Tool Name: procscope Homepage: https://github.com/Mutasem-mk4/procscope License: MIT

Description / Pitch: Procscope is a modern, Linux-first, process-scoped runtime investigator designed specifically for malware triage, dynamic reverse engineering, and threat hunting.

While tools like sysdig are overly heavy and strace gets bogged down by sheer volume, procscope leverages eBPF to generate clean, perfectly isolated, zero-noise timelines of a singular target process and its child tree. It tracks:

Process lifecycle (exec/fork/exit)
Network payloads and connections
File I/O operations
Privilege transitions and namespace manipulations
Why this belongs in Kali Linux / Parrot OS: We specifically engineered procscope to be an absolute dream for OS maintainers to package. We know dependency hell prevents great tools from being integrated, so we solved it upstream:

Zero Runtime Dependencies: The entire user-space wrapper is strictly written in Go and completely statically compiled as a standalone binary (CGO_ENABLED=0).
Pre-configured Debian Upstream: You do not need to write a PKGBUILD or debian/rules file for us. We have already built a completely standard, native debian/ directory directly into our repository root.
Automated CI Validation: Our GitHub Actions currently run dpkg-buildpackage on every single commit. We have already verified the package compiles flawlessly using standard debhelper and dh-golang.
Similar tools: strace, ltrace, sysdig (Procscope provides the deep kernel visibility of sysdig, but with the targeted binary isolation of strace).

Activity: Active development

Intended Usage Example:

Attach to an unknown binary to surgically observe exactly what it touches

sudo procscope -- /tmp/suspicious-payload