Show HN: Live, system-wide USB transfer sniffer in eBPF

Category: security

Tags: ebpf, usb-sniffer, reverse-engineering

Score: 7.5/10 (Innovation: 7, Technical: 9, Documentation: 7, Utility: 7)

usbsnoop is a live, system-wide USB traffic sniffer built on eBPF fentry hooks, requiring no kernel modules or usbmon. It captures and decodes USB transfers in real-time with colorized output, making it a powerful tool for reverse-engineering peripherals, debugging drivers, and inspecting storage/SCSI commands.

Target audience: backend devs, devops, security researchers

Repository: https://github.com/yeet-src/usbsnoop · JavaScript · 7 stars

View on Hacker News