v1.2.1

Bug Fixes

• Fix scan hanging indefinitely: Scans via the dashboard (SSE) would hang forever after all detectors completed. The asyncio.wait loop was waiting on the cancel event even when no cancellation was requested. Scans now complete in ~0.2s for a single host (down from hanging indefinitely).
• Endpoint prober port pre-filtering: Quick TCP connect check skips closed ports before HTTP probing, reducing ~1034 probes to only reachable ports.
• DNS resolution timeouts: 3s timeout on getaddrinfo calls in traffic analyzer and DNS monitor to prevent blocking on unresponsive DNS.
• Per-detector completion logging: Each detector now logs when it finishes with signal count for easier debugging.

v1.2.0

What's New

Integrations Layer

• Zeek data source: Feed Zeek JSON logs (conn.log, dns.log, ssl.log) into traffic analyzer and DNS monitor detectors
• nmap enricher: Post-scan service version scanning that boosts, excludes (INFO status), or annotates detected agents
• Both integrations are off by default with lazy imports — no new required dependencies

Expanded Detection Signatures

• ~41 new LLM API domains: Cerebras, OpenRouter, SambaNova, AI21, DeepInfra, plus Chinese providers (DashScope, Moonshot, Zhipu, MiniMax, Baidu/ERNIE, ByteDance/Doubao, StepFun, Baichuan, 01.ai, Tencent/Hunyuan, iFlytek, SenseTime, ModelScope)
• ~28 new framework signatures: IDE agents (Cursor, Copilot, Windsurf, Aider, RooCode, Claude Code, Codex CLI), frameworks (LangGraph, AG2, Haystack, Composio, Letta), observability (Langfuse, Langsmith, Helicone), local inference (llama.cpp, TabbyML, Jan, KoboldCpp)
• ~9 new agent ports: LiteLLM (4000), LangGraph Studio (2024), Letta (8283), Continue.dev (65432), and more
• 6 new domain suffixes: Azure Models, SageMaker, IBM Watson, Volcengine

Other

• New model types: INFO agent status, NMAP_ENRICHER and ZEEK detector types
• CLI flags: --zeek-logs, --nmap, --nmap-args
• Optional dependency: pip install agentsniff[nmap]
• Dashboard screenshots in README

v1.1.1

What's New in v1.1.x

Accuracy Improvements (v1.1.0)

• Cross-module confidence fusion to suppress uncorroborated LOW port signals
• ORA-loop temporal correlation in traffic analyzer
• JA4+ TLS fingerprinting alongside JA3
• SSE response pattern detector for LLM streaming
• Banner-based self-corroboration for port scanner
• Baseline anomaly detection for continuous monitoring

Dashboard Fixes (v1.1.1)

• Live stat counters update as agents are detected during scan
• Detector checkboxes greyed out during scan
• Stop button reliability fix
• History navigation preserves results when returning to live view
• Cancelled/stopped scans now save to history

Install

pip install agentsniff==1.1.1

v1.0.2

New Features

• Port scanner & endpoint prober detectors — all 7 detectors now fully implemented (TCP connect scan with banner grabbing, HTTP probing of 20+ AI framework signatures)
• SARIF 2.1.0 export — CLI --format sarif, GET /api/scan/sarif endpoint, dashboard export dropdown
• Real-time progressive scan results — agents appear in dashboard as each detector completes, not after the full scan finishes
• Back-to-live-scan navigation — view historical scans during an active scan and return to the live view

Bug Fixes

• Stop scan now properly stops the timer and resets the UI
• Reduced false positives on non-AI services (Pi-hole, Gitea, etc.):
  • Generic HTTP/HTML responses no longer flagged as agent service indicators
  • OpenAPI/Swagger specs validated for AI-specific keywords before assigning high confidence
  • Agent metadata detection requires actual agent directory structure or AI plugin spec
  • Framework endpoint matching requires framework name in response body

Dependencies

• Added sarif-om and jschema-to-python for SARIF export support

Install

pip install agentsniff==1.0.2

v1.0.1

What's New

• SQLite persistence — scan history now persists across restarts (~/.agentsniff/agentsniff.db)
• Log file support — --log-file flag for file logging alongside console output
• Dashboard: Scan History panel — collapsible panel showing past scans, click to reload results
• Dashboard: Detector toggles — enable/disable individual detectors before scanning
• Dashboard: Database management — backup (tar.gz download) and reset database from settings
• New API endpoints — GET /api/scan/{scan_id}, paginated GET /api/scan/history, GET /api/db/backup, POST /api/db/reset
• 5x faster scans — default HTTP concurrency increased from 20 to 100
• CLI flags — --db and --log-file for both scan and serve commands

Install

pip install agentsniff==1.0.1

v1.0.0

AgentSniff v1.0.0

AI Agent Network Scanner — Detect AI agents operating on your network through passive monitoring, active probing, protocol detection, and behavioral analysis.

Features

• 7 detection modules: DNS monitoring, port scanning, AgentPin probing, MCP detection, endpoint probing, TLS fingerprinting, traffic analysis
• Web dashboard with real-time SSE streaming, agent detail expansion, and JSON export
• CLI with table, JSON, and CSV output formats
• Continuous scanning mode with configurable intervals
• Alerting via webhook POST and SMTP email with configurable thresholds and cooldown
• Dashboard settings modal for interactive alert configuration
• Scan cancellation with stop button support
• REST API with full scan management, agent inventory, and settings endpoints
• Docker and Docker Compose support with host networking for passive monitoring
• Cron-friendly one-shot scanning with alert and file output flags

Alert Channels

• Webhook: --webhook-url flag or YAML/env config, sends JSON payload with agent details
• Email (SMTP): --smtp-to flag or YAML/env config, sends summary with JSON attachment

Detection Targets

Identifies agents built with LangChain, CrewAI, AutoGen, Symbiont, Dify, Flowise, n8n, and OpenAI Assistants. Detects MCP servers, AgentPin identities, LLM API connections (OpenAI, Anthropic, Google, Mistral, Groq, and 15+ more), and agent-characteristic traffic patterns.