Klint is a C++23 incident response scanner designed for Linux environments, focusing on detecting kernel-level threats such as hidden kernel modules, rootkits, and compromised syscall tables. It operates as a single binary with no dependencies beyond the standard C library, making it easy to deploy in restricted settings. The tool is capable of running several self-registering scanners that assess different components like network sockets and syscall integrity, providing outputs in both human-readable and machine-readable formats. The scanner employs a multi-view approach, cross-referencing various kernel data sources to enhance detection accuracy. For example, it compares module visibility across `/proc/modules`, `/sys/module`, and `/proc/kallsyms` to identify hidden Loadable Kernel Modules. It also validates syscall entrypoints and inspects ftrace function hooks for signs of malicious activity. Each scan runs in a forked child process, ensuring that the failure of one scanner doesn’t impact the others, and results are serialized as JSON for easy integration into automated workflows. Klint is designed for operational efficiency, with exit codes indicating the status of the scan — 0 for clean, 1 for findings, and 2 for errors. The scanning process can be customized through command-line options, allowing users to run specific scanners or exclude certain checks. Building the tool from source is straightforward, requiring only a few commands and specific dependencies, making it accessible for security professionals looking to enhance their incident response capabilities.