTC
- JSON Representation
https://github.com/yanivagman/bpfroid
Trace Android framework API, native libraries, system calls and other events using eBPF
Last synced: 05 May 2025
https://github.com/sysprog21/sehttpd
A small and efficient web server with 1K lines of C code
asynchronous-programming ebpf epoll http linux nonblocking web-server
Last synced: 08 May 2025
https://github.com/CN-TU/machine-learning-in-ebpf
This repository contains the code for the paper "A flow-based IDS using Machine Learning in eBPF", Contact: Maximilian Bachl
decision-trees ebpf linux machine-learning tree-based-methods
Last synced: 26 Mar 2025
https://github.com/yandex-cloud/skbtrace
Helper tool for generating and running BPFTrace scripts which trace and measure timings related to Linux Networking Stack, specifically SocKet Buffer contents
bpftrace ebpf linux network-analysis tracing
Last synced: 15 Apr 2025
https://github.com/davidcoles/vc5
A horizontally scalable Direct Server Return layer 4 load balancer for Linux using XDP/eBPF
bgp dsr ebpf golang l4lb linux load-balancer networking xdp
Last synced: 04 Oct 2025
https://github.com/ebpfdev/explorer
eBPF explorer is Web UI that lets you see all the maps and programs in eBPF subsystem
Last synced: 10 Apr 2025
https://github.com/InnerWarden/innerwarden
Autonomous security agent for Linux and macOS. 40 eBPF hooks. 48 detectors. 20 response playbooks. 30 correlation rules. 98% MITRE ATT&CK coverage (41/42). Kill chain tracking. AI agent protection. Mesh defense. Pure Rust.
agent-guard ai-agent-security anomaly-detection autonomous-defense correlation-engine ebpf firewall honeypot host-security incident-response intrusion-detection ja3 kernel linux rust security sigma-rules threat-detection tls-fingerprinting yara
Last synced: 03 Apr 2026
https://github.com/innerwarden/innerwarden
Autonomous security agent for Linux and macOS. 40 eBPF hooks. 48 detectors. 20 response playbooks. 30 correlation rules. 98% MITRE ATT&CK coverage (41/42). Kill chain tracking. AI agent protection. Mesh defense. Pure Rust.
agent-guard ai-agent-security anomaly-detection autonomous-defense correlation-engine ebpf firewall honeypot host-security incident-response intrusion-detection ja3 kernel linux rust security sigma-rules threat-detection tls-fingerprinting yara
Last synced: 16 May 2026
https://github.com/boratanrikulu/durdur
Lightweight packet filtering for Linux: 'durdur' is a high-performance, eBPF-based simple firewall tool that drops packets by IP or DNS domain. Perfect for on-demand network control.
bpf dns ebpf firewall networking xdp
Last synced: 23 Aug 2025
https://github.com/un-nf/404
A new approach to fighting cross-session tracking: multi-layer online fingerprint obfuscation. Spoofs browser/OS (headers & JS), hardware, TLS cipher-suite, canvas, peripherals and much more.
browser browser-fingerprinting ebpf fingerprinting fingerprintjs https-proxy ja3 ja4 nightmarejs obfuscation privacy privacy-tools proxy reverse-proxy traffic-control
Last synced: 21 Apr 2026
https://github.com/aquasecurity/tracee-action
Protect GitHub Actions with Tracee
ebpf github-actions runtime-scanner security
Last synced: 09 Mar 2026
https://github.com/mozillazg/cloud-native-security-with-ebpf
《eBPF 云原生安全:原理与实践》书中示例程序的完整源代码
Last synced: 26 Jun 2025
https://github.com/nirmata/kube-netc
A Kubernetes eBPF network monitor
ebpf kubernetes networking prometheus
Last synced: 06 Oct 2025
https://github.com/opencloudos/perf-prof
Kernel profiler based on perf_event and ebpf
ebpf linux monitor monitoring perf performance profiling
Last synced: 06 Apr 2025
https://github.com/gen0sec/synapse
XDR with eBPF-powered firewall and proxy. Protect your Linux servers.
