ZeroTrace OSINT
User-Agent Parser
Browser, engine, OS, device, and bot identification with version-staleness flagging and Client-Hints synthesis.
The user-agent parser takes a User-Agent string and returns the structured components, browser, engine, operating system, device, and (where applicable) bot identification.
For log analysis, traffic-source attribution, and detecting fake user agents, this is the right tool.
What you get
For any User-Agent string:
| Field | Example |
|---|---|
| Browser | Name + version (e.g. Chrome 119) |
| Engine | Name + version (e.g. Blink 119) |
| Operating system | Name + version (e.g. Windows 11) |
| Device | Type (desktop / mobile / tablet / smart-TV / console) and model where derivable |
| Bot flag | True if the UA is a known crawler / bot |
| Bot source | Name + URL of the bot when known (e.g. Googlebot, bingbot, Shodan inspector) |
| Version staleness | Flag if the browser version is significantly older than current |
| Client-Hints synthesis | Equivalent UA-CH headers for the same client |
Bot identification
The parser ships with a curated catalog of known bots:
- Search-engine crawlers, Googlebot, Bingbot, DuckDuckBot, Yandex, Baidu.
- Social-media crawlers, Facebook, Twitter, LinkedIn, Pinterest preview-fetchers.
- Security scanners, Shodan, Censys, Shadowserver, Quad9.
- AI crawlers, GPTBot, Claude-Web, CCBot, Anthropic-AI, PerplexityBot, ChatGPT-User.
- Generic / suspicious, UAs that look bot-shaped but do not announce themselves.
For each known bot, the parser surfaces the bot's official documentation URL, useful for confirming behaviour or contacting the operator.
Version staleness
Browsers release on roughly six-week cycles. A user agent reporting Chrome 95 in 2026 is significantly stale. The parser flags:
- Current, within ~3 versions of the latest known release.
- Mildly stale, 4 to 12 versions behind.
- Significantly stale, 13+ versions behind. Often an indicator of a managed environment, an embedded browser, or a deliberately-spoofed UA.
The "current" reference is updated with each application release.
A significantly-stale browser is often a fingerprinting target, old browsers have known vulnerabilities, and users on them are higher-value to malware. For SOC use, "all our compromised endpoints are running Chrome 78" is a finding worth pursuing.
Client-Hints synthesis
User-Agent strings are being phased out in favour of Client Hints (UA-CH), separate headers that announce browser identity in a structured way. The parser synthesises the equivalent UA-CH headers from a UA string:
Sec-CH-UA, browser brand list.Sec-CH-UA-Mobile,?0for desktop,?1for mobile.Sec-CH-UA-Platform,"Windows","macOS","Linux", etc.Sec-CH-UA-Platform-Version, OS version.
Useful for cross-comparing what UA-CH-aware logs would say about the same client.
Bulk UA parsing
Bulk paste accepts many UA strings (one per line). The aggregate table shows browser / OS / device / bot per UA, fast triage of a log column.
The aggregate view groups by browser-family for quick "what browsers do my visitors use" answers.
Pivots
| Click on... | Pivot to |
|---|---|
| Browser name | (no pivot, informational) |
| OS name | (no pivot, informational) |
| Bot URL | URL parser, site analysis |
| Bot name | (no pivot, informational) |
Sources
- All parsing runs locally with a bundled UA-pattern catalog.
- The current-versions reference is bundled.
- The bot catalog is bundled.
The tool works fully offline.