Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Initiating on demand scan using GraphQL

Abbas | Last updated: Apr 30, 2021 03:54PM UTC

Been trying to initiate an on demand scan using GraphQL API, but can only seem to schedule them. Is this possible? If someone could point me in the right direction i'd appreciate it, i've checked out the documentation but couldn't find what i was looking for.

Abbas | Last updated: Apr 30, 2021 04:31PM UTC

I've found the solution for that now. However i've just noticed a bug. When using the following to initiate a scan; mutation CreateScheduleItem($input: CreateScheduleItemInput!) { create_schedule_item(input: $input) { schedule_item { id } } } It responds back with an ID (in this case 182) but when checking the scan status with this request: query GetScan ($id: ID!) { scan(id: $id) { id status agent { id name } site_application_logins { login_credentials { label username } recorded_logins { label } } audit_items { id issue_counts { total } number_of_requests } scan_configurations { id name } } } It tells me that scan cannot be found. After checking the BS Dashboard, i noticed the ID has actually jumped a digit to 183. So the output of the first request is incorrect compared to the dashboard.

Abbas | Last updated: Apr 30, 2021 04:31PM UTC

I've found the solution for that now. However i've just noticed a bug. When using the following to initiate a scan; mutation CreateScheduleItem($input: CreateScheduleItemInput!) { create_schedule_item(input: $input) { schedule_item { id } } } It responds back with an ID (in this case 182) but when checking the scan status with this request: query GetScan ($id: ID!) { scan(id: $id) { id status agent { id name } site_application_logins { login_credentials { label username } recorded_logins { label } } audit_items { id issue_counts { total } number_of_requests } scan_configurations { id name } } } It tells me that scan cannot be found. After checking the BS Dashboard, i noticed the ID has actually jumped a digit to 183. So the output of the first request is incorrect compared to the dashboard.

Hannah, PortSwigger Agent | Last updated: May 03, 2021 12:34PM UTC

Hi

The schedule items and actual scans each have their own individual ID. This is because the schedule item can refer to either an immediate scan or a recurring scan. Therefore, the actual scan ID can only be determined at runtime.

To retrieve a list of all scans, you might find the following query helpful:
query GetScan {
  scans {
    id
    }
  }

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.