


Overview
Secure your Drupal site with Drupal Drip
Drupal Drip is a FREE Drupal Security Tool. Simply scan your site and see what Drupal is "dripping" out. Fix the issues and run the scan again. Repeat until everything is fixed. A Drupal site leaks more than most owners realize. The version number sitting in a public file, a username an attacker can pull from a JSON endpoint, an install script that was never locked down: these are the openings that turn into a break-in, and they are invisible from the front end. Drupal Drip exists to show you what an attacker sees the moment they land on your site, so you can close those doors before anyone walks through them. You use it in one click. Open the site you own or are authorized to test, click the Drupal Drip icon, and press Scan. In seconds you get a plain-English report with a letter grade, the problems sorted worst-first, and the exact fix for each one. You harden what it flags, re-scan, and watch the grade climb. The goal is simple: take a Drupal site from "quietly exposed" to a clean A, and keep it there. It is built for the people responsible for a site staying up and staying safe: site owners, Drupal developers, and agencies who want a fast, honest read on a site's exposure without standing up a full scanning stack or reading a single config file by hand. FEATURES • One-click scan with an A-to-F grade and a 0-100 score. • 45 hardening checks covering the exposures attackers probe first: version and default-file leaks, user enumeration, unlocked install and maintenance scripts, exposed config and secrets, open directories, weak access control, and missing security headers. • Username-exposure detection across the endpoints real recon tools use, so you see every login your site is handing out. • Clear visuals: a pass / warning / critical donut, per-category hardening bars, and a score-history trend line. • One-click, Drupal-tuned Google dorks and Wayback Machine lookups to see and clean up what is already publicly indexed. • Smart Drupal detection that recognizes your site even behind a CDN, WAF, or bot challenge (Fastly, Cloudflare, and similar), using the same fingerprints Wappalyzer relies on. BENEFITS • See your real exposure. Know exactly what an attacker would find, instead of guessing whether your site is safe. • Fix, do not just find. Every flagged item comes with the specific, Drupal- correct fix (the module to install, the permission to change, the server rule to add), so a finding is a to-do, not a mystery. • Measure your progress. The grade and trend line turn hardening into something you can watch improve scan after scan. • Trustworthy results. The scan confirms a site is genuinely Drupal before scoring it, and paces its requests gently so it will not trip a rate limiter or skew what it reports. • Nothing to set up. No account, no signup, no server. Install and scan your first site in under a minute. PRIVACY Drupal Drip runs entirely in your browser. It only contacts the site you choose to scan; scan history is stored locally on your machine. No account, no signup, no analytics servers. RESPONSIBLE USE Only scan sites you own or have explicit, written permission to test. Unauthorized scanning may be illegal. You are responsible for how you use this tool.
0 out of 5No ratings
Details
- Version2.1.4
- UpdatedJuly 11, 2026
- Size141KiB
- LanguagesEnglish
- DeveloperWebsite
Email
yfrimer@gmail.com - Non-traderThis developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.
Privacy
This developer declares that your data is
- Not being sold to third parties, outside of the approved use cases
- Not being used or transferred for purposes that are unrelated to the item's core functionality
- Not being used or transferred to determine creditworthiness or for lending purposes