Bot intelligence record

zgrab

Review first

zgrab is a security scanner from ZMap Project used for security scanning, malware checks, vulnerability assessment, certificate review; it appears in server logs as `zgrab`.

Security Scanner Security Scanning Documented Confidence: Medium Verified: Yes robots.txt: Unknown
Operator
ZMap Project
Family
ZMap Project
Source type
Observed
Last checked
2026-06-22

User-Agent Pattern

ZMap Project
zgrab
Verification note

User-agent strings are identification signals, not proof of identity. Confirm important allow, block, or rate-limit decisions with logs, DNS or IP evidence, request behavior, or operator documentation when available.

Robots.txt Snippet

Click snippet to copy 
User-agent: zgrab
Disallow: /

Click the snippet to copy it, or highlight the text manually.

Handling Guidance

Monitor

Use this record as bot intelligence, then verify the request source and behavior before allowing, blocking, or rate limiting.

zgrab is used for security scanning, malware checks, vulnerability assessment, certificate review, and site-safety analysis.

Record Details

Structured data
Operator
ZMap Project
Family
ZMap Project
Type
Security Scanner
Purpose
Security Scanning
Identity type
Documented
Confidence
Medium
Last verified
2026-06-22
Last checked
2026-06-22
Source type
Observed
Verification
Verify zgrab by matching `zgrab` to ZMap Project evidence, then checking reverse DNS, source-network ownership, signed request data, or published crawler documentation when available.
Spoofing risk
zgrab has medium spoofing risk because user-agent strings can be copied; pair the match with DNS, IP, behavior, or operator evidence.

Notes

  • zgrab is a security scanner from ZMap Project used for security scanning, malware checks, vulnerability assessment, certificate review, and site-safety analysis.
  • Its primary user-agent pattern is zgrab.
  • zgrab is verified with Medium confidence. The identity type is Documented, and the evidence basis is observed traffic patterns and user-agent evidence.
  • zgrab does not have confirmed robots.txt behavior in the available public evidence.
  • zgrab should be monitored first, then rate-limited or blocked if the crawl rate, paths, or behavior are unwanted.

Evidence and Source

  • Verify zgrab by matching `zgrab` to ZMap Project evidence, then checking reverse DNS, source-network ownership, signed request data, or published crawler documentation when available.
  • zgrab traffic is primarily detected by the `zgrab` user-agent pattern. Compare source IPs, reverse DNS, request paths, and crawl cadence with ZMap Project infrastructure before trusting the traffic.
  • zgrab is used for security scanning, malware checks, vulnerability assessment, certificate review, and site-safety analysis.
  • zgrab has medium spoofing risk because user-agent strings can be copied; pair the match with DNS, IP, behavior, or operator evidence.

Similar purpose: Security Scanning

Virusdie Caution

Virusdie

Virusdie is a security scanner used for security scanning, malware checks, vulnerability assessment, certificate review.

Operator and family: Virusdie Type: Security Scanner Purpose: Security Scanning
Verified robots.txt: Unknown Block: Monitor Documented
View Record Open in Edge BotDB
Norton-Safeweb Caution

Norton Safe Web

Norton Safe Web is a security scanner from NortonLifeLock / Gen Digital used for security scanning, malware checks, vulnerability assessment, certificate review.

Operator and family: NortonLifeLock / Gen Digital Type: Security Scanner Purpose: Security Scanning
Verified robots.txt: Unknown Block: Monitor Documented
View Record Open in Edge BotDB
Nmap Scripting Engine High

Nmap Scripting Engine

Nmap Scripting Engine is a security scanner from Nmap Project used for security scanning, malware checks, vulnerability assessment, certificate review.

Operator and family: Nmap Project Type: Security Scanner Purpose: Security Scanning
Verified robots.txt: Unknown Block: Block Documented
View Record Open in Edge BotDB
Google-Transparency-Report Caution

Google Transparency Report

Google Transparency Report is a security scanner from Google used for security scanning, malware checks, vulnerability assessment, certificate review.

Operator and family: Google Type: Security Scanner Purpose: Security Scanning
Verified robots.txt: Yes Block: Monitor Documented
View Record Open in Edge BotDB

Monitor This Bot In Edge

Botcrawl Edge

Use Botcrawl Edge to see matching traffic, identify related datacenter activity, and create allow, block, rate-limit, or log rules across connected sites.

Get Edge Now Open in Edge BotDB