ZenithDetector METEOR CLIENT KILLER v2.0

ZenithDetector v2.0
Multi-Vector Detection · OpSec / Privacy-Mod Hunting · IP Intelligence · Companion Mod (+ native ClientID) · Web Dashboard​

The biggest update since launch — a free, non-breaking upgrade for everyone. Your existing config.yml keeps working: new keys are inserted automatically and every new feature is opt-in. Still no ProtocolLib, still no required client software, still invisible to your players.

Multi-Vector Detection Engine
Every player is now examined by several independent detectors at once, fused into a single verdict (Clean → Low → Medium → High → Critical) with a hidden-client confidence score. A cheater has to beat every vector at the same time instead of just one — more catches, fewer false positives.

OpSec / Privacy-Mod Detection
Detects the mods built specifically to hide from anti-cheats — OpSec, ExploitPreventer and NoChatReports — using their own evasion behaviour against them:

• Translation-filter probing with multi-locale canary keys
• Local-URL timing probe — a structural tell that can't be masked
• Chat-signature analysis (NoChatReports / OpSec "off" mode)
• Resource-pack spoofer / auto-accept detection

IP Intelligence (optional, off by default)
Alt-account scoring (0–100) from shared IP / subnet / ASN / login patterns, VPN and proxy detection, and an optional login gate that auto-kicks ban-evaders before they spawn. Privacy-first: no IP is stored while disabled, records auto-pruned.

ZenithCompanion — Full Client Visibility
For networks that require a client mod, the optional ZenithCompanion turns every player into an authoritative source of truth — far beyond what covert detection can read from a client:

• Authoritative mod & pack list — every installed mod (with per-jar SHA-256) and active resource pack, reported on join. No more guessing from what a client leaks.
• Cheat / X-ray flagging — reported mods matched against a built-in, fully editable list.
• Anti-alt — links accounts on the same machine via a persistent install ID + hardware signature, and surfaces other Minecraft usernames stored locally by launchers. Never collects passwords, emails or tokens.
• Resilient reporting — the report still reaches the dashboard even if a client-side anti-detection mod tries to block the in-game channel.
• Branded Discord Rich Presence — put your server on players' Discord profiles.

Build a fully white-labelled Companion jar straight from the dashboard (custom name, package, icon) and hand players a one-click public download link. Platforms: Fabric & NeoForge, Minecraft 1.21.x.

Native ClientID Support — One Plugin, No Add-ons
Already running the popular ClientID (Novinity) mod? ZenithDetector reads it natively. Players using ClientID surface their full mod and resource-pack list — and show up in the dashboard — exactly like ZenithCompanion users, handled entirely by the single ZenithDetector plugin. No separate ClientID plugin to install, run or keep updated. Enabled by default, observe-only.

Live Web Dashboard
A full companion web app, managed by us — no self-hosting:

• Real-time detections with per-player history, timeline and evidence
• Org-private analytics — trends, top offenders, peak hours
• Works on any host — including Aternos, free panels and shared hosting that block inbound ports (Push mode), or a whitelisted IP (Pull mode)
• Multiple servers under one organisation
• Visual config builder with live preview
• Companion & ClientID players surfaced on a dedicated page (mod list, threat ranking, alts)
• Public live demo, and instant self-service activation (verify your purchase — no tickets)

Integrations & Enforcement

• AntiCheat bridge — GrimAC, Vulcan and Spartan flags trigger an automatic probe
• Native Discord webhook reports (no dashboard required)
• PlaceholderAPI (%zdetect_*%)
• Nexo / ItemsAdder resource-pack auto-detection
• Per-severity enforcement commands (warn / kick / ban by tier)

Quality of Life & Performance

• Granular alerts — staff receive only the alerts they care about, filtered per detection module and per severity
• On-screen scanning indicator — an optional action-bar / boss-bar message as a visible deterrent
• Folia-native and fully async — no measurable TPS impact

Now Runs on the Latest Minecraft
Compatibility now spans the full 1.21 line and the new Minecraft 26.x — on Paper, Purpur, Pufferfish and Folia, Java 21–25. A single jar covers them all.



Upgrading
Drop in the new jar. Your config migrates automatically, every new feature is off until you enable it, and all existing commands work exactly as before.

Requirements: Paper 1.21.4+ (through Minecraft 26.x) · Java 21+ · no ProtocolLib, no dependencies.

Already own ZenithDetector? This update is yours, free.​

v1.1.0
Web Dashboard · Public Fingerprint Registry · Discord Bot

Major non-breaking update. The Java plugin is unchanged — same engine, same commands, same config.yml. A full companion web service now ships alongside it.​

---

// WEB DASHBOARD

Live at zenithprojects.it/ZenithDetector

• Sign in with Discord — server roles drive permissions
• Customer dashboard with stats, submissions, verified fingerprints, team
• Optional 2FA TOTP (Google Authenticator / Authy / Aegis / 1Password) with Argon2id-hashed backup codes
• Append-only audit log of every privileged action

// SELF-SERVICE FINGERPRINT REGISTRY

Until today, adding a new mod to detect meant pinging support. Now:

• Drop the mod's .jar on the site
• Sandboxed parser extracts translation keys from assets/<mod>/lang/*.json
• Staff approves or rejects each candidate with a reason
• Public registry of approved entries — JSON API at /api/fingerprints.json

Anti-zip-bomb safeguards: magic-bytes check, 10k entry cap, 200 MB uncompressed cap, 100:1 ratio cap, per-file 5 MB cap. The jar is never executed.

