GitHub release
PyPI release
AUR release
GitHub commits since latest release
GitHub contributors
File size
PyPI monthly downloads (without mirrors)
PyPI total downloads
GitHub downloads

  • An especially easy, worthy, and lightweight program for linux to inspire protect your privacy
    • It shows your diagram and notifies you every time it sees a novel program that connects to the community
    • Or when the sha256 adjustments for one in every of those programs (can additionally take a look at VirusTotal)
    • And parts a curses basically basically based UI for making an try previous connections
  • For evolved users who know what desires to be running on their diagram and after they desires to be making community connections
    • Most productive that it is likely you’ll also purchase which programs to believe, so picosnitch leaves this decision as much as you and ethical focusses on doing one factor effectively
    • A program that it is likely you’ll also’t believe to glean community connections additionally can’t be depended on no longer to remark any firewall ideas, so blocking or sandboxing these programs is out of scope for picosnitch (additionally beware of programs running as root that will try to forestall/alter picosnitch)
    • On the different hand, that it is likely you’ll also nonetheless take into fable picosnitch logs with one other program to dam connections as soon as detected, picosnitch might per chance per chance per chance per chance also additionally be worn with any varied firewall tool and would no longer affect performance because it handiest shows connections and would no longer intercept them
  • Impressed by programs corresponding to GlassWire, Limited Snitch, and OpenSnitch

PPA for Ubuntu and derivatives

  • sudo add-upright-repository ppa:elesiuta/picosnitch
  • sudo upright change
  • sudo upright set up picosnitch

AUR for Arch and derivatives

PyPI for any Linux distribution with Python >= 3.8

  • set up the BPF Compiler Series python bundle for your distribution
    • it desires to be known as python-bcc or python-bpfcc
  • set up picosnitch the usage of pip
    • pip3 set up "picosnitch[full]" --upgrade --particular person
  • cancel a service file for systemd to skedaddle picosnitch (quick)
    • picosnitch systemd
  • no longer principal dependencies (should always nonetheless already be set in or set up mechanically)
    • for notifications: dbus-python, python-dbus, or python3-dbus (title depends to your distro)
    • for VirusTotal: python-requests
  • running picosnitch
    • enable/disable autostart on reboot with systemctl enable|disable picosnitch
    • start/stop/restart with systemctl start|stop|restart picosnitch
    • or whenever you occur to don’t exhaust systemd picosnitch start|stop|restart
  • particular person interface for making an try previous connections
    • start with picosnitch scrutinize
    • dwelling/enter: filter on entry backspace: have interaction away filter h/H: cycle by arrangement of history t/T: cycle time differ r: refresh scrutinize q: quit
  • show usage with picosnitch inspire
  • config is kept in ~/.config/picosnitch/config.json
    • restart picosnitch if it is currently running for any adjustments to have interaction cease
  "DB retention (days)":  365, # What number of days to steal connection logs in snitch.db
  "DB sql log":  right, # Write connection logs to snitch.db
  "DB textual declare material log":  false, # Write connection logs to conn.log
  "DB write restrict (seconds)":  1, # Minimum time between writing connection logs
  # rising it decreases disk writes by grouping connections into bigger time home windows
  # cutting again time precision, cutting again database measurement, and rising hash latency
  "Desktop notifications":  right, # Are attempting connecting to dbus to show notifications
  "Every exe (no longer ethical conns)":  false, # Test every running executable with picosnitch
  # these shall be handled as "connections" with a port of -1
  # this purpose is experimental but should always nonetheless work moderately effectively, errors desires to be anticipated as
  # picosnitch is unable to start file descriptors for some extraordinarily short-lived processes
  "Log addresses":  right, # Log far-off addresses for each and each connection
  "Log instructions":  right, # Log show line args for each and each executable
  "Log ignore":  [], # Checklist of hashes (str), domains (str), or ports (int)
  # will leave out connections that match any of those from the connection log
  # domains will match any that start with the equipped string, hashes or ports are precise
  # the system title, executable, and hash will nonetheless be recorded in tale.json
  "Location RLIMIT_NOFILE":  null, # Location the most collection of start file descriptors (int)
  # it is worn for caching process executables and hashes (long-established diagram default is 1024)
  # this is correct passable for most of us since caching is basically basically based on executable instrument + inode
  # fanotify is worn to detect if a cached executable is modified to trigger a hash change
  "VT API key":  "", # API key for VirusTotal, leave blank to disable (str)
  "VT file upload":  false, # Upload file if hash no longer found, handiest hashes are worn by default
  "VT demand of restrict (seconds)":  15 # Series of seconds between requests (free tier quota)
  • a log of viewed executables is kept in ~/.config/picosnitch/exe.log
    • it is far a history of your notifications
  • a tale of viewed executables is kept in ~/.config/picosnitch/tale.json
    • this is worn for determining whether or no longer to cancel a notification
    • it incorporates identified process title(s) by executable, executable(s) by process title, and sha256 hash(es) with VirusTotal results by executable
  • the beefy connection log is kept in ~/.config/picosnitch/snitch.db
    • this is worn for picosnitch scrutinize
    • show, connection occasions are basically basically based on when the personnel is processed, in whine that they’re worthy to within DB write restrict (seconds) at finest, and might per chance per chance per chance per chance be delayed if the old personnel is tiring to hash
    • notifications are handled by a separate subprocess, in whine that they’re no longer field to the equivalent delays because the connection log
  • if DB textual declare material log is enabled, the beefy connection log is additionally written to ~/.config/picosnitch/conn.log
    • this might per chance well be significant for staring at with one other program
    • it incorporates the next fields, separated by commas (commas, newlines, and null characters are eradicated from values)
    • executable,title,cmdline,sha256,time,domain,ip,port,uid,count
  • the error log is kept in ~/.config/picosnitch/error.log
    • errors will additionally trigger a notification and are typically caused by far too many processes/connections
    • for most of us most often, this should always nonetheless elevate suspicion that some varied program would be misbehaving
  • set up dependencies listed below set up
  • set up python-setuptools
  • set up picosnitch with python set up --particular person
  • seek for quite a lot of alternatives with python [build|install] --inspire