Reputation: 91
Detect if Rails is Running a Site
I am part of a team that manages a public facing cloud platform at my company. We have a large user base running VM's that face the internet. I would like to run an automated scan of our address space and see if anyone is running a Rails app so I can notify them to upgrade their version of Rails to avoid a critical security vulnerability that came out this week.
I've noticed that in some Apache deployments, there is a Passenger Header that is useful:
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.3
However, this is not reliable. I'm wondering if there is a reliable way to detect Rails running behind a web server either with response headers or some kind of a GET / POST that can be definitive. Thanks!
Upvotes: 8
Views: 6184
Answers (5)
Reputation: 143
Every Rails site has:
meta content="authenticity_token" name="csrf-param'
Or could have a submit button where the name="commit"
At least that's what I have consistently seen.
Header responses are not reliable, here are three from various Rails sites:
Server:Apache/2.2.14 (Ubuntu)
Server:nginx
Server: thin 1.4.1 codename Chromeo
You know nginx and Thin are popular in the Rails community, but that's not conclusive enough to say there is Rails behind it. You would need to run a script that scrapes the site and looks for the meta-tag above. BeautifulSoup is a pretty good if your script is going to be in Python. Mechanize gem is great if you are going with Ruby.
Upvotes: 8
Reputation: 863
Wappalyzer is a good option, and (shameless plug) have you looked at Spotkick? We're in private beta now, but it's a distributed engine for running open source apps, so you could run Wappalyzer across all of your sites to see what's probably running rails.
I do this for banklook.com - I run over about 6800 banks to dig up details about security risks.
Let me know if you want more details or information.
Upvotes: 0
Reputation: 2128
Another default setting of Rails that is commonly left untouched is the name of the main /assets/application-<hex hash>.{css,js} files.
I don't thing that a single reliable way of detecting Rails exists, but by using a combination of the authenticity_token, the default assets names and the HTTP headers, you should be able do identify the vast majority of the Rails apps.
The Wappalyzer script uses these three criteria and considers that the co-occurrence of two indicates a Rails app.
Upvotes: 0
Reputation: 160551
A Rails app could be running on lots of different ports, depending on the configuration allowed. That, plus the fact that the app might not respond in a way you can recognize, seems like a "sub-optimal" way to find out.
Instead, if you own the hosting, you own the drives and the systems supporting the apps. Why not run a grep across the systems, looking for strings matching Rails.
Or search for some of the standard Rails files; Use find, or locate if you have it running.
Upvotes: 0
Related Questions
- How to detect if a rails app is running under Unicorn?
- how to detect if you are running outside of the rails main app
- how to make sure nginx is running
- how to detect that you rails app is running from a rails runner
- How to check whether my Rails app is running with a dev or production environment while running
- Ruby Checking to see if website exists
- Find out what web server a Rails app is working on on the hosting
- Determine if rails is running under a web server
- How to determine if my passenger is using apache or nginx
- How to detect if rails is at the root url?