Quick Start

# Install
pip install agentsniff

# Scan your network
agentsniff scan 192.168.1.0/24

# JSON output
agentsniff scan 10.0.0.0/24 --format json --output results.json

# Continuous monitoring with webhook alerts
agentsniff scan 192.168.1.0/24 --continuous 60 --webhook-url https://hooks.example.com

# Web dashboard
agentsniff serve --port 9090

Seven Detection Modules

📡

DNS Monitor

Passive DNS capture matching 40+ LLM API domains — OpenAI, Anthropic, Google, Mistral, and more.

🔌

Port Scanner

Async TCP scanning of MCP servers, LLM inference engines, vector databases, and agent platforms.

🪪

AgentPin Prober

.well-known/agent-identity.json discovery for confirmed agent identification.

⚡

MCP Detector

JSON-RPC 2.0 and SSE probing for Model Context Protocol servers with tool enumeration.

🔍

Endpoint Prober

HTTP signature detection for LangChain, CrewAI, AutoGen, Symbiont, Dify, Flowise, and n8n.

🔐

TLS Fingerprint

JA3 hashing of TLS ClientHello to identify agent HTTP client libraries.

📊

Traffic Analyzer

Behavioral pattern analysis — bursty tool invocations, LLM call patterns, and streaming SSE.

Key Features

🖥️ CLI with table, JSON, and CSV output

🌐 Web dashboard with real-time SSE streaming

🔄 Continuous scanning with configurable intervals

🔔 Webhook and SMTP email alerting

📈 Noisy-OR signal correlation with confidence scoring

🐳 Docker and Docker Compose support

⏱️ Cron-friendly one-shot scanning

🔧 REST API with full scan management

⚙️ YAML, env var, and CLI configuration

🛡️ Graceful degradation — root optional

Multiple ways to run:

⌨️

CLI

Rich terminal output with formatted tables, continuous scanning, and alert flags.

🌐

Dashboard

Real-time web dashboard with progressive agent rendering and settings modal.

🔧

REST API

FastAPI server with SSE streaming, scan management, and settings endpoints.

Part of the ThirdKey Trust Stack

→

→

→

AgentSniff ⊘

Network detection