• Subscribe to the low volume list for updates.

Drupal Security Scan

Security Scanner for Drupal installations to quickly identify potential security issues, server reputation and other aspects of the web server.

Drupal is one of the worlds leading content management system. It is used on a large number of high profile sites. It is known for its security and being extensible. Perform a simple Drupal security test by filling out the following form. Our system will test your website in a non-intrusive manner and display any discovered vulnerabilities or configuration errors.

Launch Drupal (Droopescan) Security Scan

Perform an immediate Free Drupal Scan with a low impact test .

Check any Drupal based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test Drupal with Droopescan, Nikto, OpenVAS and more.

Items checked in the FREE scan
 Attempt to detect version of Drupal Core
 Find Plugins in HTML response
 Identify theme in use
 List client side JS in page
 List iframes in page
 Test for directory indexing enabled on key locations
 Check Google Safe Browse for reputation
 Get IP information and Geolocation

Login for Advanced Scanning with Droopescan
Aggressive enumeration of plugins, themes, version and interesting urls.

  • Detect version, interesting URLS and extensions with Droopescan
  • Identify the attack surface through extension and theme enumeration
  • Test Joomla with OpenVAS and Nikto Scanners
  • Access to 27 Vulnerability Scanners and OSINT Tools
  • Trusted Open Source Tools

About the Drupal Security Scan

This scan will test a Drupal installation for common security issues, mis-configurations as well as performing a web reputation analysis of sites that are being linked and sites that are hosted on the same IP address. The Free scan is a passive scan in that all the information gathered is from performing regular web requests against the specified site.

The more aggressive second option uses the excellent droopescan to brute force theme and module/plugin paths in an attempt to discover the sites attack surface. With information about the installed extras known vulnerabilities can be exploited or further security testing can be more targeted.