Drupal is a free and open-source web content management system written in PHP and distributed under the GNU General Public License. Drupal provides a back-end framework for at least 13% of the top 10,000 websites worldwide – ranging from personal blogs to corporate, political, and government sites. Wikipedia

-- Wikipedia


A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe. GitHub - droope/droopescan

droopescan scan drupal -u <ip>

Search for creds

./sites/default/settings | grep -i pass

Interesting files

Web Security Geeks - The Security Blog: Pentesting CMS : Wordpress Joomla Drupal

Default files: “CHANGELOG.txt”, “UPGRADE.txt”, “README.txt”
Configuration file location: [examplesitefortesting.com]/sites/default/settings.php
Plugin location: [examplesitefortesting.com]/?q=[pluginname]


Activate php filter plugin to allow php code execution in posts

Last updated