Detect if Rails is Running a Site

Question

I am part of a team that manages a public facing cloud platform at my company. We have a large user base running VM's that face the internet. I would like to run an automated scan of our address space and see if anyone is running a Rails app so I can notify them to upgrade their version of Rails to avoid a critical security vulnerability that came out this week.

I've noticed that in some Apache deployments, there is a Passenger Header that is useful:

X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.3

However, this is not reliable. I'm wondering if there is a reliable way to detect Rails running behind a web server either with response headers or some kind of a GET / POST that can be definitive. Thanks!

Answer 1

Every Rails site has:

meta content="authenticity_token" name="csrf-param'

Or could have a submit button where the name="commit"

At least that's what I have consistently seen.

Header responses are not reliable, here are three from various Rails sites:

Server:Apache/2.2.14 (Ubuntu)
Server:nginx
Server: thin 1.4.1 codename Chromeo

You know nginx and Thin are popular in the Rails community, but that's not conclusive enough to say there is Rails behind it. You would need to run a script that scrapes the site and looks for the meta-tag above. BeautifulSoup is a pretty good if your script is going to be in Python. Mechanize gem is great if you are going with Ruby.

Answer 2

Most rails apps have a submit button where the name="commit"