// DISCORD BOT

Five slash commands now live in the support server:

• /zd-whoami — your profile + organization
• /zd-org-invite @user — invite 1 sub-customer (DM with Accept/Decline + automatic role assignment)
• /zd-org-cancel-invite — cancel a pending invitation
• /zd-org-list — show your organization members
• /zd-org-kick — remove the sub-customer

// HARDENED SECURITY

• CSRF on every POST, strict CSP, HSTS, no inline JS
• Per-IP login throttle (5 failed attempts → 1h block)
• Append-only audit log of every privileged action
• systemd hardening on the host (NoNewPrivileges, ProtectSystem=strict, MemoryDenyWriteExecute, etc.)
• Daily encrypted backups, hourly cleanup of expired sessions / invites

// COMING IN v1.2

• Automatic in-plugin sync from the public registry (no more manual config.yml edits)
• Bot DM notifications on verify/reject
• Auto role assignment on purchase via webhook

---

How to access
After purchase, join the support Discord and request the customer zdetector role.
Then sign in at zenithprojects.it/ZenithDetector.

The Java plugin stays plug-and-play with the same config.yml you already have.​

What Is ZenithDetector?

ZenithDetector is a passive, invisible client-detection engine for Paper 1.21.4 servers.
It exploits how Minecraft's sign editor serialises translatable and keybind components — forcing clients to reveal themselves through their own translation pipeline, with zero client-side footprint.

---

Update — Detection History, GUI & Unified Command

This update introduces persistent detection history, a live GUI panel, and a fully restructured command interface — everything you need to review player check results at a glance, without digging through chat logs.

---

🗂 Detection History

Every confirmed detection is now permanently recorded.

• Persistent storage — confirmed detections are saved to history.json in the plugin folder and survive server restarts.
• One entry per day — multiple join/leave cycles on the same calendar day are grouped into a single daily record, keeping the history clean and readable.
• Configurable retention window — set history.max-days in config.yml (default: 14 days); records older than the window are automatically pruned on startup.
• Per-session timestamps — each confirmed session stores its join time and quit time, so you always know the exact window in which a client was flagged.
• Offline player support — history is stored by UUID, so you can look up players even when they are offline.

---

🖥 Live Staff GUI

Open with /zdetect gui — in-game only.

Online-players panel (54 slots)

• Displays a player skull for every currently online player.
• Each skull shows:
  • Current session status (Clean or DETECTED) and detected module names.
  • A warning badge if that player has at least one confirmed detection in the history window.
  • Join time of the current session.
• Supports pagination (← / →) when more than 45 players are online.
• Click any skull to open that player's detail panel.

Player-detail panel (36 slots)

• Top row: Player skull with full current-session info (join time, confirmed status, detected modules). If the player is offline, shows their last confirmed detection instead.
• History rows: Up to 14 day slots — one green glass pane per confirmed detection day.
  • Each slot lore lists every session of that day with its join → quit times and detected module names.
• Back button (top-right) returns to the online-players panel.

---

⌨ Restructured Command Interface

/zd removed. /zdetect is now the unified entry point.

Command	Description	Permission
/zdetect check <player> [modules]	Run a client probe (same as before)	zenithdetector.check
/zdetect gui	Open the live staff GUI	zenithdetector.check
/zdetect history <player>	Print confirmed detection history in chat	zenithdetector.check
/zdetect info <player>	Show last-join session status in chat	zenithdetector.check

• /zenithdetector is retained as an alias for backwards compatibility.
• /zd has been removed.
• All existing subpermissions (zenithdetector.reload, zenithdetector.alerts, zenithdetector.checklang, zenithdetector.bypass) are unchanged.

/zdetect history <player>
Outputs a chronological list of confirmed-detection days for the target (online or offline), each with session join → quit windows and module names.

/zdetect info <player>

• If online: shows current session join time and whether the current session already has a confirmed detection.
• If offline: shows the most recent confirmed session on record (date, join, quit, modules).

---

⚙ Configuration Changes

A new section has been added to config.yml:

Code:

history:
  max-days: 14   # Days of per-player detection history to retain

ConfigUpdater automatically inserts this key into existing configs — no manual migration needed.

---

🛠 Technical Notes

• Detection history is stored in plugins/ZenithDetector/history.json (human-readable JSON).
• Only confirmed detections are persisted. Clean sessions and false positives are discarded on player quit.
• In-memory session tracking begins at join so the GUI always shows a live "current session" status even before a check completes.
• The GUI uses a custom InventoryHolder (ZenithGuiHolder) — no title-string matching, fully safe across reload cycles.
• All file I/O is synchronous on the main thread; detections are infrequent enough that this has no measurable impact.

What changed

ZenithDetector's most effective scan mode works by sending a resource pack to the player on join — the client is busy loading the pack, the loading screen covers everything, and the scan runs completely invisible. For this to work, ZenithDetector needs the URL of your server's resource pack.

Until now, you had to find that URL yourself and paste it manually into scan-pack-url in the config — and repeat the process every time the pack changed or the server restarted.

What's new

• Auto-detection from Nexo and ItemsAdder — Enable auto-detect-pack: true and ZenithDetector will read the resource pack URL directly from Nexo or ItemsAdder. No copy-pasting, no digging through configs.
• Always up to date — The URL is resolved on every server start, every /zdreload, and automatically every time Nexo or ItemsAdder reload their pack. If your pack URL changes, ZenithDetector updates with it instantly.
• Non-breaking — The feature is disabled by default. If you don't use Nexo or ItemsAdder, nothing changes. scan-pack-url still works as a manual fallback if auto-detection can't find a valid URL.

How to enable
In your config.yml, under join-trigger:

Code:

auto-detect-pack: true

Then run /zdreload. The console will confirm the detected URL.