• Subscribe to the low volume list for updates.

Drupal Security Scan

Security Scanner for Drupal installations to quickly identify potential security issues, server reputation and other aspects of the web server.

Drupal is one of the worlds leading content management system. It is used on a large number of high profile sites. It is known for its security and being extensible. Perform a simple Drupal security test by filling out the following form. Our system will test your website in a non-intrusive manner and display any discovered vulnerabilities or configuration errors.

Launch Drupal (Droopescan) Security Scan

Perform an immediate Free Drupal Scan with a low impact test .

Check any Drupal based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test Drupal with Droopescan, Nikto, OpenVAS and more.

Items checked in the FREE scan
 Attempt to detect version of Drupal Core
 Find Plugins in HTML response
 Identify theme in use
 List client side JS in page
 List iframes in page
 Test for directory indexing enabled on key locations
 Check Google Safe Browse for reputation
 Get IP information and Geolocation

Login for Advanced Scanning with Droopescan
Aggressive enumeration of plugins, themes, version and interesting urls.

  • Detect version, interesting URLS and extensions with Droopescan
  • Identify the attack surface through extension and theme enumeration
  • Test Drupal with OpenVAS and Nikto Scanners
  • Access to 27 Vulnerability Scanners and OSINT Tools
  • Trusted Open Source Tools

About Drupal Security Testing

This scan will test a Drupal installation for common security issues, mis-configurations as well as performing a web reputation analysis of sites that are being linked and sites that are hosted on the same IP address. The Free scan is a passive scan in that all the information gathered is from performing regular web requests against the specified site.

The more aggressive second option uses the excellent droopescan to brute force theme and module/plugin paths in an attempt to discover the sites attack surface. With information about the installed extras known vulnerabilities can be exploited or further security testing can be more targeted.

Our range of online web security testing for Drupal and other web platforms has you covered for a variety of use cases.

The freely available tools perform analysis from a simple page grab. Through examination of the HTML source code, javascript and a few other open publicly accessible pages it is possible to gain immediate insights into the state of security on the target site. This is without sending any aggressive security scanning, using only passive analysis methods.

Our second form of scanning involves using active security testing tools (OpenVAS, Nikto, Droopescan are examples) that send hundreds of requests against the target site to enumerate and find security issues (vulnerabilities) that are not immediately apparent from passive analysis.

published CVE's (vulnerabilities) for
Drupal and its components

Comprehensive Security Testing

  • Get informed with detailed technical reporting
  • Assess the Security Posture of Any Web Site
  • Test underlying server and network accesses
  • Attack Surface Analysis with Bulk Testing
  • Intelligence for Red Teams, Blue Teams and Web Site Ops
  • Full Access to 28 Vulnerability Scanners & Tools

Comparing the Options

Members get access to the full suite of security tools. It's a go bag for security testing.

Free Drupal Security Check

  • Drupal Version Check
  • Threat Intelligence (Blacklist) Checks
  • Directory Indexing on common locations
  • Sites Externally linked from main page (threat intel check of host)
  • List Components and Modules detected through passive HTML analysis
  • Javascript linked (including host blacklist check)
  • Server, Hosting and Geo-location Information
Need more than the free option can provide?
Check out the additional benefits that come with a Hacker Target Membership.

Additional Benefits (with Membership)

  • Use Droopescan for active security testing
  • Use OpenVAS to test Drupal & Web Server vulnerabilities.
  • Use Nikto to test website scripts and web framework
  • Passively survey sites in bulk for web technologies and other details
  • Monitor server for port and vulnerability changes (scheduled Nmap & OpenVAS)
  • With Membership you have full access to all security testing tools including port scanner, web server testing and system vulnerability scanner.
Become a Member Now
7 day money back guarantee

About the Droopescan Project

Droopescan is an open source project developed in python. One of the things we love about open source security solutions is that you can not only run the tool and get results; but also dig into the code and understand what is being tested and why it is being tested. Knowledge is the ultimate cyber weapon.

To run the tool locally for yourself grab the latest version from github. Another option is to use the popular Kali Linux distribution that includes droopescan.