access-rules adr arxignis ebpf firewall gen0sec ja3-fingerprint ja4 ja4-fingerprint ja4h ja4t rate-limiting runtime ssl-fingerprint threat-intelligence waf webserver xdr
Last synced: 17 Feb 2026
https://github.com/dswarbrick/ebpf_exporter
A Prometheus exporter which uses eBPF to measure block IO request latency / size
ebpf prometheus prometheus-exporter
Last synced: 24 Jun 2025
https://github.com/cycodelabs/cimon-action
Runtime Security Solution for your CI/CD Pipeline
cicd ebpf github-actions hardening linux security security-hardening supply-chain-security
Last synced: 01 Sep 2025
https://github.com/takehaya/xdperf
xdperf is a high-performance network traffic generation tool that leverages XDP (eXpress Data Path).
Last synced: 12 Apr 2026
https://github.com/pizzabits/secrets-snitcher
300 lines eBPF tool that shows which pods are reading your K8s secrets and how often.
Last synced: 02 Apr 2026
https://github.com/rafaeldtinoco/howtos
Documents that might help others.
books ebpf internals kernel kvm libbpf libbpfgo linux networking programming qemu security tracee virtualization
Last synced: 21 Mar 2025
https://github.com/digitalocean/vmtop
Real-time monitoring of KVM/Qemu VMs
bcc ebpf kvm monitoring performance prometheus qemu virtualization
Last synced: 30 Jun 2025
https://github.com/gui774ume/ssh-probe
monitor and protect SSH sessions with eBPF
ebpf fim linux mfa-verification monitoring process-monitoring ssh-session
Last synced: 06 May 2025
https://github.com/asphaltt/learn-by-example
Learn something interesting by examples.
bpf2bpf ebpf fentry fexit freplace go iptables-nfqueue kprobe nfnetlink nsenter tc-bpf tracepoint xdp xdp-acl
Last synced: 25 Jun 2025
https://github.com/eunomia-bpf/llvmbpf
Userspace eBPF VM with llvm JIT/AOT compiler
aot ebpf jit llvm runtime virtual-machine
Last synced: 13 Apr 2025
https://github.com/nutcas3/telecom-platform
This is a comprehensive, sovereign cellular connectivity solution that enables organizations to deploy and manage their own private 5G/LTE networks. This full-stack platform provides end-to-end capabilities from core network integration to subscriber management, charging, and developer APIs
5g 5gcore bss cellular-network charging-engine cloud-native-engineering ebpf esim golang kubernetes lte message-queue microservices network-orchestration network-programming private-network rust telecom
Last synced: 30 May 2026
https://github.com/ceems-dev/ceems
A Prometheus exporter and a REST API server to export metrics of compute units of resource managers like SLURM, Openstack, k8s, _etc_
cloud containers dashboards ebpf emissions energy-monitor grafana green-computing hpc json-api kubernetes metrics-server metrics-visualization monitoring observability openstack performance-monitoring prometheus prometheus-exporter slurm
Last synced: 05 May 2026
https://github.com/yunwei37/eunomia
A lightweight eBPF-based Monitor tool:run ebpf as a service!
cloud-native container cpp cpp-library cpp20 ebpf kubernetes monitor observability prometheus security
Last synced: 07 Aug 2025
https://github.com/sematext/uprobe-http-tracer
uprobe-based HTTP tracer for Go binaries
bcc ebpf golang instrumentation tracing uprobes
Last synced: 08 Feb 2026
https://github.com/tarsal-oss/kflowd
Kernel-based Process Monitoring on Linux Endpoints for File System, TCP and UDP Networking Events and optionally DNS, HTTP and SYSLOG Application Messages via eBPF Subsystem
co-re detection dlp dns dpi ebpf edr filesystem http monitoring netflow siem syslog tcp udp virus vulnerability xdr
Last synced: 10 Apr 2025
https://github.com/gui774ume/fsprobe
A file system events notifier based on eBPF
Last synced: 05 Mar 2026
https://github.com/shaneutt/ebpf-rust-udp-loadbalancer-demo
A demo app covering building an eBPF load-balancer in Rust
ebpf linux load-balancer rust xdp
Last synced: 22 Mar 2025
https://github.com/kguardian-dev/kguardian
A Kubernetes tool leveraging eBPF for advanced Kubernetes security, auto-generating Network Policies, Seccomp Profiles, and more.
