v1.1.0 — Now with Kubernetes Pod Resolution

Surgical Process Tracing
Powered by eBPF

A zero-overhead, single-binary process tracer for Linux malware triage and incident response. Built by Mutasem Kharma.

Try in Browser — Free View Source
$ sudo procscope -- ./suspicious-binary
🔍

Process Scoped

Track a single PID tree — not the entire host. See exactly what one binary does without drowning in noise.

Zero Overhead

eBPF kernel-level filtering means zero performance impact. No ptrace. No anti-debug detection by malware.

🛡️

Incident Ready

Auto-generates evidence bundles, Markdown reports, and JSONL streams for your SOC team or HackerOne submission.

☸️

K8s Aware

Automatically resolves container IDs to Kubernetes Pod names and Namespaces. No CRDs, no DaemonSets.