Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Use GraphQL API to initiate a scan and perform delta

asdf | Last updated: Jun 18, 2020 09:19PM UTC

How can I use Burp Enterprise GraphQL API to initiate a scan (using an app. name or URL) and perform a delta (compare between new and old scan) Can you please provide the exact syntax / query to do the above tasks. Thanks!!

Uthman, PortSwigger Agent | Last updated: Jun 19, 2020 07:53AM UTC

To create a new scan, you will need to use the CreateScheduleItem mutation (https://portswigger.net/burp/extensibility/enterprise/graphql-api/create_schedule_item.html). An example of how to run this below: mutation CreateScheduleItem { create_schedule_item(input: {site_id: "2", scan_configuration_ids: ["SCAN-CONFIG-ID-HERE", "SCAN-CONFIG-2"]}) { schedule_item { id } } } The above will launch the scan straight away. You need to change 'SCAN-CONFIG-ID-HERE' to the scan configuration ID (or IDs) you want to use. If you want to schedule the scan for a specific time, you need to include the initial_run_time field and pass a timestamp: mutation Schedule { create_schedule_item(input: {site_id: "25", schedule: {initial_run_time: "TIMESTAMP-HERE"}, scan_configuration_ids: ["SCAN-CONFIG-ID-HERE"]}) } One query you may want to run before you do the above: Retrieve all site IDs, names, and scopes: query Sites { site_tree { sites { id name scope { included_urls } } } } The best way to compare between an old and a new scan is through report generation: query GetScanReport { scan_report(scan_id: 34, include_false_positives: false) { report_html } } If you intend to make specific comparisons, you will need to look at the documentation. Please let me know if you have any issues.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.