pandaadir05 / snoop

Public

A modern syscall tracer built on eBPF. Think strace, but with a real TUI, smart filters, TLS decryption, and output that's actually readable.

analysis cybersecurity ebpf linux low-level

100% credibility

Found Apr 13, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Rust

AI Summary

Snoop is a user-friendly Linux tool for tracing what programs do at a low level, like file access and network activity, with live views, filters, recording, and comparisons.

How It Works

🔍 Discover snoop

You hear about a friendly way to peek inside running programs and see exactly what files they open or network connections they make.

📥 Get snoop ready

Download or set up the tool in moments so you can start watching programs right away.

🚀 Trace a simple action

Choose a quick task like fetching a webpage and launch the trace to see it unfold live.

📊 Watch the magic

A colorful screen shows every step the program takes, like reading files or sending data, making hidden actions crystal clear.

Dive deeper

👥

Running app

Attach to a live program and follow its children too.

🐳

Container

Trace all activity inside a Docker or pod setup.

💾

Record

Capture a session to replay, filter, or compare anytime.

🔧 Focus and analyze

Narrow down to slow steps, files, or network calls, or group them into simple summaries.

✅ Unlock insights

You spot bottlenecks, debug issues, or understand your program's behavior perfectly, feeling like a debugging wizard.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is snoop?

Snoop is a Rust-based syscall tracer for Linux using eBPF, like strace but faster and more usable. It captures syscalls at full speed without pausing processes, decoding arguments into readable strings for paths, sockets, and flags. Users get a live TUI with search, filters, top-syscall stats, plus record/replay, diffing traces, flamegraphs, and TLS plaintext capture.

Why is it gaining traction?

Unlike ptrace-based tools like strace, snoop runs tracing in-kernel for zero overhead, with a real-time TUI that beats scrolling log spam. Smart filters like --files, --net, or --slow 10ms spotlight issues, while container support (--docker, --pod) and features like heap tracing (--ltrace) make it practical for prod debugging. The github snoop project hooks devs tired of man-page lookups and cryptic hex dumps.

Who should use this?

Linux sysadmins debugging nginx or postgres stalls, ops tracing Kubernetes pods or Docker containers, and backend devs profiling syscall-heavy apps like databases. Ideal for spotting regressions via trace diffs or exporting JSON for jq pipelines.

Verdict

Grab it if you trace Linux processes often—prebuilt binaries and cargo install make it dead simple, with excellent docs and a polished CLI. At 19 stars and 1.0% credibility, it's early but stable on 5.8+ kernels; test on noncrit systems first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 19 stars

Bonus: AI verified quality (100%)

Account age: 821 days

Repo age: 4 days

License: MIT

Updated: Apr 13, 2026