Last synced: 01 Jun 2026
https://github.com/stevenjohnstone/go-bpf-gen
Generate bpftrace scripts for use with golang programs. Works around quirks in the golang runtime.
bpf bpftrace debugging ebpf golang observability
Last synced: 01 Feb 2026
https://github.com/yutarohayakawa/ipftrace
[Deplicated] Now we have more sophisticated (and compact) implementation in ipftrace2 repository. Please check it as well.
ebpf linux-kernel network tracing
Last synced: 07 Apr 2025
https://github.com/eunomia-bpf/libbpf-starter-template
Template designed to get new developers with libbpf development.
Last synced: 19 Jun 2025
https://github.com/jamesits/linux-gre-keepalive
High-performance passive (a.k.a. reply-only) GRE keepalive support for Linux, written in eBPF/XDP.
ebpf gre gre-tunnel keep-alive linux xdp
Last synced: 14 Apr 2025
https://github.com/unum-cloud/UCSB
Wide NoSQL benchmark for RocksDB, LevelDB, Redis, WiredTiger and MongoDB extending the Yahoo Cloud Serving Benchmark
benchmark database ebpf google-benchmark io-uring leveldb lsm-tree mongodb rocksdb spdk terabyte valgrind wiredtiger ycsb
Last synced: 26 Jun 2025
https://github.com/unum-cloud/ucsb
Wide NoSQL benchmark for RocksDB, LevelDB, Redis, WiredTiger and MongoDB extending the Yahoo Cloud Serving Benchmark
benchmark database ebpf google-benchmark io-uring leveldb lsm-tree mongodb rocksdb spdk terabyte valgrind wiredtiger ycsb
Last synced: 26 Jun 2025
https://github.com/sagarbhure/eBPFShield
🛡️ Introducing eBPFShield - a powerful 📍IP-intelligence and 📈DNS monitoring tool built using eBPF!
dns-monitor ebpf firmware ip-intelligence kernel-security monitoring security security-tools
Last synced: 03 Mar 2026
https://github.com/flomesh-io/fsm
Lightweight service mesh for Kubernetes East-West and North-South traffic management, uses ebpf for layer4 and pipy proxy for layer7 traffic management, support multi cluster network.
ebpf gateway-api ingress-controller kubernetes load-balancer multi-cluster service-mesh service-mesh-interface sidecar
Last synced: 05 Apr 2025
https://github.com/ahas-sigs/kube-ebpf-exporter
Prometheus exporter for custom eBPF metrics From Kubernetes cluster. (derived from cloudflare/ebpf_exporter)
Last synced: 26 Oct 2025
https://github.com/rebpf/rebpf
A Rust library to write and load bpf programs built on top of libbpf (no bcc dependency).
Last synced: 08 Sep 2025
https://github.com/fzakaria/eBPF-mpls-encap-decap
Sample project demonstrating how to use eBPF to encap/decap packets with an MPLS label.
bpf bpfilter ebpf ebpf-programs linux linux-kernel-hacking
Last synced: 15 Nov 2025
https://github.com/kube-tarian/tarian
Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.
