How can I tell what a website was written in?

Question

I'm looking for a series of 'tells' that indicate what a website was written in and/or what web framework is being used and maybe what web server software is used. Obvious examples would be the page extensions, http headers, page features, like VIEWSTATE, cookie names and such. Obviously, these tells could be faked or suppressed so I'm not looking for a foolproof way but some typical dead giveaways.

Edit: I'd love to have a definitive list of default web page extensions, cookie names and such. I thought of this question because I want to know what a web site with .do was written in (Java Struts, I think) -- but this is a question that comes up all the time.

Edit: Seems a real hard one to tell is Ruby on Rails.

It is assumed that an answer like .asp = Classic ASP means that by default .asp is served by Microsoft's ASP, but not all Classic ASP serves .asp pages and not all .asp pages are served by Classic ASP.

Answer 1

Outside of the items you've listed (extenstions, cookie names, etc) there is little to nothing to determine what a site is written in. Anything can generate HTML, without you knowing the details of how that HTML was generating.

Answer 2

If page suffixes have ".faces" then it's most likely Java using JSF.

Answer 3

You could also use this nifty site. It reports information about server uptime, what they're running and so on. This gives a little more insight into whats going on server-side.

As you can see SO runs on a Windows Stack, with server 2008 and IIS 7.

Depending on the site you will notice more information, some servers send back more detailed headers like so: http://uptime.netcraft.com/up/graph?site=slashdot.org

Clearly slashdot is running Perl (as most already know)

Answer 4

As pointed out, there is no definitive answer. However, becoming familiar with frameworks and how they generate content will give you clues on what they are written in.

Having done Drupal work for the past year, I am fairly adept at figuring out if a site is drupal, based mostly on default class names, how html is generated, default paths etc..

After all, the point of a framework is smart (customizable) defaults that are often left as they are.

Answer 5

This is a very broad question so I guess my answer is sort of vague but one thing I find useful is to look at the DOM element names and CSS class names used on the page.

If the page was generated by a framework such as Joomla, DotNetNuke, Drupal, Django, Wordpress.. and the list goes on.. there will be elements on the page that will always have very specific IDs and CSS classnames. That's how Themes work.

For instance, a Joomla site will have most of it's elements prefixed with "ja_". Also, the body element is given an Id of "bd". You will likely encounter an element that has the CSS class name "ja_moduletable". And the list goes on and on..

It's very similar for the other frameworks.

Answer 6

If page suffixes have ".do" then it's most likely Java using Struts.

This is the default configuration, and the suffix can be changed to anything the developer chooses. But most apps keep the default.

Answer 7

Firebug under Firefox is a great tool for gathering clues.

• Common page extensions:
  • .asp = classic ASP
  • .aspx = ASP.NET Webforms
  • .jsp = Java Server Pages
  • .cfm = ColdFusion
  • .pl = Perl
  • .shtml = static html w/ server-side includes (IIS or Apache)
• SharePoint tell: credential demand on /_layouts/settings.aspx
• DotNetNuke: lots of DNN ids in the HTML + dnn.control.initMenu in script
• ASP.NET Webforms: __VIEWSTATE hidden field (yuck) and __doPostBack javascript
• ASP.NET in general under IIS: HTTP Header "X-Powered-By: ASP.NET"
• IIS7 HTTP Header: "Server: Microsoft-IIS/7.0"
• ASP.NET MVC: HTTP Header "X-AspNetMvc-Version: 1.0"

http-stats also has lots of good info on http headers.

Anyone know of a way to determine hosting provider from IP and what that hosting provider supports?

Answer 8

http://builtwith.com

Answer 9

I have got the perfect answer for you.

Goto Site : http://www.sitonomy.com/ and enter url it will give following details.

Affiliate Networks

Subscription

Programming Languages

Server Software

Answer 10

On a number of sites, I've been able to determine the underlying framework or content management system by looking for the <meta name="generator"/> tag, e.g.

<meta name="generator" content="WordPress 2.0.2" />

On some other sites that didn't contain the <meta name="generator"/> tag, I was able to determine the underlying framework or content management system from JavaScript imports, e.g.

<script type="text/javascript" src="/misc/drupal.js?d">

Answer 11

As has been mentioned, determining this from HTTP headers, file extensions and so on can be hit-and-miss.

By far the most reliable method is reading the site's blog..

Using stackoverflow as an example, you can tell exactly what it's written with by looking at this post

Another example is Facebook, they have a developer blog, and an open-source page with various projects they have created. Digg have a Github account. Slashdot is open-source

Another similar method is to look for job-postings by the company running the site - if they're primarily looking for Ruby on Rails developers, chances are that is the main language/framework they use. A final "low-tech" method is to simply email them and ask..

May not work for many sites, and it's hardly something you can write a script to determine, but it is reliable..

Answer 12

With Rails, you're usually looking for one of several signs, usually in the headers. Rails will often output an X-Runtime header, but other frameworks may as well. Session IDs for Rails are typically going to be 32 characters long and the cookie ID will usually begin with an '_' character, but again, that's not guaranteed. ETag will almost always be present in any recent Rails deployment and will usually be a 32 character MD5 hash surrounded by double quotes. Applications can and do override these defaults. A lot of Rails apps have a Status header being passed back. It's supposed to get processed and removed by the proxy server but often that doesn't happen.

Any of these server headers are going to mean a Ruby-based framework. Doesn't guarantee Rails though; could also be Merb or Sinatra or one of the other minor Ruby frameworks.

Telltale Passenger headers:

Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7l DAV/2 Phusion_Passenger/2.0.1
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.1

Telltale Mongrel headers:

Server: Mongrel 1.1.5

Telltale Webrick headers:

Server: WEBrick/1.3.1 (Ruby/1.8.6/2008-08-11)

Telltale Thin headers:

Server: thin 1.2.1 codename Asynctilicious Ultra Supreme

Rails deployments also commonly put Apache, nginx, or lighttpd in front of their application server instances. This proxying may or may not override the application server's Server headers. But if you see lighttpd or especially nginx, that's far more likely to be a Rails app on the backend.

Answer 13

Extensions are not 100% reliable. Many people remap asp to php so that the pages appear with php extensions but are in fact asp.

Another example is myspace that appears to be running ColdFusion but is in fact running ASP.NET