• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

AgentSmith HIDS – Host Based Intrusion Detection

August 31, 2023

Views: 5,219

AgentSmith HIDS is a powerful component of a Host-based Intrusion Detection system, it has anti-rootkit functionalities and is a very performant way to collect information about a host.

Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to a lack of a rule engine and detection function. However, it can be used as a high-performance ‘Host Information Collect Agent’ as part of your own HIDS solution. The comprehensiveness of information that this agent can collect was one of the most important metrics during development of this project, hence it was built to function in the kernel stack and achieve huge advantages compared to those functions in the user stack, such as:

  • For better performance – Information needed is collected in the kernel stack to avoid additional supplement actions such as traversal of ‘/proc’; and to enhance the performance of data transportation, data collected is transferred via shared RAM instead of netlink.
  • Hard to be bypassed – information collection was powered by a specifically designed kernel drive, making it almost impossible to bypass the detection of malicious software like rootkits, which can deliberately hide themselves.
  • Easy to integrate – the AgentSmith-HIDS was built to integrate with other applications and can be used not only as a security tool but also as a good monitoring tool, or even a good detector of your assets. The agent can collect the users, files, processes and internet connections for you, so let’s imagine when you integrate it with CMDB, you could get a comprehensive map consisting of your network, host, container and business (even dependencies). What if you also have a Database audit tool at hand? The map can be extended to contain the relationship between your DB, DB User, tables, fields, applications, network, host containers etc. Thinking of the possibility of integration with network intrusion detection systems and/or threat intelligence etc., higher traceability could also be achieved. It just never gets old.
  • Kernel stack + User stack – AgentSmith-HIDS also provide a user stack module, to further extend the functionality when working with a kernel stack module.

Feature of AgentSmith HIDS

  • Kernel stack module hooks execve, connect, process inject, create file, DNS query, load LKM behaviors via Kprobe,and is also capable of monitoring containers by being compatible with Linux namespace.
  • User stack module utilize built in detection functions including queries of User List,Listening ports list,System RPM list,Schedule jobs
  • AntiRootkit,From: Tyton ,for now add PROC_FILE_HOOK,SYSCALL_HOOK,LKM_HIDDEN,INTERRUPTS_HOOK feature,but only wark on Kernel > 3.10.
  • Cred Change monitoring (sudo/su/sshd except)
  • User Login monitoring

AgentSmith HIDS Usage

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
    "uid":"0",
    "data_type":"59",
    "run_path":"/tmp",
    "exe":"/opt/ltp/testcases/bin/growfiles",
    "argv":"growfiles -W gf26 -D 0 -b -i 0 -L 60 -u -B 1000b -e 1 -r 128-32768:128 -R 512-64000 -T 4 -f gfsmallio-35861 -d /tmp/ltp-Ujxl8kKsKY ",
    "pid":"35861",
    "ppid":"35711",
    "pgid":"35861",
    "tgid":"35861",
    "comm":"growfiles",
    "nodename":"test",
    "stdin":"/dev/pts/1",
    "stdout":"/dev/pts/1",
    "sessionid":"3",
    "sip":"192.168.165.1",
    "sport":"61726",
    "dip":"192.168.165.128",
    "dport":"22",
    "sa_family":"1",
    "pid_tree":"1(systemd)->1384(sshd)->2175(sshd)->2177(bash)->2193(fish)->35552(runltp)->35711(ltp-pan)->35861(growfiles)",
    "tty_name":"pts1",
    "socket_process_pid":"2175",
    "socket_process_exe":"/usr/sbin/sshd",
    "SSH_CONNECTION":"192.168.165.1 61726 192.168.165.128 22",
    "LD_PRELOAD":"/root/ldpreload/test.so",
    "user":"root",
    "time":"1579575429143",
    "local_ip":"192.168.165.128",
    "hostname":"test",
    "exe_md5":"01272152d4901fd3c2efacab5c0e38e5",
    "socket_process_exe_md5":"686cd72b4339da33bfb6fe8fb94a301f"
}

You can download AgentSmith here:

AgentSmith-HIDS-master.zip

Or read more here.

Related Posts:

  • An Introduction To Web Application Security Systems
  • Best Open Source HIDS Tools for Linux in 2025…
  • OSSEC - Open Source Host-Based Intrusion Detection…
  • OSSIM Download - Open Source SIEM Tools & Software
  • Falco - Real-Time Threat Detection for Linux and Containers
  • Intel Hidden Management Engine - x86 Security Risk?
Share
Tweet
Share
Buffer4
WhatsApp
Email
4 Shares

Filed Under: Security Software



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

Views: 159

Automated internet traffic will now overtake human activity, presenting sophisticated cyber threats … ...More about Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation

TREVORspray - Credential Spray Toolkit for Azure, Okta, OWA & More

TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Views: 327

TREVORspray is a purpose-built password spraying utility designed for red teams and offensive … ...More about TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Force Push Scanner - Hunt GitHub Dangling Commits for Leaked Secrets

Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Views: 339

Force Push Scanner is an offensive security tool that identifies secrets inadvertently left in … ...More about Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Views: 5,182

Darknet marketplaces remain central to illicit trade in 2025, with evolving business models, payment … ...More about Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Caracal - Rust eBPF Rootkit for Stealthy Post-Exploitation

Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Views: 516

Caracal is a new Rust-based eBPF (extended Berkeley Packet Filter) rootkit that provides a stealth … ...More about Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Windows_EndPoint_Audit - Endpoint Security Auditing Toolkit

Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Views: 570

Windows_EndPoint_Audit from ITAuditMaverick introduces a powerful method for offensive security … ...More about Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Topics

  • Advertorial (28)
  • Apple (46)
  • Cloud Security (2)
  • Countermeasures (231)
  • Cryptography (84)
  • Dark Web (1)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (432)
  • Forensics (65)
  • GenAI (4)
  • Hacker Culture (9)
  • Hacking News (231)
  • Hacking Tools (688)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (240)
  • Networking Hacking Tools (353)
  • Password Cracking Tools (105)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (119)
  • Security Software (236)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (170)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker Hacker – Download brutus-aet2.zip AET2 (2,333,576)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,357)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,838)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,812)
  • Password List Download Best Word List – Most Common Passwords (933,802)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,474)
  • Hack Tools/Exploits (673,477)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,461)

Search

Recent Posts

  • Defending Against Malicious Botnets in 2025 Automated Traffic Threats and Mitigation July 16, 2025
  • TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More July 14, 2025
  • Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets July 11, 2025
  • Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends July 9, 2025
  • Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation July 7, 2025
  • Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit July 4, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy