Security Scanner for Drupal installations to quickly identify potential security issues, server reputation and other aspects of the web server.

Drupal is one of the worlds leading content management system. It is used on a large number of high profile sites. It is known for its security and being extensible. Perform a simple Drupal security test by filling out the following form. Our system will test your website in a non-intrusive manner and display any discovered vulnerabilities or configuration errors.

Launch Drupal (Droopescan) Security Scan

Perform an immediate Free Drupal Scan with a low impact test.

Check any Drupal based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test Drupal with Droopescan, Nikto, OpenVAS and more.

Items checked in the FREE scan
  • Attempt to detect version of Drupal Core
  • Find plugins in HTML response
  • Identify theme in use
  • List client side JS and iframes in page
  • Test for directory indexing enabled on key locations
  • Threat Intel & Blacklisting Checks

Membership is required for advanced Drupal Enumeration & Vulnerability Scanners

  • Detect version, interesting URLS and extensions with Droopescan
  • Identify the attack surface through extension and theme enumeration
  • Test Drupal with OpenVAS and Nikto Scanners
  • Access to 27 Vulnerability Scanners and OSINT Tools
  • Trusted Open Source Tools

About Drupal Security Testing

This scan will test a Drupal installation for common security issues, mis-configurations as well as performing a web reputation analysis of sites that are being linked and sites that are hosted on the same IP address. The Free scan is a passive scan in that all the information gathered is from performing regular web requests against the specified site.

The more aggressive second option uses the excellent droopescan to brute force theme and module/plugin paths in an attempt to discover the sites attack surface. With information about the installed extras known vulnerabilities can be exploited or further security testing can be more targeted.

Our range of online web security testing for Drupal and other web platforms has you covered for a variety of use cases.

The freely available tools perform analysis from a simple page grab. Through examination of the HTML source code, javascript and a few other open publicly accessible pages it is possible to gain immediate insights into the state of security on the target site. This is without sending any aggressive security scanning, using only passive analysis methods.

Our second form of scanning involves using active security testing tools (OpenVAS, Nikto, Droopescan are examples) that send hundreds of requests against the target site to enumerate and find security issues (vulnerabilities) that are not immediately apparent from passive analysis.


published CVE's (vulnerabilities)
for Drupal and its components

Comprehensive Security Testing

  • Get informed with detailed technical reporting
  • Assess the Security Posture of Any Web Site
  • Test underlying server and network accesses
  • Attack Surface Analysis with Bulk Testing
  • Intelligence for Red Teams, Blue Teams and Web Site Ops
  • Full Access to 28 Vulnerability Scanners & Tools

Comparing the Options

Members get access to the full suite of security tools. It's a go bag for on demand security testing.

Free Joomla Security Check
  • Drupal Version Check
  • Threat Intelligence (Blacklist) Checks
  • Directory Indexing on common locations
  • Sites Externally linked from main page (threat intel check of host)
  • List Components and Modules detected through passive HTML analysis
  • Javascript linked (including host blacklist check)
  • Server, Hosting and Geo-location Information
Additional Benefits (with Membership)
  • Use Droopescan for active security testing
  • Use OpenVAS to test Drupal & Web Server vulnerabilities.
  • Use Nikto to test website scripts and web framework
  • Passively survey sites in bulk for web technologies and other details
  • Monitor server for port and vulnerability changes (scheduled Nmap & OpenVAS)
  • With Membership you have full access to all security testing tools including port scanner, web server testing and system vulnerability scanner.
Become a Member Now
7 day money back guarantee

About the Droopescan Project

Droopescan is an open source project developed in python. One of the things we love about open source security solutions is that you can not only run the tool and get results; but also dig into the code and understand what is being tested and why it is being tested. Knowledge is the ultimate cyber weapon.

To run the tool locally for yourself grab the latest version from github. Another option is to use the popular Kali Linux distribution that includes droopescan.