Finds Drupal version, modules, theme and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.
Drupal Penetration Testing
Speed-up your penetration test using this scanner. You don't need to install or configure anything, it is just ready-to-go. Quickly discover Drupal version and its vulnerabilities, Drupal plugins, themes and other specific configuration issues.
Check if your own installation of Drupal is updated and properly configured. See how your Drupal installation looks from the perspective of an external attacker.
Third-Party Website Audit
If you are a web development company, you can also show this report to your clients and prove that you have implemented the proper security measures in the Drupal website.
This is a custom scanner which implements all the security checks performed by known Drupal scanners such as CMSMap or Droopescan but also adds new security tests on top.
The list of tests performed by the Drupal vulnerability scanner includes:
Fingerprint the server software and technology
Fingerprint the Drupal installation
Find installed Drupal modules
Find the current Drupal theme
Search for vulnerabilities affecting the current Drupal version
Check for directory listing
Search for default install files
Verify the communication security (HTTPS settings)
Attempt user enumeration using Views module
Attempt user discovery using Forgot Password
Check if the login page is accessible
Check if user registration is enabled
The scan is performed remotely, without authentication, in a black-box manner. This simulates an external attacker who tries to penetrate the target website. However, no harmful actions are performed and all identified problems are presented in the final report.
This is the url of the Drupal website that will be scanned. All urls must start with http or https. Don't forget to specify the complete path to the base directory of the Drupal installation (if exists). Ex. http://targetdrupal.com/path/.
How it works
The scanner performs a series of passive and active checks to identify the Drupal version, modules, themes and the current system configuration.
Furthermore, the Drupal core vulnerabilities are extracted from a local database which is periodically updated with the latest vulnerabilities which affect Drupal. The vulnerabilities are reported according to the identified Drupal version.