Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burpsuite Report - To include what scan/checkers were used

Vinay | Last updated: Sep 28, 2021 05:39PM UTC

We get the Burpsuite report showing any vulenrabilities (High-Informative) it finds. However this report is doesn't shows what scan types was performed (e.g. Active scan, or Passive scan or individually selected issues). We often get ask my external team/customer - for such information. Would it be possible to generate the report of: - What scan types are enabled - What is configured as in-scope and exclusion list Please advise. Thanks, Vinay

Vinay | Last updated: Sep 28, 2021 08:47PM UTC

If there is a way to generate a report with Burpsuite configurations - please advise.

Ben, PortSwigger Agent | Last updated: Sep 30, 2021 10:55AM UTC

Hi Vinay, It sounds like you are using Burp Professional, is that correct?

Vinay | Last updated: Oct 12, 2021 10:49PM UTC

Yes, that's correct. We are using Burp Suite professional v. 2021.4.3

Ben, PortSwigger Agent | Last updated: Oct 13, 2021 07:38AM UTC

Hi Vinay, The issue with this is that reports are generated within Burp Professional on a per-host basis rather than a per-scan basis. This means that the vulnerabilities detailed in any report for a particular host might have been found by various different actions i.e. if you perform a scan against a site, perform some manual proxying of that site and then perform another scan against the same site - all the vulnerabilities discovered from these different actions will be recorded against the host and will be included in any report that is generated.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.