Is there a way to find the version of Magento being used without having access to server sided code?
For instance, how does this plugin work
https://chrome.google.com/webstore/detail/magento-version-check/aekpbnbbbgocohlbdpdfgghamedmplal
My thoughts are to check for LICENSE.txt or LICENSE_EE.txt. You can at least determine CE vs EE.
You can also use the copyright year in the default styles.css to form a guess.
Does anyone else know a better way?
The copyright notice in /skin/frontend/default/default/css/styles.css is already a good indicator.
These are the different copyright notices for Magento CE:
Version @copyright
------------------------------------------------------------------------------------------------
Magento 1.9 Copyright (c) 2006-2014 X.commerce, Inc. (http://www.magento.com)
Magento 1.8 Copyright (c) 2013 Magento Inc. (http://www.magentocommerce.com)
Magento 1.7 Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
Magento 1.6 Copyright (c) 2011 Magento Inc. (http://www.magentocommerce.com)
Magento 1.4.1-1.5 Copyright (c) 2010 Magento Inc. (http://www.magentocommerce.com)
Magento 1.4.0 Copyright (c) 2009 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
Magento 1.0-1.3 Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
To distinguish 1.4 and 1.5 you should do an actual diff against the files. This mirror repository on GitHub might help:
For Magento 2 shops you get the version on a silver plate as long as the Magento_Version module is not disabled. Just visit shop-domain.tld/magento_version. Example output:
Magento/2.1 (Community)
However, there is no information about the exact patch version.
If the version module is disabled or access to this URL is blocked, you can also check a default stylesheet like /static/frontend/Magento/blank/en_US/css/print.css. But until now, the copyright notice does not tell much:
Version @copyright
------------------------------------------------------------------------------------------------
Magento 2.0 Copyright © 2016 Magento.
Magento 2.1 Copyright © 2016 Magento.
If the store still has the Magento Connect Module installed and is not purposefully blocking that url from public access to can just access http://www.website.com/downloader the version will be shown at the bottom as per this image.
Technically I think this is the version for the Downloader package, but i've never seen it not match the overall Magento version.
public static function getVersionInfo() there is an array that shows the version. I guess this version also corresponds to the Magento version.
– Buttle Butkus
Jan 12 '16 at 03:39
You can use MD5 hashes of public files (images, css, js) to identify the version.
This repository has a list of hashes for files in js, media, and skin folders.
Here are the unique hashes in json format
{
"skin/adminhtml/default/default/boxes.css": {
"6aefb246b1bb817077e8fca6ae53bf2c": "CE 1.2.0, CE 1.2.0.1, CE 1.2.0.2, CE 1.2.0.3",
"84b67457247969a206456565111c456b": "CE 1.1.2, CE 1.1.3, CE 1.1.4",
"0902e89fb50b22d44f8242954a89300c": "EE 1.12.0.0",
"8a5c088b435dbcf1bbaac9755d4ed45f": "EE 1.12.0.1, EE 1.12.0.2",
"1cbeca223c2e15dcaf500caa5d05b4ed": "CE 1.7.0.0",
"d0511b190cdddf865cca7873917f9a69": "CE 1.1.1",
"a2c7f9ddda846ba76220d7bcbe85c985": "CE 1.2.1, CE 1.2.1.1, CE 1.2.1.2"
},
"js/mage/adminhtml/sales.js": {
"a86ad3ba7ab64bf9b3d7d2b9861d93dc": "CE 1.0",
"d80c40eeef3ca62eb4243443fe41705e": "CE 1.5.0.1",
"95e730c4316669f2df71031d5439df21": "CE 1.1.0",
"bdacf81a3cf7121d7a20eaa266a684ec": "CE 1.5.1.0",
"ba43d3af7ee4cb6f26190fc9d8fba751": "EE 1.14.1.0",
