Burp community forum

export scan report in headless mode?

Clement | Last updated: Aug 27, 2015 04:48AM UTC

If we run Burp in headless mode, can we export scan reports? If so, what are the command line options for that? We run our own python scripts that send HTTP requests, which pass through Burp and Burp does active scanning. I also look at carbonator for exporting reports in headless mode. But it seems that carbonator requires specifying the schema, FQDN and port, which does not apply in my case.(In my case, active scans will be trigger by external scripts that does manual crawling) Just wondering whether there is other Burp extension I can use. Thanks

PortSwigger Agent | Last updated: Aug 27, 2015 08:46AM UTC

You cannot generate reports using any command line options, but you can do so via the API when your scan has been performed: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#generateScanReport(java.lang.String,%20burp.IScanIssue[],%20java.io.File) Have a look at the source code for Carbonator to see how it works. You can possibly modify that code to do what you need.

You need to Log in to post a reply. Or register here, for free.