Burp Suite User Forum

Login to post

Burp Suite Enterprise vs Pro scanner feature differences

david | Last updated: Jul 14, 2021 02:29AM UTC

Good morning, While testing both Burp Suite Enterprise and Pro versions, a question arose. If you look at the Scanner function of the Enterprise or Pro version, I know that both perform vulnerability checks based on the OWASP Top 10. So, are the two vulnerability DBs the same? I wonder if there is any difference. I know that Enterprise has more DBs based on common sense, but I wonder if it is correct. Best Regards - David

James, PortSwigger Agent | Last updated: Jul 14, 2021 10:36AM UTC

Hi David,

Thanks for getting in touch.

You can access all the issue definitions for Burp Scanner (the 'vulnerability database') here:
Issues Knowledge Base

This is the same for Pro and Enterprise Editions (assuming the versions being used are the same e.g both latest releases).

The easiest way to retrieve them would be using the REST API (it will return them all in JSON format). This can be done by running the GET request for /knowledge_base/issue_definitions. You can find more information on the REST API below:
REST API

For Enterprise, you can access it here (with a configured API user and key):
<ENTERPRISE-SERVER-URL>/api/<API-KEY>/v0.1/
Guide: Enterprise: Creating API Users

If I can help any further please let me know.

You need to Log in to post a reply. Or register here, for free.