Identify Ruby on Rails version on remote deployments without source code access.
This code was created as a proof of concept for a talk I gave at RubyConf Brazil 2021: "Exploring vulnerabilities on Rails apps" (slides are in pt-BR).
If you are interested in server fingerprinting or pentesting in general, check the awesome-pentest repository for more tools.
Install the required Ruby version documented on .ruby-version and execute on your terminal:
$ ruby fingerprinter.rb https://x.y.z
You'll get a list of checks and (hopefully) a list of predicted versions:
Asset pipeline JS with 32 chars ❌
Asset pipeline CSS with 32 chars ❌
Asset pipeline JS with 64 chars ✅ [">=5.1"]
Asset pipeline CSS with 64 chars ✅ [">=5.1"]
CSRF meta tag ✅ [">=3.0.20"]
Default session cookie name ✅ [">0.0.0"]
404 error page v1 ❌
404 error page v2 ❌
404 error page v3 ✅ [">=4.1.0", "<5.2.0"]
404 error page v4 ❌
Phusion Passenger ❌
Rails logo ❌
Retrieving cache (392 releases)
Predicted Rails versions (10 releases):
5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.6.1, 5.1.6.2, 5.1.7
Ruby on Rails version list is downloaded from RubyGems API. Rate limiting or breaking changes may occur. A cache will be stored on versions.tmp file. Delete the file to refresh the list.
This script was created by Wagner Narde.
I have no intention to update or maintain this script as it was created only as a proof of concept. Feel free to fork and modify it. No need for credits.