How to 'detect' a site technology?

Question

I wonder how do +- easy to 'detect' a site server-side web technology (PHP, ASP, etc..)

For some sites is enough to see the links extension(.../logout.php, .../search.aspx, etc).

On the others, like by example stackoverflow :) I can't clearly see page extensions.

Any "recommendations"? Thanks.

Answer 1

Inspect the headers being returned by a web page. IE won't let you see them, but Firefox might somewhere. Alternatively, write a simple web client, or look up Fiddler.

Answer 2

Exposing a site's technology is considered a security vulnerability, as it makes it easier for the attacker.

Therefore, any method that works now might stop working soon... :-)

Answer 3

there's no sure-fire way to detect the remote system, the most trivial obfuscation:

RewriteRule (.*)\basp\b(.*) $1php$2 [L]

with that in mind:

1. look at the HTTP headers sent with a page. e. g. SO:

   Cache-Control       private
   Content-Type        text/plain; charset=utf-8
   Content-Encoding    gzip
   Vary                Accept-Encoding
   Server              Microsoft-IIS/7.5
   Date                Thu, 28 Jan 2010 12:11:28 GMT
   Content-Length      38
   

   headers such as Server are completely the server's discretion and may even (intentionally) lie. that said, most places they're accurate.

2. use nmap to detect the operating system. this may give you info conflicting with what you see on the http level, e. g. when the web server is behind a reverse proxy, port forwarder or firewall.

Answer 4

argh you techie geeks...

here's what you do:

• check out their job offerings
• if admin position available:
  • apply (you might get some details even here, as they'd tell you what's required)
  • get to phone interview bit and ask questions
• if not:
  • ring them and try selling some hardware/technology
  • they'd tell you if that's required and if not that they probably use something else

social engineering :)