AgentSniff¶
AI Agent Network Scanner — Detect AI agents operating on your network through passive monitoring, active probing, protocol detection, and behavioral analysis.
What AgentSniff Does¶
AgentSniff identifies AI agents on enterprise networks using eight complementary detection modules. It combines passive network observation with active probing to find agents built with LangChain, CrewAI, AutoGen, Symbiont, and 50+ other frameworks.
- Passive monitoring — DNS queries, TLS fingerprints, traffic patterns
- Active probing — Port scanning, endpoint probing, MCP detection, AgentPin discovery
- Signal correlation — Noisy-OR probability fusion across all detectors
- Alerting — Webhook and email notifications on detection
- Dashboard — Real-time web UI with SSE streaming
Quick Start¶
# Install
pip install agentsniff
# Scan your network
agentsniff scan 192.168.1.0/24
# JSON output
agentsniff scan 10.0.0.0/24 --format json --output results.json
# Continuous monitoring with webhook alerts
agentsniff scan 192.168.1.0/24 --continuous 60 --webhook-url https://hooks.example.com
# Web dashboard
agentsniff serve --port 9090
Documentation¶
| Guide | Description |
|---|---|
| Getting Started | Install, first scan, dashboard setup |
| Detectors | All eight detection modules explained |
| CLI Reference | Complete command-line usage |
| Dashboard | Web dashboard and SSE streaming |
| Configuration | YAML, env vars, and runtime config |
| Alerting | Webhook, email, and cron-based alerts |
| Integrations | Optional Zeek and nmap integration |
| API Reference | REST API endpoints |
| Architecture | Internals, signal correlation, confidence scoring |
| Wazuh Integration | SIEM rules for AgentSniff logs |