Report functionality for Enterprise edition
It is possible or planned for the Enterprise edition a "Generate Report" functionality, like the one that is available on the Professional edition? or even a better one? it would be great if we can generate pdf reports of the performed scans, as many other tools can.
Thanks in advance
Currently this isn’t possible. What we’ve been advocating instead is that you create a view-only user for the report recipient. We think this is a more fluent workflow than emailing PDF reports as attachments, and enabled future features like marking issues as false positives.
However, lots of people have asked to be able to generate reports so we will add this in future.
The latest release of Burp Enterprise includes an HTML Scan summary report, downloadable from the Scan results page. The report lists issues grouped by host and then issue type. For each issue the issue type, path, severity and confidence are included. There is an option to include or exclude any issues that are marked as false positive.
Please let us know what, if any, additional information would be useful or is needed in this report.
we are currently evaluating Burp Enterprise and so far we are quite happy about PortSwigger pushing an Enterprise version!
Answering to your call for features, we have some suggestions regarding the reporting feature. The report might be divided into two views:
- summary view, and
- detailed view
whereas the detailed view includes all information from the summary. The possibility to include all visible information from the web UI also in the report would be fantastic!
-- attack vector (e.g. used XSS payload)
-- vulnerable parameter
-- color of severity levels
-- sort function for each column (e.g. severity, confidence)
-- report generation with exclusion feature (e.g. without confidence column)
-- machine readable export format (e.g XML, JSON)
-- IP address of the scanned target (only the domain is in the report)
-- General information of the scanned site (e.g. screenshot of index site and title attribute)
-- Example: XSS (reflected) - /account.php - parameter accountid - <script>alert(1)</script>
-- Complete coverage of the "issue" from the burp enterprise web UI (e.g. advisory information, req/resp)
-- Reason for encountered "Network errors"
-- inclusion feature (e.g. complete response - as the response in the issue is "snapped")
Thanks for the detailed feedback.
We’ve logged these requests in our development backlog to ensure they are considered when planning new content for the reporting feature. At this point, however, we’re unable to say whether or not they will be implemented.
Please let us know if you need any further assistance.