any good free penetration tools?

any good free penetration tools for drupal?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gajendra RathodLead System AdministratorCommented:
First:  Nessus – a security tool that focuses on vulnerability scanning. It is free for personal use.

Second:  Metasploit

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Syed AijazL2 System AdministratorCommented:
Try using Kali Linux. Before it was called as backtrack.

You can install it has a separate OS or boot it directly.
Dave HoweSoftware and Hardware EngineerCommented:
The above general advice is a good start - you will need at LEAST a linux distribution with python, perl, php and so forth. Kali is a good choice, as it will come as standard with tools like metasploit pre-installed, giving you a head start.

For Drupal, I would usually start with an ennumerator - such asDPScan
If you have access to load modules (or can clone your production environment to an acceptance/testing one (usually a good move anyhow :) you can use the security testing modules available on the drupal site. (such as this one)

If none of the modules have any current 'sploits listed in CVE, move on to testing with metasploit (not nessus, as the free version is pretty poor), w3af, and so forth - most of those broad-stroke tools will be available in your distro (particularly if you choose kali :)

Similarly, a common attack against drupal is sqli - use a sqli fuzzer such as burp to test for this - however, unless you get really lucky, you are unlikely to find any in the standard modules (obviously, custom modules or site/theme specific code could be a different manner)

If all else fails, try scylla

In general, a fully patched Drupal installation is pretty solid - the Whitehouse use one, for example - so you are best advised to look for local coding rather than standard modules.
Dave HoweSoftware and Hardware EngineerCommented:
Kali also includes WebShag - not Drupal specific, and haven't tried it, but thought I would mention it :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.