Burp Suite User Forum

Create new post

How do i just scan the target URL and its subdomains?

CyberCypher | Last updated: May 26, 2024 05:31PM UTC

I would like to know how i set this up so that it scans only the target URL and any subdommains it may find and anything else is not. As i keep getting other junk in the target tab such as facebook, google etc. I try remove them from scope but it just hides it from the tabs but still crawls them. So how can i set this so it only scans/crawls THE TARGET URL and any subs it may find. Thanks in advance.

Syed, PortSwigger Agent | Last updated: May 27, 2024 09:32AM UTC

Hi CyberCypher,

You can use Burp's Scope settings to do this. If you navigate to Settings>Project>Scope, here you will be able to set in-scope URLs and then use the 'Drop all out-of-scope request' checkbox to drop any request that is not in scope.

You can even use advanced scope control to set the domain and any subdomains in scope. For example, something like this would allow all subdomains of test.com to be in-scope: .*\.test\.com$

I hope that helps.

CyberCypher | Last updated: Jun 01, 2024 08:19PM UTC

Thanks for the reply. I have tried this but i get an error saying that onf of the URLS are not in scope. Please see the attached pic. https://ibb.co/J7t3BT8

CyberCypher | Last updated: Jun 01, 2024 08:26PM UTC

Also, without using advanced scope control and just checking the box to drop all out of scope requests, now no scan works. nothing gets crawled or audited even if i right click on the target tree and click "add to scope" and the retry the scan, nothing.

Syed, PortSwigger Agent | Last updated: Jun 03, 2024 08:18AM UTC

Hi,

It could be that you have accidentally set everything out of scope. Please email us at support@portswigger.net and share a screenshot of your scope settings with us.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.