Drupal
Enumeration
After identifying a Drupal site, one of the first pieces of information you should try to identify is the version of Drupal running:
Droopescan
Exploitation
Drupalgeddon
Older installations of Drupal are vulnerable to a remote code execution vulnerability dubbed "Drupalgeddon". There is a Metasploit module which works well for exploiting this vulnerability:
Last updated