anti-malware anti-virus antimalware antivirus antivirus-software cloudnative containers devsecops ebpf hacktoberfest kubernetes kubernetes-antimalware kubernetes-security microservices runtime-security security security-hardening security-tools shiftleft tarian
Last synced: 08 Mar 2026
https://github.com/shinoleah/ehook
A Simple uprobe Hook Framework
android ebpf reverse-engineering
Last synced: 19 Feb 2026
https://github.com/Dantali0n/OpenCSD
OpenCSD: eBPF Computational Storage Device (CSD) for Zoned Namespace (ZNS) SSDs in QEMU
bpf computational-storage-device csd ebpf flufflefs nvme opencsd qemu zcsd zns zoned-namespace
Last synced: 15 Nov 2025
https://github.com/fzakaria/ebpf-mpls-encap-decap
Sample project demonstrating how to use eBPF to encap/decap packets with an MPLS label.
bpf bpfilter ebpf ebpf-programs linux linux-kernel-hacking
Last synced: 20 Mar 2025
https://github.com/rphang/evilbpf
Weaponizing the Linux Kernel (Hide Files/PID, SSH backdoors, SSL Sniffer, ...) by poking around eBPF/XDP
ebpf kernel linux-kernel-hacking offensive-security rootkit security sshd xdp
Last synced: 10 Apr 2025
https://github.com/robalb/ebpf-web-fingerprint
a golang library and webserver for fast TCP & TLS fingerprinting, powered by eBPF
anti-scraping cilium-ebpf ebpf fingerprinting scraping
Last synced: 26 Jul 2025
https://github.com/ndxdeveloper/formation-c-ubuntu
Formation en français pour maîtriser le langage C sur Ubuntu/Linux - De la syntaxe à la programmation système, avec outillage DevOps moderne (CMake, CI/CD, eBPF)
c c-programming ci-cd cmake devops ebpf embedded-systems formation francais gcc gdb github-actions linux posix pthreads sanitizers systems-programming tutoriel ubuntu valgrind
Last synced: 08 Apr 2026
https://github.com/mozillazg/libbpfgo-tools
libbpfgo port of bcc/libbpf-tools
bcc ebpf go golang libbpf libbpf-tools libbpfgo
Last synced: 10 Apr 2025
https://github.com/lumbrjx/obzev0
Chaos engineering tool written in C/Go to test the resilience of TCP/UDP-based applications within Kubernetes environments, simulating various network conditions and failures to ensure the reliability of the overall system.
c channels chaos-engineering devops ebpf golang helm http kubernetes latency metrics multithreading network optimization prometheus proxy resiliency tcp testing testing-tools
Last synced: 10 Apr 2025
https://github.com/eunomia-bpf/cilium-ebpf-starter-template
Template designed to get new developers with cilium-ebpf development.
Last synced: 19 Jul 2025
https://github.com/alexhraber/flowhawk
Real-time eBPF-powered network security monitor with AI-driven threat detection. Surfaces port scans, DDoS attacks, botnet activity, and anomalies at 100Gbps+ speeds with sub-microsecond latency (~150 million packets/sec).
anomaly-detection cybersecurity ddos-protection ebpf golang intrusion-detection machine-learning network-analysis network-security packet-processing real-time-monitoring threat-detection xdp zero-day-detection
Last synced: 12 Mar 2026
https://github.com/wasmerio/sonde-rs
A library to compile USDT probes into a Rust library
dtrace ebpf probe rust rust-lang rust-library usdt
Last synced: 25 Jun 2025
https://github.com/tzussman/kmodleak
Track memory leaks for Linux kernel modules using eBPF
ebpf kernel-modules linux memory-leaks monitoring observability
Last synced: 18 Jan 2026
https://github.com/sh0rch/gutd
eBPF WireGuard Traffic Obfuscator (QUIC, SIP, SYSLOG, RANDOM)
docker-scratch dpi-bypass ebpf http3 linux mikrotik-container obfs obfuscation openwrt quic random-noise rust systemd wg-obfs wg-obfuscator wgobfs windows wireguard
Last synced: 19 Apr 2026
https://github.com/gui774ume/utrace
UTrace is a tracing utility that leverages eBPF to trace both user space and kernel space functions
Last synced: 26 Jun 2025
https://github.com/gui774ume/network-security-probe
A process level network security monitoring and enforcement project for Kubernetes, using eBPF
ebpf enforcement kubernetes linux network-security profile security
Last synced: 29 Jun 2025
https://github.com/Gui774ume/utrace
UTrace is a tracing utility that leverages eBPF to trace both user space and kernel space functions
Last synced: 30 Apr 2025
https://github.com/Gui774ume/network-security-probe
A process level network security monitoring and enforcement project for Kubernetes, using eBPF
ebpf enforcement kubernetes linux network-security profile security
Last synced: 09 Jul 2025
https://github.com/zz85/profile-bee
🐝🦀🔥 An ebpf based CPU profiler written in Rust
Last synced: 22 Feb 2026
https://github.com/asphaltt/tc-dump
A network packet info dumping tool like tcpdump based on `tc-bpf`.
