CMS Tests

Drupal Scanner

Detect vulnerabilities and exploits in Drupal core, plugins, and weak configurations.

Sign up for a Pro Account to scan Drupal modules for security vulnerabilities and get in-depth results.

Scan type
  • Light scan

  • Full scan

Reporting

Sample Report

Here is a Drupal Scanner sample report that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Shows known vulnerabilities which affect the identified Drupal version (core and plugins)

  • Includes checks for known Drupal configuration issues

  • Provides detailed risk description and recommendations for improvement

Drupal Vulnerability Scanner Report Sample

How to use the pentesting tool

Use Cases for Drupal Scanner

Finds Drupal version, modules, theme, and their vulnerabilities. Checks for common Drupal misconfigurations and weak server settings.

  • Drupal Penetration Testing

    Speed-up your penetration test using this scanner. You don't need to install or configure anything, it is just ready-to-go. Quickly discover Drupal version and its vulnerabilities, Drupal plugins, themes and other specific configuration issues.

  • Security Self-Assessment

    Check if your own installation of Drupal is updated and properly configured. See how your Drupal installation looks from the perspective of an external attacker.

  • Third-Party Website Audit

    If you are a web development company, you can use this report to prove to your clients that you have implemented proper security measures in their Drupal-based website.

Better vulnerability discovery. Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Pentest-Tools.com Drupal Vulnerability Scanner Sample Report

Drupal Scanner

Technical Details

This is a custom scanner that implements all the security checks performed by known Drupal scanners such as CMSMap or Droopescan but also adds new security tests on top.

The list of tests performed by the Drupal vulnerability scanner includes:

  • Fingerprint the server software and technology
  • Fingerprint the Drupal installation
  • Find installed Drupal modules
  • Find the current Drupal theme
  • Search for vulnerabilities affecting the current Drupal version
  • Check for directory listing
  • Search for default install files
  • Verify the communication security (HTTPS settings)
  • Attempt user enumeration using Views module
  • Attempt user discovery using Forgot Password
  • Check if the login page is accessible
  • Check if user registration is enabled

Parameters

ParameterDescription
Target URLThis is the URL of the Drupal website that will be scanned. All URLs must start with http or https. Don't forget to specify the complete path to the base directory of the Drupal installation (if it exists) e.g. http://targetdrupal.com/path/.

How it works

The scanner performs a series of passive and active checks to identify the Drupal version, modules, themes, and the current system configuration.

Furthermore, the Drupal core vulnerabilities are extracted from a local database which is periodically updated with the latest vulnerabilities which affect Drupal. The vulnerabilities are reported according to the identified Drupal version.

See the Sample report for a detailed output of the scanner.