Drupal is considered one of the most secured CMS (content management system) and for any person that are looking to host web application securely he will give it a big priority, if you are going to audit a Drupal website you can check DPScan.
DPScan is an open source python based utility that will crawl your website and give you list of module/plugins you have and if there is a gap that you have missed during the implementation. For using this tool you need just to select the website as follows:
> python DPScan.py [Target]
If you will be using this scanner and you find no vulnerabilities discovered this not necessarily mean that your website secure as you need to check other stuff like infrastructure and profile your website to understand what tools and information required to be included in your pentest report but DPScan remain a good addition for what you are doing. You can download the tool at the following link.