Druscan – free Drupal audit tool

Collect all technical information about your Drupal system (e.g., modules, architecture, performance metrics) and share it with others without exposing sensitive data. Download this open-source tool, run it locally, and get a complete report in 20 minutes!

Download from GitHub

Need Drupal data for a cost estimate when switching agencies? Use Druscan!

When migrating a Drupal website to a new agency or requesting estimates from multiple vendors, sharing full databases and complete source code access raises serious security and confidentiality concerns.

The problem

You need 3–5 agencies to prepare accurate estimates, but you don’t want to expose confidential data, proprietary code, API keys, or client information to multiple external parties.

The solution

Druscan generates a comprehensive technical Drupal audit report that contains everything needed for accurate estimation—without disclosing database content, business logic, or any sensitive data.

What is Druscan?

Druscan is an open-source tool developed by Droptica for conducting technical audits of Drupal systems.

-

What you share

  • Complete list of modules and dependencies.
  • Content architecture and entity relationships.
  • Performance and security metrics.
  • Code quality statistics (lines of code, complexity, test coverage).
  • Configuration overview and technical requirements.
-

What you protect

  • Actual database content and user data.
  • Proprietary custom code and business logic.
  • API keys and integration credentials.
  • Server access and deployment details.
  • Private files and media assets.

Exemplary areas of analysis in the Druscan report

Druscan automatically analyzes your Drupal system and generates a detailed technical report in HTML and JSON formats. The tool runs locally, ensuring complete data security. Below are example sections you’ll find in the analysis report.

 Complete module overview

 Performance metrics

 Database

 Available updates

 Custom and recommended modules

 AI-based analysis (Cursor mode)

 Content architecture

 Integrations

 Visual diagrams

Druscan generates a complete list of modules in Drupal, showing their versions and security alerts.

Complete module overview

See the full list of modules with versions, patches, and security alerts. This is the foundation for risk assessment, update planning, and realistic cost estimation.

  • Full list of core, contrib, and custom modules.
  • Version and origin details.
  • List of applied security patches.
The Drupal audit tool presents recommendations on which modules need to be updated.

Available updates

Druscan checks module versions and highlights those requiring updates—both feature and security-related. This helps you prioritize system maintenance.

  • Information on available module updates.
  • Security alerts for critical versions.
  • Summary of installed patches and update recommendations.
The Drupal audit report with the Druscan tool shows a clear data structure of the analyzed website.

Content architecture

The report reveals the structure of your data: content types, fields, taxonomies, media, roles, and permissions, as well as views and blocks. It helps you understand dependencies and how elements are used throughout the system.

  • Content types with entry counts and activity.
  • Fields, taxonomies, media, users, roles.
  • Views and blocks (types: page, block, feed).
  • Workflows and permissions.
Druscan shows performance metrics such as PageSpeed, WCAG compliance, UX, and SEO.

Performance metrics

Druscan gathers Lighthouse/PageSpeed results, flags bottlenecks, and checks WCAG compliance. You get a clear list of optimization areas and their impact on UX and SEO.

  • Google PageSpeed Insights results.
  • Potential performance bottlenecks.
  • Accessibility (WCAG 2.1) compliance.
-

Custom and recommended modules

You receive quantitative metrics without revealing business logic. This allows you to assess complexity and maintenance costs while keeping your code confidential.

  • Lines of code.
  • Custom routing.
  • Information about automated tests.
The Drupal audit tool identifies existing integrations with external services.

Integrations

Druscan identifies modules integrating with external services and shows which APIs are in use without exposing access keys. This simplifies security audits and ecosystem planning.

  • List of modules integrating with external services.
  • Information on connected APIs (without access keys).
The Drupal audit report with Druscan catches errors and performance issues related to the database.

Database

The report detects database errors and performance symptoms from the dblog without exposing real user data. You’ll see what needs attention before it becomes an incident.

  • Database errors.
  • Performance issues.
A Drupal audit conducted with AI support in Cursor mode generates a repair plan and time estimates.

AI-based analysis (Cursor mode)

Based on collected data, AI suggests fix priorities, time estimates, and action points. Treat this as a fast “repair plan” to be verified by your team.

  • Fix recommendations with priorities.
  • Estimated repair time for each task.
  • Action items categorized by security, performance, and maintenance.
Druscan allows you to better understand the Drupal system by presenting graphical diagrams with content.

Visual diagrams

Automatic menu structures and graphical content architecture maps help quickly understand the system. Perfect for onboarding or discussing changes with stakeholders.

  • Automatic menu structure diagrams.
  • Visualized content architecture.

Other Druscan use cases

Druscan isn’t just for cost estimation. Here are other situations where the audit report saves time and increases project security:

Security assessment

Check for vulnerabilities and outdated modules.

Technical debt estimation

Evaluate maintenance costs and update complexity.

Performance analysis

Identify bottlenecks and optimization opportunities.

Team onboarding

Give new developers or teams a full project overview.

Quality verification

Ensure your current agency follows best practices.

Documentation

Create comprehensive technical documentation for your website.

Druscan is an open-source tool for technical auditing of Drupal, which is available for free.

How Druscan works

Running Druscan takes just a few minutes. Simply download the repository, link it to your local Drupal project, and run one command in your terminal.

1. Install
Clone the GitHub repository and create a symlink to your locally running Drupal project on DDEV.

2. Choose a mode

  • Basic mode: Collects raw technical data (JSON + HTML)
  • AI (Cursor) mode: Additionally generates recommendations and repair estimates

3. Run the audit
Enter the GitHub command in your terminal.

4. Get your report
In 15–20 minutes, you’ll receive a complete HTML report ready to share with agencies.

All technical requirements are listed in the GitHub documentation.
 

Run a Drupal audit in 15 minutes

Download Druscan, perform a quick technical Drupal audit, and understand your website better than ever before.

Download from GitHub