The —the /classify endpoint—provides a straightforward, powerful way to obtain per‑connection operating system scores using only passive TCP/IP fingerprinting. Whether you need to detect proxy abuse, enrich analytics data, or harden your security monitoring, Zardaxt’s scoring API gives you a reliable, lightweight solution that works out of the box.
: Explore the official repository for installation and custom database setup.
Zardaxt takes advantage of this approach. Because it only listens for incoming SYN packets—the first step of any TCP connection—it never increases network traffic or alters the client’s experience. This makes Zardaxt ideal for real‑time OS detection on busy web servers, API gateways, or any service that receives TCP connections. zardaxt os scoring link
Written in Python, making it easier to modify and integrate compared to C-based tools like p0f .
: It returns an avg_score_os_class , highlighting the most likely OS and a "perfect score" reference (usually 20.5) to indicate match accuracy. Key Features of the Zardaxt Link Zardaxt takes advantage of this approach
: The order and settings of options like Maximum Segment Size (MSS), SackOK, and Window Scale. 2. Scoring Accuracy
Unlike active fingerprinting tools (like Nmap ), which aggressively probe a client with custom packets to see how it responds, operates entirely invisibly. It simply listens to incoming traffic. Zardaxt reads the raw byte headers of standard traffic without altering data packets or alerting the client. Key TCP/IP Metrics Analyzed by Zardaxt Written in Python, making it easier to modify
When a client attempts to open a TCP connection to your server, the client sends a SYN packet. Zardaxt extracts the following header fields from that packet: