Drupal, launched in 2001 is the third and final CMS we’ll cover on our tour through the world of common applications. Drupal is another open-source CMS that is popular among companies and developers. Drupal is written in PHP and supports using MySQL or PostgreSQL for the backend. Additionally, SQLite can be used if there’s no DBMS installed. Like WordPress, Drupal allows users to enhance their websites through the use of themes and modules
Discovery/Footprinting
A Drupal website can be identified in several ways, including by the header or footer message Powered by Drupal, the standard Drupal logo, the presence of a CHANGELOG.txt file or README.txt file, via the page source, or clues in the robots.txt file such as references to /node.
curl -s http://drupal.inlanefreight.local | grep DrupalAnother way to identify Drupal CMS is through nodes. Drupal indexes its content using nodes. A node can hold anything such as a blog post, poll, article, etc. The page URIs are usually of the form /node/<nodeid>.
Drupal supports three types of users by default:
Administrator: This user has complete control over the Drupal website.Authenticated User: These users can log in to the website and perform operations such as adding and editing articles based on their permissions.Anonymous: All website visitors are designated as anonymous. By default, these users are only allowed to read posts.
Enumeration
curl -s http://drupal-acc.inlanefreight.local/CHANGELOG.txt | grep -m2 ""There are several other things we could check in this instance to identify the version. Let’s try a scan with droopescan as shown in the Joomla enumeration section. Droopescan has much more functionality for Drupal than it does for Joomla.
droopescan scan drupal -u http://drupal.inlanefreight.local