A (short) collecton of eBPF enabled tools (need root privileges to run);

Prerequisite: Install the latest bpftrace tool:

curl -o bpftrace -fsSL https://github.com/iovisor/bpftrace/releases/latest/download/bpftrace
chmod 755 bpftrace

Record all PTY sessions and sniffs all ssh/sudo/su passwords of all users.

export BPFTRACE_STRLEN=200
./bpftrace -Bnone ptysnoop.bt

Tools by others: SSHLog.