"c8dd0fd8fa3faa9b9f0dd767b5a2c995": "CE 1.9.1.1",
"4422dffc16da547c671b086938656397": "CE 1.4.2.0",
"0e400488c83e63110da75534f49f23f3": "CE 1.3.2, CE 1.3.2.1, CE 1.3.2.2, CE 1.3.2.3, CE 1.3.2.4",
"48d609bb2958b93d7254c13957b704c4": "CE 1.6.1.0, CE 1.6.2.0",
"40417cf4bee0e99ffc3930b1465c74ae": "EE 1.11.2.0",
"5656a8c1c646afaaf260a130fe405691": "CE 1.8.1.0",
"17da0470950e8dd4b30ccb787b1605f5": "CE 1.1.5, CE 1.1.6",
"aeb47c8dfc1e0b5264d341c99ff12ef0": "EE 1.11.0.2",
"ec6a34776b4d34b5b5549aea01c47b57": "EE 1.10.0.2",
"a0436f1eee62dded68e0ec860baeb699": "CE 1.9.1.0",
"5112f328e291234a943684928ebd3d33": "CE 1.1.7, CE 1.1.8",
"7ca2e7e0080061d2edd1e5368915c267": "EE 1.10.1.1",
"a4296235ba7ad200dd042fa5200c11b0": "CE 1.6.0.0",
"9a5d40b3f07f8bb904241828c5babf80": "EE 1.13.1.0",
"3fe31e1608e6d4f525d5db227373c5a0": "EE 1.13.0.0, EE 1.13.0.2",
"26c8fd113b4e51aeffe200ce7880b67a": "CE 1.8.0.0",
"839ead52e82a2041f937389445b8db04": "CE 1.3.3.0",
"d1bfb9f8d4c83e4a6a826d2356a97fd7": "CE 1.3.1, CE 1.3.1.1"
},
"js/mage/adminhtml/product.js": {
"e887acfc2f7af09e04f8e99ac6f7180d": "CE 1.3.0"
},
"skin/frontend/rwd/default/css/styles.css": {
"bf6c8e2ba2fc5162dd5187b39626a3a0": "CE 1.9.0.1",
"5373978891051983da47ac5064b4b2b9": "EE 1.14.0.1",
"8a874fcb6cdcb82947ee4dbbe1822f3e": "CE 1.9.0.0",
"bd66fd43fecd7ca1e293226bb11e1658": "EE 1.14.0.0"
},
"js/prototype/validation.js": {
"295494d0966637bdd03e4ec17c2f338c": "CE 1.4.1.0",
"d3252becf15108532d21d45dced96d53": "CE 1.4.1.1"
},
"js/mage/adminhtml/tools.js": {
"86bbebe2745581cd8f613ceb5ef82269": "CE 1.7.0.1, CE 1.7.0.2",
"ea81bcf8d9b8fcddb27fb9ec7f801172": "CE 1.3.2.2",
"d594237950932b9a3948288a020df1ba": "CE 1.3.2.3, CE 1.3.2.4, CE 1.3.3.0"
},
"js/lib/flex.js": {
"4040182326f3836f98acabfe1d507960": "CE 1.4.0.1",
"eb84fc6c93a9d27823dde31946be8767": "CE 1.4.0.0"
}
}
For instance, if we test the demo Magento store
$ curl -s http://demo.magentocommerce.com/skin/frontend/rwd/default/css/styles.css | md5
8a874fcb6cdcb82947ee4dbbe1822f3e
We see that the hash corresponds to CE 1.9.0.0.
With php it might look like
$url = 'http://demo.magentocommerce.com/';
foreach ((array)json_decode(file_get_contents('hashes.json')) as $file => $hash) {
$md5 = md5(file_get_contents($url . $file));
if (isset($hash[$md5])) {
echo $hash[$md5];
break;
}
}
Note this may not work if the files are minified, patched, have different line endings, etc.
If you have access to admin panel then you can check it through footer for the magento version
Otherwise if permission is not changed you can check RELEASE_NOTES.txt file for the version of magento which can easily tell whether it is EE or community
I've used magescan to determine a remote Magento version:
https://github.com/steverobbins/magescan
It can also scan for patch level, server info, installed modules, catalog, sitemap, unreachable paths, and of course the version. It's a PHP phar and can be installed with composer.
Typical usage:
$ magescan.phar scan:all store.example.com
Nope, it would be bad if it would be publicly posted. Security wise it is ok not telling everything to everybody.
Sometimes frontend functionality will give you a good guess. Because some features are just implemented since edition x. Or paths are build in a manner which is especially for a version.
Same goes with modules, if they have specific frontend functionality and routers pointing to them or class name usage, it can be easily guessed.
You can do this though by (all need a certain level of access):
app/Mage.php) and check app/etc/modules
