Drupal Version Checker

Find out exactly which Drupal version any site is running, whether it is out of date or end-of-life, and which CVEs affect it. Free online tool, no installation, runs right in your browser.

Free tier
No Signup Required
Instant Results
EOL detection
https://

No credit card required • Instant results

Used by developers, agencies, and site owners to audit Drupal installs

Header + meta + changelog detection
End-of-life flagging

Pinpoint the Core Version

Identify the Drupal core version even when a CDN strips the obvious headers, by combining several detection signals.

  • X-Drupal-Cache & X-Generator headers
  • Generator meta tag
  • CHANGELOG.txt parsing
  • Core asset path analysis

End-of-Life Check

Drupal 7, 8, and 9 are all end-of-life. We flag whether the detected major version still receives security coverage.

  • Supported vs EOL major version
  • Live lifecycle data
  • Upgrade-path guidance
  • Outdated / current flag

Known CVEs Surfaced

The version check runs the full scan, so you also see vulnerabilities tied to that Drupal release, including the Drupalgeddon class.

  • 100K+ CVE cross-reference
  • Remote-code-execution flags
  • CVSS severity scoring
  • One scan, full picture

Why Your Drupal Version Matters

Drupal runs many government, education, and enterprise sites, which makes it a high-value target. The Drupalgeddon vulnerabilities were exploited en masse within hours of disclosure. Once a major version reaches end of life it stops receiving security patches entirely, so knowing the exact version a site runs is the first step to staying secure.

Frequently Asked Questions

How do I check what Drupal version a site is running?

Enter the site URL above and run the scan. ScanTower detects Drupal from the X-Drupal-Cache and X-Generator headers, the generator meta tag, CHANGELOG.txt, and core asset paths, then reports the version and whether it is current.

Why does Drupal often only show the major version (like 10)?

Modern Drupal exposes only the major version in its generator meta tag, and many sites remove CHANGELOG.txt. We report the most precise version available and clearly distinguish a confirmed point release from a major-version-only detection.

Can it tell if a Drupal site is end-of-life?

Yes. Drupal 7, 8, and 9 have all reached end of life. We flag whether the detected major version is still supported and receiving security coverage, which is critical because EOL Drupal stops getting patches entirely.

Does this tell me if the site is vulnerable?

The version check runs the full scan and cross-references the detected Drupal release against a 100K+ CVE database, including the high-severity "Drupalgeddon" class of remote-code-execution flaws, scored by severity.

Is checking a site's Drupal version legal?

Reading the version a public site already advertises is passive reconnaissance. Run deeper scans only on sites you own or are authorized to test, which is why the tool asks you to confirm permission first.

Related free tools

WordPress Version Checker

Detect any site's WordPress core version and whether it is out of date.

Joomla Version Checker

Find the Joomla version any site is running.

Website Technology Checker

Identify the full tech stack: CMS, frameworks, servers and more.

Website Security Checker

Run a broad security scan across the whole site.

Security Headers Checker

Audit CSP, HSTS and other HTTP security headers.

SSL Certificate Checker

Validate the certificate, chain and expiry of any site.

That's Just the Beginning

FREE

This Drupal Version Check scan caught some issues. Run a Full Security Scan to uncover hidden threats like exposed secrets, malicious scripts, and supply chain attacks this quick check missed.

No Credit CardNo SignupInstant ResultsFree tier