ebpf ebpf-co-re go golang skb tc tc-dump
Last synced: 06 May 2025
https://github.com/4rivappa/kube-trace-nfs
eBPF-Based NFS Telemetry Exporter for Kubernetes
ebpf efs kubernetes nfs prometheus telemetry
Last synced: 10 Apr 2025
https://github.com/yasindce1998/kubedagger
Kubernetes offensive framework built in eBPF
containers ebpf kubernetes linux linux-kernel linux-kernel-hacking malware rootkit runtime-security
Last synced: 15 Aug 2025
https://github.com/k8sstormcenter/honeycluster
Threat-informed defense for cloudnative: Reference Implementation of a so-called Honeycluster - for kind (and GKE, RKE2, AKS)
cloudnative cybersecurity ebpf kubernetes threat-intelligence
Last synced: 10 Apr 2025
https://github.com/takehaya/vinbero
A complete subset of SRv6 local function & transit written in XDP
ebpf gtpu network-programming srv6 srv6-functions vinbero xdp
Last synced: 27 Oct 2025
https://github.com/riptl/binaryninja-ebpf
Binary Ninja eBPF & Solana plugin (disasm & LLIL)
binary-ninja binary-ninja-plugin ebpf solana
Last synced: 30 Apr 2025
https://github.com/asphaltt/socketrace
socketrace is an eBPF-based tool to trace kernel socket events. License Apache 2.0 and GPL-2.0
ebpf socket socket-tracer socketrace
Last synced: 10 Apr 2025
https://github.com/chen-keinan/kube-knark
Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster
ebpf ebpf-programs golang kubernetes linux scanner security
Last synced: 22 Mar 2025
https://github.com/groundcover-com/cli
groundcover's official CLI tool. Level up your K8s observability game with eBPF.
Last synced: 23 Oct 2025
https://github.com/wide-vsix/linux-flow-exporter
eBPF based IPFIX exporter. This software is an IPFIX flow-exporter for routing with Linux kernel. It records flow stats forwarded by the kernel using tc-ebpf, without AF_PACKET or conntrack. This flow-exporter supports multipath environment with less performance issues.
Last synced: 05 Oct 2025
https://github.com/florianl/tc-skeleton
Simple project to demonstrate the loading of eBPF programs via florianl/go-tc.
ebpf kernel linux network-programming
Last synced: 23 Mar 2025
https://github.com/lumontec/lsmtrace
Trace deep kernel events through eBPF and lsm hooks
ebpf kernel linux-security-module security tracing
Last synced: 06 Feb 2026
https://github.com/ivlyth/process-bandwidth
an ebpf based program which focus on process's network bandwidth, like Nethogs but provides every connection's bandwidth as well, and even terminal graph
cli ebpf nethogs process-bandwidth
Last synced: 27 Oct 2025
https://github.com/odigos-io/offsets-tracker
This project tracks offsets of fields inside of Go structs across versions for achieveing automatic instrumentation using eBPF
ebpf go golang opentelemetry opentelemetry-go
Last synced: 27 Mar 2026
https://github.com/kubescape/node-agent
Kubescape eBPF agent 🥷🏻
ebpf kubernetes kubescape security
Last synced: 03 Apr 2026
