ZeroTrace OSINT
User-Agent Parser
Browser, engine, OS, device, and bot identification with version-staleness flagging and Client-Hints synthesis.
The user-agent parser takes a User-Agent string and returns the structured components — browser, engine, operating system, device, and (where applicable) bot identification.
For log analysis, traffic-source attribution, and detecting fake user agents, this is the right tool.
What you get
For any User-Agent string:
| Field | Example |
|---|---|
| Browser | Name + version (e.g. Chrome 119) |
| Engine | Name + version (e.g. Blink 119) |
| Operating system | Name + version (e.g. Windows 11) |
| Device | Type (desktop / mobile / tablet / smart-TV / console) and model where derivable |
| Bot flag | True if the UA is a known crawler / bot |
| Bot source | Name + URL of the bot when known (e.g. Googlebot, bingbot, Shodan inspector) |
| Version staleness | Flag if the browser version is significantly older than current |
| Client-Hints synthesis | Equivalent UA-CH headers for the same client |
Bot identification
The parser ships with a curated catalog of known bots:
- Search-engine crawlers — Googlebot, Bingbot, DuckDuckBot, Yandex, Baidu.
- Social-media crawlers — Facebook, Twitter, LinkedIn, Pinterest preview-fetchers.
- Security scanners — Shodan, Censys, Shadowserver, Quad9.
- AI crawlers — GPTBot, Claude-Web, CCBot, Anthropic-AI, PerplexityBot, ChatGPT-User.
- Generic / suspicious — UAs that look bot-shaped but do not announce themselves.
For each known bot, the parser surfaces the bot's official documentation URL — useful for confirming behaviour or contacting the operator.
Version staleness
Browsers release on roughly six-week cycles. A user agent reporting Chrome 95 in 2026 is significantly stale. The parser flags:
- Current — within ~3 versions of the latest known release.
- Mildly stale — 4 to 12 versions behind.
- Significantly stale — 13+ versions behind. Often an indicator of a managed environment, an embedded browser, or a deliberately-spoofed UA.
The "current" reference is updated with each application release.
A significantly-stale browser is often a fingerprinting target — old browsers have known vulnerabilities, and users on them are higher-value to malware. For SOC use, "all our compromised endpoints are running Chrome 78" is a finding worth pursuing.
Client-Hints synthesis
User-Agent strings are being phased out in favour of Client Hints (UA-CH) — separate headers that announce browser identity in a structured way. The parser synthesises the equivalent UA-CH headers from a UA string:
Sec-CH-UA— browser brand list.Sec-CH-UA-Mobile—?0for desktop,?1for mobile.Sec-CH-UA-Platform—"Windows","macOS","Linux", etc.Sec-CH-UA-Platform-Version— OS version.
Useful for cross-comparing what UA-CH-aware logs would say about the same client.
Bulk UA parsing
Bulk paste accepts many UA strings (one per line). The aggregate table shows browser / OS / device / bot per UA — fast triage of a log column.
The aggregate view groups by browser-family for quick "what browsers do my visitors use" answers.
Pivots
| Click on... | Pivot to |
|---|---|
| Browser name | (no pivot — informational) |
| OS name | (no pivot — informational) |
| Bot URL | URL parser, site analysis |
| Bot name | (no pivot — informational) |
Sources
- All parsing runs locally with a bundled UA-pattern catalog.
- The current-versions reference is bundled.
- The bot catalog is bundled.
The tool works fully offline.