Burp Suite User Forum

Login to post

Dastardly - Restrict URLs

Mike | Last updated: Aug 20, 2023 07:37PM UTC

Hey, Is there anyway I can add to/restrict URLs for the Dastardly scanner? There are some URLs (e.g. the CMS login page) I would also like scanned which aren't on my site to crawl. Additionally, I don't need it to scan every blog post or my sitemap.xml It would be great if I could either pass in a txt file or links or use something like the robots file to direct it. Thanks.

Alex, PortSwigger Agent | Last updated: Aug 21, 2023 08:05AM UTC

Hi Mike, Thanks for your post. Dastardly scans only provision a single start URL for the scan - there is no configuration option to specify further additional included/excluded URLs. For that level of control (and additional configuration options) you would require the CI-driven scans functionality/integration as part of Burp Suite Enterprise. I've linked this below if it's of any interest: https://portswigger.net/burp/documentation/enterprise/integrate-ci-cd-platforms CI-Driven scans are essentially "full fat" Dastardly and are included as part of the Burp Suite Enterprise license. The CI-driven scan container is backed by a configuration.yaml that allows you to control all elements of the scan via environment variables. Let me know if you have any further questions. Best regards,

You need to Log in to post a reply. Or register here, for free.