Burp Suite User Forum

Login to post

Burpsuite Report - To include what scan/checkers were used

Vinay | Last updated: Sep 28, 2021 05:39PM UTC

We get the Burpsuite report showing any vulenrabilities (High-Informative) it finds. However this report is doesn't shows what scan types was performed (e.g. Active scan, or Passive scan or individually selected issues). We often get ask my external team/customer - for such information. Would it be possible to generate the report of: - What scan types are enabled - What is configured as in-scope and exclusion list Please advise. Thanks, Vinay

Vinay | Last updated: Sep 28, 2021 08:47PM UTC

If there is a way to generate a report with Burpsuite configurations - please advise.

Ben, PortSwigger Agent | Last updated: Sep 30, 2021 10:55AM UTC

Hi Vinay, It sounds like you are using Burp Professional, is that correct?

Vinay | Last updated: Oct 12, 2021 10:49PM UTC

Yes, that's correct. We are using Burp Suite professional v. 2021.4.3

Ben, PortSwigger Agent | Last updated: Oct 13, 2021 07:38AM UTC

Hi Vinay, The issue with this is that reports are generated within Burp Professional on a per-host basis rather than a per-scan basis. This means that the vulnerabilities detailed in any report for a particular host might have been found by various different actions i.e. if you perform a scan against a site, perform some manual proxying of that site and then perform another scan against the same site - all the vulnerabilities discovered from these different actions will be recorded against the host and will be included in any report that is generated.

You need to Log in to post a reply. Or register here, for free.