Linux & macOS — auto-detects host triple, verifies SHA256, installs to ~/.agentsniff/bin.
Windows users: grab the .zip from the latest release.
Quick Start
# Install (Rust v2 — recommended) cargo install agentsniff # Or Python v1 pip install agentsniff # Scan your network agentsniff scan 192.168.1.0/24 # JSON output agentsniff scan 10.0.0.0/24 --format json --output results.json # Continuous monitoring with webhook alerts agentsniff scan 192.168.1.0/24 --continuous 60 --webhook-url https://hooks.example.com # Web dashboard agentsniff serve --port 9090
Pre-built binaries for Linux (x86_64/aarch64), macOS (Apple Silicon/Intel), and Windows (x86_64) are attached to every GitHub release, each signed with Sigstore cosign.
Dashboard
Eight Detection Modules
DNS Monitor
Passive DNS capture matching 40+ LLM API domains — OpenAI, Anthropic, Google, Mistral, and more.
Port Scanner
Async TCP scanning of MCP servers, LLM inference engines, vector databases, and agent platforms.
AgentPin Prober
AgentPin — domain-anchored cryptographic identity discovery via .well-known/agent-identity.json.
MCP Detector
JSON-RPC 2.0 and SSE probing for Model Context Protocol servers with tool enumeration.
Endpoint Prober
HTTP signature detection for LangChain, CrewAI, AutoGen, Symbiont, Dify, Flowise, and n8n.
TLS Fingerprint
JA3 hashing of TLS ClientHello to identify agent HTTP client libraries.
Traffic Analyzer
Behavioral pattern analysis — bursty tool invocations, LLM call patterns, and streaming SSE.
SSE Detector
Long-lived text/event-stream capture — eBPF passive mode in Rust v2, raw-socket fallback elsewhere.
Key Features
Multiple ways to run:
CLI
Rich terminal output with formatted tables, continuous scanning, and alert flags.
Dashboard
Real-time web dashboard with progressive agent rendering and settings modal.
REST API
FastAPI server with SSE streaming, scan management, and settings endpoints.