Drupal Security Scan
Security Scanner for Drupal installations to quickly identify potential security issues, server reputation and other aspects of the web server.
Drupal is one of the worlds leading content management system. It is used on a large number of high profile sites. It is known for its security and being extensible. Perform a simple Drupal security test by filling out the following form. Our system will test your website in a non-intrusive manner and display any discovered vulnerabilities or configuration errors.
Perform an immediate Free Drupal Scan with a low impact test .
Check any Drupal based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test Drupal with Droopescan, Nikto, OpenVAS and more.
Attempt to detect version of Drupal Core
Find Plugins in HTML response
Identify theme in use
List client side JS in page
List iframes in page
Test for directory indexing enabled on key locations
Check Google Safe Browse for reputation
Get IP information and Geolocation
Aggressive enumeration of plugins, themes, version and interesting urls.
About Drupal Security Testing
The more aggressive second option uses the excellent droopescan to brute force theme and module/plugin paths in an attempt to discover the sites attack surface. With information about the installed extras known vulnerabilities can be exploited or further security testing can be more targeted.
Our range of online web security testing for Drupal and other web platforms has you covered for a variety of use cases.
The freely available tools perform analysis from a simple page grab. Through examination of the HTML source code, javascript and a few other open publicly accessible pages it is possible to gain immediate insights into the state of security on the target site. This is without sending any aggressive security scanning, using only passive analysis methods.
Our second form of scanning involves using active security testing tools (OpenVAS, Nikto, Droopescan are examples) that send hundreds of requests against the target site to enumerate and find security issues (vulnerabilities) that are not immediately apparent from passive analysis.
1073
published CVE's (vulnerabilities) for
Drupal and its components
Comprehensive Security Testing
- Get informed with detailed technical reporting
- Assess the Security Posture of Any Web Site
- Test underlying server and network accesses
- Attack Surface Analysis with Bulk Testing
- Intelligence for Red Teams, Blue Teams and Web Site Ops
- Full Access to 28 Vulnerability Scanners & Tools
Comparing the Options
Members get access to the full suite of security tools. It's a go bag for security testing.
Free Drupal Security Check
- Drupal Version Check
- Threat Intelligence (Blacklist) Checks
- Directory Indexing on common locations
- Sites Externally linked from main page (threat intel check of host)
- List Components and Modules detected through passive HTML analysis
- Javascript linked (including host blacklist check)
- Server, Hosting and Geo-location Information
Check out the additional benefits that come with a Hacker Target Membership.
Additional Benefits (with Membership)
- Use Droopescan for active security testing
- Use OpenVAS to test Drupal & Web Server vulnerabilities.
- Use Nikto to test website scripts and web framework
- Passively survey sites in bulk for web technologies and other details
- Monitor server for port and vulnerability changes (scheduled Nmap & OpenVAS)
- With Membership you have full access to all security testing tools including port scanner, web server testing and system vulnerability scanner.
About the Droopescan Project
Droopescan is an open source project developed in python
. One of the things we love about open source security solutions is that you can not only run the tool and get results; but also dig into the code and understand what is being tested and why it is being tested. Knowledge is the ultimate cyber weapon.
To run the tool locally for yourself grab the latest version from github. Another option is to use the popular Kali Linux distribution that includes droopescan
.