Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp suite enterprise API to download report

Mathews, | Last updated: Aug 27, 2021 05:39PM UTC

Hi, My name is Dinse from CSAA insurance. We have an enterprise license. We are using burp enterprise and would like to know the option to export scan report using an API. Our goal is to scan the application automatically and generate report automatically. We are able to trigger the scan from jenkins or schedule it within enterprise. But we want to extract xml / csv report right after the scan with all vulnerabilities. Please help us to provide API details to use extract report.

Alex, PortSwigger Agent | Last updated: Aug 31, 2021 08:35AM UTC

Hi, Thanks for your post. To receive a report for any scans initiated/scheduled via the GUI, you can configure your SMTP server within the "email" section of the settings page. You will then be able to add email recipients as needed when configuring a scan. Once the scan has completed, the specified user will receive a copy of the report via email. To receive a report for any scans initiated via CI/CD integration, you can add the optional setting to your build steps to specify where you want the report to be stored, and the type of report needed. I've linked the details for this below: https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd/optional-settings You can also explore our GraphQL documentation which includes queries for generating reports: https://portswigger.net/burp/extensibility/enterprise/graphql-api/ScanReport.html Currently, reports are generated as HTML only, although we are planning to add further formats in a future release. I hope that helps, any questions just let us know. Thanks

Mathews, | Last updated: Aug 31, 2021 05:29PM UTC

Thanks for your response. Can you give some more insight on executing example from https://portswigger.net/burp/extensibility/enterprise/graphql-api/ScanReport.html? From where do I execute it and how? query get_report( ... } } We have installed enterprise version and applied the license key with embedded database. Is it possible to connect embedded database and query the scan result with scan id , site name etc? How can i migrate embedded database to mysql 8.0 database and connect burp to mysql? I goal is to get scan results in as a query results. So that we can make use of the scan results the way we want for automation purpose.

Mathews, | Last updated: Aug 31, 2021 05:29PM UTC

Thanks for your response. Can you give some more insight on executing example from https://portswigger.net/burp/extensibility/enterprise/graphql-api/ScanReport.html? From where do I execute it and how? query get_report( ... } } We have installed enterprise version and applied the license key with embedded database. Is it possible to connect embedded database and query the scan result with scan id , site name etc? How can i migrate embedded database to mysql 8.0 database and connect burp to mysql? I goal is to get scan results in as a query results. So that we can make use of the scan results the way we want for automation purpose.

Mathews, | Last updated: Aug 31, 2021 05:33PM UTC

sorry; typo in above message; "Our goal is to get scan results as a query results from the database for automation". We noticed that from burp enterprise UI that , there is an option to get NEW vulnerabilities of current scan. We want those as a csv or html etc. Or if we can query from embedded database or mysql database then we can write logic accordingly.

Alex, PortSwigger Agent | Last updated: Sep 01, 2021 09:55AM UTC

Hi, An example of retrieving scan results using the GraphQL API: query GetScan { scan(id: 2) { id issues(start: 0, count: 1000) { issue_type { name description_html remediation_html vulnerability_classifications_html } severity } } } This would return the specified parameters of a particular scan. You can customize with the fields listed in the documentation as required. You can utilize an API client such as Insomnia or Postman for your queries. Alternatively, you could connect your in-house CI/CD platform using our driver as described previously. Migrating from the embedded database is supported - I've linked the process below: https://portswigger.net/burp/documentation/enterprise/administration-tasks/migrating-db I hope that helps, any further questions just let me know Thanks

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.