Drupal Security Scan

Security Scanner for Drupal installations to quickly identify potential security issues, server reputation and other aspects of the web server.

Drupal is one of the worlds leading content management system. It is used on a large number of high profile sites. It is known for its security and being extensible. Perform a simple Drupal security test by filling out the following form. Our system will test your website in a non-intrusive manner and display any discovered vulnerabilities or configuration errors.

Drupal Security Testing

Perform a Free Drupal Security Scan with a low impact test.

Check any Drupal based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test Drupal with the dedicated Active Checks, Nikto, OpenVAS and more.

Low Impact Recon Immediate Results No login required

Scan Mode

Passive Scan

Non-intrusive reconnaissance that gathers information without sending large numbers of requests. Check list of common security issues.

Active Scan

Advanced options; detailed enumeration of modules, themes, users and checks for sensitive files. Uses large number of requests that may trigger monitoring systems.

Login / Membership Required

Target URL(s)

Valid Target(s)
www.example.com
https://example.com/

Enumeration Scope Top 100 modules/themes All modules/themes (slower) Choose the depth of module and theme enumeration

This is a passive scan that does not send large numbers of intrusive requests to the target.

Only scan systems you have permission to scan.
This is an active scan that can trigger security monitoring systems and affect running services.

Agree to Terms of Service (required)

Scan Site Processing

---

OpenVAS Scanner Overview

Membership Benefits

Access advanced network mapping and regular scan schedules.

Detect

Detect version, interesting URLS and extensions with Droopescan

Identify

Identify the attack surface through extension and theme enumeration.

Access Granted

To 27 Vulnerability Scanners & IP Tools.

Test

Test Drupal with OpenVAS and Nikto Scanners

Use Cases Membership Plans

About Drupal Security Testing

Comprehensive Security Testing

• Get informed with detailed technical reporting
• Assess the Security Posture of Any Web Site
• Test underlying server and network accesses
• Attack Surface Analysis with Bulk Testing
• Intelligence for Red Teams, Blue Teams and Web Site Ops
• Full Access to 28 Vulnerability Scanners & Tools

Use Cases & more info

Compare Free Check vs Membership

Start with a free Drupal security check, then upgrade for deeper testing and full access to the security toolkit.

About Droopescan and Active Drupal Testing

Droopescan is a well-known open source project for Drupal, Joomla, Moodle, SilverStripe, and WordPress enumeration. It has been a useful tool for understanding how web application fingerprinting and component discovery work, and it remains a good reference project for security researchers and defenders.

Our Drupal active scan no longer relies on Droopescan directly. Instead, it uses our own maintained checks designed to better reflect current Drupal deployments and provide more up-to-date testing coverage.

For users who want to explore the project, Droopescan is available on GitHub and may also be found in security-focused distributions such as Kali Linux.