View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009645Kali LinuxNew Tool Requestspublic2026-04-17 21:032026-04-27 12:37
Reportermutasem Assigned Todaniruiz  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0009645: New tool request: procscope
Description

Requesting inclusion of procscope in Kali Linux.

Upstream:
https://github.com/Mutasem-mk4/procscope

Latest release:
https://github.com/Mutasem-mk4/procscope/releases/tag/v1.1.0

What it is:
procscope is a process-scoped eBPF runtime investigation tool for Linux malware triage, incident response, and deep
process analysis. It lets the user launch a command under observation or attach to an existing PID and collect
process, file, network, privilege-transition, and namespace activity for that process tree.

Why it belongs in Kali:
This is useful for malware analysis, incident response, reverse engineering support, and forensic investigation on
Linux systems. It fills a narrower process-scoped investigation role compared with broader system-wide runtime
security tools.

Similar tools:

  • strace
  • sysdig
  • Falco

  • Tetragon

    Key differences:

  • focuses on a single process tree instead of whole-system monitoring
  • produces evidence bundles and Markdown summaries
  • uses eBPF for lower-overhead runtime observation

  • intended for investigation/triage, not EDR or policy enforcement

    Packaging status:

  • upstream repository is public
  • Debian packaging exists in-tree under debian/
  • DEP-8 autopkgtests exist
  • man page and shell completions are included

  • Arch/BlackArch packaging also exists upstream

    Repository contents:

  • Debian packaging: https://github.com/Mutasem-mk4/procscope/tree/master/debian

  • Packaging docs: https://github.com/Mutasem-mk4/procscope/blob/master/docs/packaging.md

    Basic usage:
    sudo procscope -- /bin/true
    sudo procscope -p <pid>

    License:
    MIT

    If needed, I can help provide additional packaging validation logs, autopkgtest results, and Linux runtime smoke-test
    output.

Activities

kali-bugreport

kali-bugreport

2026-04-18 08:23

reporter   ~0021600

Duplicate of 0009643, why create two?
mutasem

mutasem

2026-04-18 15:04

reporter   ~0021601

My apologies for the duplication; it was an accidental double submission. Please feel free to close this one as a duplicate of 0009643. Thank you!
daniruiz

daniruiz

2026-04-27 12:37

manager   ~0021637

Hello,

Thanks for your submission. We can’t package every infosec tool, so we prioritize those with wider adoption and community usage.

Best of luck with your project.

Issue History

Date Modified Username Field Change
2026-04-17 21:03 mutasem New Issue
2026-04-18 08:23 kali-bugreport Note Added: 0021600
2026-04-18 15:04 mutasem Note Added: 0021601
2026-04-27 12:37 daniruiz Assigned To => daniruiz
2026-04-27 12:37 daniruiz Status new => closed
2026-04-27 12:37 daniruiz Resolution open => won't fix
2026-04-27 12:37 daniruiz Note Added: 0021637