Discover AI traffic — before installing anything
You shouldn't have to trust a vendor's TLS-inspecting proxy just to find out whether you have a problem. kilasec-discover answers "what on my network is talking to AI providers?" from logs you already have — one Python file, stdlib only, zero network capability, nothing leaves your machine.
curl -O https://kilasec.com/agents/connectors/discover/kilasec_discover.py
less kilasec_discover.py # one file, on purpose — read it first
python3 kilasec_discover.py dns.log --html report.htmlFeed it what you have
Formats are auto-detected; mix freely in one run:
- DNS logs — dnsmasq / Pi-hole (
query[A] host from ip), or any DNS server export via the generic parser - Zeek —
ssl.log/dns.log, TSV or JSON lines - Squid — native
access.log(CONNECT lines carry the destination host) - A packet capture — classic pcap from
tcpdump -w; it extracts DNS queries and TLS ClientHello SNI (SNI is cleartext in the handshake) - Anything else — firewall/proxy exports usually work through the generic parser: hostname-shaped tokens plus the first private IP per line
No logs at all? One capture window on your egress interface is enough:
tcpdump -i eth0 -w capture.pcap 'port 53 or port 443' -G 3600 -W 1
python3 kilasec_discover.py capture.pcap --html report.htmlWhat the report shows
- Known AI providers — matched against the same ~30-endpoint registry the collector uses (OpenAI, Anthropic, Azure OpenAI, GitHub Copilot, Gemini, Bedrock, Groq, OpenRouter, local Ollama, …), with per-source attribution, counts, first/last seen.
- Consumer frontends — chatgpt.com, claude.ai, Copilot and Gemini web: humans in browsers, listed separately from agent/SDK traffic.
- Suspects — hosts on nobody's list with LLM-gateway-shaped names (
ollama,llm,vllm,litellm,inference, …) or traffic to port 11434. This is where shadow gateways show up.
What it deliberately can't see
DNS and SNI reveal who talks to what — never what was said. Payloads stay encrypted end to end; this tool has no decryption capability and no way to send data anywhere (CI fails if a network-capable import ever appears in the file).
That's also the honest boundary: finding credentials or PII inside prompts, per-request policy, and redaction require an inline TLS-inspecting proxy — the collector, with scope controlling exactly which model endpoints get decrypted. Run discovery first; decide about inspection with the numbers in front of you.