Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Scan Types and Differences

Philip | Last updated: Dec 05, 2023 07:20AM UTC

Background Version: Burp Suite Professional v2023.10.3.6. I have performed few scans (in chronological order) on an URL with and without credentials. The number of requests and the issue found were different. 1. Crawl and Audit - Lightweight (with credentials): 430 requests, 3 issues (2L1I). 2. Crawl and Audit - Deep (with credentials): 1141 requests, 0 issue. 3. Active scans: 70246 requests, 129 issues (12H2M115I). 4. Crawl and Audit - Deep (without credentials): 1143 requests, 1 issue (1H). 5. Passive scans: 98 requests, 0 issue. Question What are the differences between the scans above? What functions do they differ? As it is shown, Active scans did a lot of requests than Deep scan (70246 vs 1141). I have done some Googling on the subject but couldn't find a clear answer. Thank you in advance!

Syed, PortSwigger Agent | Last updated: Dec 05, 2023 10:39AM UTC

Hi,

Each scan type is different with different configurations, so they are bound to have different results, especially with or without authentication.

How can I help you?

Syed

Philip | Last updated: Dec 06, 2023 02:03AM UTC

Hi Syed, I am trying to do a thorough/complete scan on an URL. Deciding between Deep scan and Active scan. As you could see in my result mentioned, the number of request differs by a lot! I am trying to find out the difference in configurations between the two. Would you have documents describing it? Thank you! Philip

Ben, PortSwigger Agent | Last updated: Dec 06, 2023 09:34AM UTC

Hi Philip, There is some documentation around the built-in configurations on the page below: https://portswigger.net/burp/documentation/scanner/scan-configurations/burp-scanner-built-in-configs The general approach for this would be that the more thorough the crawl configuration the more requests are ultimately likely to be sent because Burp is being more thorough/spending more time in terms of identifying locations within the site and will then have more locations when it comes to the auditing phase of the scan. An active scan differs from a crawl and audit scan in that this mode of scanning simply takes the existing requests that are already in Burp (and will have been generated by your other actions, such as manually proxying your traffic) and applies auditing payloads to them. With a full crawl and audit scan, Burp will first crawl the site in order to discover locations before then auditing these discovered locations. It is also worth noting that unless you specify this, all your active scan requests will use the same scan task on the Dashboard which might not give you a true reflection of how many requests are being sent to a single site when compared to a crawl and audit scan i.e. if you right-click and select to carry out an active scan on two separate hosts then these will both use the same scan task unless configured otherwise.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.