Drupal Security Scan

Security Scanner for Drupal installations to quickly identify potential security issues, server reputation and other aspects of the web server.

Drupal is one of the worlds leading content management system. It is used on a large number of high profile sites. It is known for its security and being extensible. Perform a simple Drupal security test by filling out the following form. Our system will test your website in a non-intrusive manner and display any discovered vulnerabilities or configuration errors.

Launch Drupal Security Scan

Perform an immediate Free Drupal Scan with a low impact test .

Check any Drupal based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test Drupal with Droopescan, Nikto, OpenVAS and more.

Items checked in the FREE scan
Attempt to detect version of Drupal Core
Find Plugins in HTML response
Identify theme in use
List client side JS in page
List iframes in page
Test for directory indexing enabled on key locations
Check Google Safe Browse for reputation
Get IP information and Geolocation


Login for Advanced Scan with Droopescan
Aggressive enumeration of plugins, themes, version and interesting urls

Detect version, interesting URLS and modules with droopescan
Identify the attack surface through plugin and theme enumeration
Test Drupal with OpenVAS and Nikto Scanners
Membership includes access to 27 Vulnerability Scanners and OSINT Tools
Trusted Open Source Tools

Membership is required for full access; including access to all hosted security scanners. Immediate access is available to new members or login now if you already have an account.

Simplify Security Testing and Save
Hours in Tool Management
Test Security from the attackers perspective.
Fast servers optimized for Internet Scanning.
Over 250'000 scans performed last year.



About the Drupal Security Scan

This scan will test a Drupal installation for common security issues, mis-configurations as well as performing a web reputation analysis of sites that are being linked and sites that are hosted on the same IP address. The Free scan is a passive scan in that all the information gathered is from performing regular web requests against the specified site.

The more aggressive second option uses the excellent droopescan to brute force theme and module/plugin paths in an attempt to discover the sites attack surface. With information about the installed extras known vulnerabilities can be exploited or further security testing can be more targeted.