Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Report functionality for Enterprise edition

Nicolas Paredes Mar 08, 2019 06:25PM UTC

It is possible or planned for the Enterprise edition a "Generate Report" functionality, like the one that is available on the Professional edition? or even a better one? it would be great if we can generate pdf reports of the performed scans, as many other tools can.

Thanks in advance

Paul Johnston Mar 11, 2019 03:24PM UTC Support Center agent

Currently this isn’t possible. What we’ve been advocating instead is that you create a view-only user for the report recipient. We think this is a more fluent workflow than emailing PDF reports as attachments, and enabled future features like marking issues as false positives.

However, lots of people have asked to be able to generate reports so we will add this in future.

Liam Tai-Hogan May 21, 2019 09:27AM UTC Support Center agent

The latest release of Burp Enterprise includes an HTML Scan summary report, downloadable from the Scan results page. The report lists issues grouped by host and then issue type. For each issue the issue type, path, severity and confidence are included. There is an option to include or exclude any issues that are marked as false positive.

Please let us know what, if any, additional information would be useful or is needed in this report.

Florian Jul 17, 2019 11:40AM UTC

we are currently evaluating Burp Enterprise and so far we are quite happy about PortSwigger pushing an Enterprise version!

Answering to your call for features, we have some suggestions regarding the reporting feature. The report might be divided into two views:
- summary view, and
- detailed view
whereas the detailed view includes all information from the summary. The possibility to include all visible information from the web UI also in the report would be fantastic!

* Summary:
-- attack vector (e.g. used XSS payload)
-- vulnerable parameter
-- color of severity levels
-- sort function for each column (e.g. severity, confidence)
-- report generation with exclusion feature (e.g. without confidence column)
-- machine readable export format (e.g XML, JSON)
-- IP address of the scanned target (only the domain is in the report)
-- General information of the scanned site (e.g. screenshot of index site and title attribute)
-- Example: XSS (reflected) - /account.php - parameter accountid - <script>alert(1)</script>

* Details:
-- Complete coverage of the "issue" from the burp enterprise web UI (e.g. advisory information, req/resp)
-- Reason for encountered "Network errors"
-- inclusion feature (e.g. complete response - as the response in the issue is "snapped")


Rose Krawczuk Jul 18, 2019 11:18AM UTC Support Center agent

Hi Florian

Thanks for the detailed feedback.

We’ve logged these requests in our development backlog to ensure they are considered when planning new content for the reporting feature. At this point, however, we’re unable to say whether or not they will be implemented.

Please let us know if you need any further assistance.

Post Your public answer

Your name
Your email address