AgentHound Documentation¶
Attack-path discovery for AI agent infrastructure. BloodHound for MCP, A2A, and AI services.
Get Started¶
- Install — Homebrew, Docker, or build from source
- Quickstart — First scan to first finding in 10 minutes
- Demo Lab — Full offensive arc with Docker (scan → discover → loot → poison → revert)
Operator Guides¶
- Network Scanning — Sweep CIDRs for AI/ML services + fingerprint
- Protocol Discovery — Find MCP servers and A2A agents by protocol shape
- Looting — Extract credentials and model artifacts from discovered services
- LiteLLM — Master key → upstream provider keys
- Ollama — Model inventory, modelfiles, weight extraction
- Offensive Actions — Poison tool descriptions, implant configs, revert
- Attack Paths — Credential chains, cross-protocol pivots, exfiltration routes
- Deployment — Production setup, reverse proxy, backups
- Security and OPSEC — Threat model, audit trail, operator posture
Reference¶
- CLI Reference — Every command, flag, and env var
- API Reference — REST endpoints, auth, request/response schemas
- Graph Model — 25 node types, 25 edge types, ID strategy, merge semantics
- CAN_REACH — The marquee composite edge (transitive agent→resource access)
- Detection Rules — 18 pre-built queries + OWASP mapping
- Rule Syntax — YAML schema for detection + fingerprint rules
- Configuration — Env vars, state directories, defaults
- Risk Scoring — Edge weights, node scores, sensitivity classification
Architecture¶
- System Design — Two-binary split, data flow, tech stack
- Ingest Pipeline — Validate → normalize → deduplicate → write → post-process
- Post-Processors — 11 composite-edge processors with dependency ordering
Contributing¶
- Development Setup — Clone to green CI in 5 minutes
- Writing Modules — Add a fingerprinter, looter, or poisoner
- Authoring Rules — Write + test YAML detection rules
Decisions¶
- ADR-0001: Two-Binary Split — Why collector and server are separate binaries
Where does my new doc go?¶
| Question | Folder |
|---|---|
| How to USE the tool operationally? | operator/ |
| A lookup table, schema, or flag reference? | reference/ |
| How the code works internally? | architecture/ |
| How to add something to the codebase? | contributing/ |
| A first-time setup walkthrough? | getting-started/ |
| An architecture decision? | adr/ |
One concept per file. Split before 500 lines. kebab-case filenames.