views:

515

answers:

10

Maybe like whoishostingthis.com can tell you who is the ISP of a website. Is there a way to find-out what is a website running on ? (so like I can see that stackoverflow.com is running on Rails v9.3.2.1 and digg.com is running mostly drupal but with many customizations )

Thanks.

+6  A: 

You can check the X-Powered-By header. There's a list of common ones here. The header might be not be there if the Admin took it off.

Hope this helps,
Asaf

Asaf R
+4  A: 

I like to type in a random URL (I usually like '/404') and see what the web server reports. if they're smart, they run in production mode, which doenst tell you much but sometimes it'll report a big string of modules and etc. keep in mind, all this stuff can be spoofed. I knew a guy that modified his server to behave like IIS just to watch his logs.

nmap is also a powerful tool for determining web server type.

neoice
+9  A: 

No, there's no way to definitively determine this. Sometimes you can make an informed guess, if pages still have their extension on (.php, etc), or various other methods, but any of these could very well be something the site has done to be misleading on purpose. There's nothing preventing someone from, say, writing a site in Python, but making all their URLs end in .php.

Chad Birch
I worked at a company where (at stupid client request, for stupid political reasons) we 'migrated' a demo from php to asp by doing exactly this.
da5id
Anyone care to explain why this is being modded down?
da5id
Hm, the only logical reason for misleading would be, to prevent attacks following some new security related bugs in the used system ... Wouldn't it be great if there would be a standard way to find out what is the world running... Otherwise, I guess that adoption numbers are quite subjective..
Cip
I wanted to vote the the answer up and seems to work in the other way ..
Cip
Well edited Chad!
da5id
+2  A: 

No, there is no reliable way of determining what framework a website was built on top of. There isn't even an unreliable generic way to do it. In fact, if the website author is carefull enough to make sure no implementation details will leak in the URLs and the responses the web site sends, there is no way at all to determine what it is running. You just have to manually sniff around and hope to stumble upon some clues that will give you an idea. (Though these might be planted intentionally to mislead curious people.)

Case in point: SO is built on top of ASP.NET MVC. However, if you look at SO HTML, you'll notice that it's quite sanitized to prevent any implementation details leaking. It is actually hard to determine how SO is impelemented.

Franci Penov
I said Rails v9.3.2.1 just out of the blue .. I don't if that version number even exists :)) I should have said SnuffyOnRails v6.6.6
Cip
+4  A: 

The closest I can think of is NetCraft's "What's That Site Running": http://toolbar.netcraft.com/site_report?url=http://www.stackoverflow.com

But as is been said, there's no real reliable way to see what framework is being used.

mletterle
+1  A: 

1) Cause an error on the page, often by asking for a bad url, or chopping off a bit of any variables in the URL.

Compare the error to the errors of other languages.

Assuming, of course, you are familiar enough to recognize them. Other obvious ones are from the url if there is a .php, etc in the file.

Good sites will make it harder to figure out but it's always possible.

2) I don't think asking by email simply that you're interested in using their technologies for your own solutions in a different field (maybe even tell them what). Most propellor heads are happy to be helpful and share what they can.

Jas Panesar
A: 

No failsafe way to do it.

There is a firefox plugin called Server Spy, which will interpret the headers and give you a neat little indicator in the status bar, but if someone has changed the headers, then you are out of luck.

Things like changing the casing of filenames and seeing if you get a 404 can give you a hint as to Apache or IIS, inducing other errors can help here too.

Poking around the source code for a few minutes will often reveal some hints as to the framework, DNN, Drupal, WordPress, all have some telltale signs in the markup, but if the coders have gone out of their way to obfuscate it, then it's really a detective game.

seanb
A: 

Of course it can be always be masked, but I have used this tool for years to check on web servers. Getting anything more specific than ASP, PHP, etc is not as easy.

Security Space Web Probe

Sample:

Site being probed: stackoverflow.com

Web Server: Microsoft-IIS/7.0

Page Retrieval Time 0.86 seconds Connect time: 0.19 Wait time: 0.09 Data Recv time: 0.58 Other: 0.00

Size of page: 124630 bytes

This one shows when Hotmail.com (Web Probe) changed from Apache to IIS.

Bratch
A: 

yes - there are reliable ways of discerning information about a site. i challenge anyone who doesn't think so to post a target site for practice.

you don't really even need to be a hacker to get this information, the hacker community has created tools so that anyone can do it. the only thing is that a lot of these tools are trojans - lol...

mson
A: 

WhatWeb is designed to answer this question. The comments above about hackers wanting to profile or fingerprint webapplications are apt. One of WhatWeb's intended uses is to identify a target during a penetration test.

When you view a webpage there is often a lot of subtle information disclosed that identifies the type of web application and web server. WhatWhat collects this information.

It has both passive and aggressive plugin functionality. Passive plugins collect information volunteered by the webserver such as the HTTP Server header, the x-powered-by header and tags. An aggressive plugin will guess URLs in order to learn more information and sometime to identify precise versions of the web application.

WhatWeb requires Linux and is available from http://www.morningstarsecurity.com/research/whatweb

urbanadventurer