I am part of a team that manages a public facing cloud platform at my company. We have a large user base running VM's that face the internet. I would like to run an automated scan of our address space and see if anyone is running a Rails app so I can notify them to upgrade their version of Rails to avoid a critical security vulnerability that came out this week.
I've noticed that in some Apache deployments, there is a Passenger Header that is useful:
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.3
Every Rails site has:
meta content="authenticity_token" name="csrf-param'
at least that's what I have consistently seen.
Header responses are not reliable, here are three from various Rails sites:
Server:Apache/2.2.14 (Ubuntu) Server:nginx Server: thin 1.4.1 codename Chromeo
You know nginx and Thin are popular in the Rails community, but that's not conclusive enough to say there is Rails behind it. You would need to run a script that scrapes the site and looks for the meta-tag above. BeautifulSoup is a pretty good if your script is going to be in Python. Mechanize gem is great if you are going with Ruby.