Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Scan Types and Differences

Philip | Last updated: Dec 05, 2023 07:20AM UTC

Background Version: Burp Suite Professional v2023.10.3.6. I have performed few scans (in chronological order) on an URL with and without credentials. The number of requests and the issue found were different. 1. Crawl and Audit - Lightweight (with credentials): 430 requests, 3 issues (2L1I). 2. Crawl and Audit - Deep (with credentials): 1141 requests, 0 issue. 3. Active scans: 70246 requests, 129 issues (12H2M115I). 4. Crawl and Audit - Deep (without credentials): 1143 requests, 1 issue (1H). 5. Passive scans: 98 requests, 0 issue. Question What are the differences between the scans above? What functions do they differ? As it is shown, Active scans did a lot of requests than Deep scan (70246 vs 1141). I have done some Googling on the subject but couldn't find a clear answer. Thank you in advance!

Syed, PortSwigger Agent | Last updated: Dec 05, 2023 10:39AM UTC

Hi,

Each scan type is different with different configurations, so they are bound to have different results, especially with or without authentication.

How can I help you?

Syed

Philip | Last updated: Dec 06, 2023 02:03AM UTC

Hi Syed, I am trying to do a thorough/complete scan on an URL. Deciding between Deep scan and Active scan. As you could see in my result mentioned, the number of request differs by a lot! I am trying to find out the difference in configurations between the two. Would you have documents describing it? Thank you! Philip

Ben, PortSwigger Agent | Last updated: Dec 06, 2023 09:34AM UTC