Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Whole vulneratibility scan on whole host (or subdomain , or sub URL) with the PRO version

Nicolas | Last updated: Sep 10, 2024 10:56AM UTC

Hello, I plan to go for the Burp Pro in the near future, but I have one question. Is it possible to run an injection scan / file upload (without need to specify what kind, SQL, command etc..) on a whole domain (or subdomain or sub "folder" of url)? I know that I can do it request by request but it is not obvious in the documentation that it is possible to do a web vulnerability scan for a whole website at one time. Thanks

Dominyque, PortSwigger Agent | Last updated: Sep 11, 2024 08:02AM UTC

Hi Nicolas, Yes, it's possible to do a scan for a whole website. You would simply need to put the URL of the website in the 'URLs to scan' section of the scan configuration. It would be a matter of ensuring your target scope is set up correctly. When the scan is kicked off, it'll scan the whole domain for all vulnerabilities that our scanner can find (https://portswigger.net/burp/documentation/scanner/vulnerabilities-list) I hope this answers your question, please let me know if not.

Nicolas | Last updated: Sep 12, 2024 05:02AM UTC

So it will scan all pages included in the scope, find all input field, and fuzz them automatically?

Dominyque, PortSwigger Agent | Last updated: Sep 12, 2024 12:52PM UTC