Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

scanning executable files

Adam | Last updated: Jul 31, 2017 04:28PM UTC

Hello, I am looking for help on scanning a exe file that is on a website we are hosting. It always takes a long time to scan it and never finds anything. There is no errors message or timeouts. I try to find a way to scan this item better, I was not able to find anything. If I have miss something in forum please let me know. Rest of the website when I scan does great.

PortSwigger Agent | Last updated: Aug 01, 2017 07:11AM UTC

Hi Adam, Thanks for your inquiry. Does the web server treat the exe as a static file? That is the normal case, although there are some (very rare) examples of Windows web servers using an exe for the web application. If it is static, Scanner is probably running slowly because the file is large. And there are no tests that are likely to find results on a static exe file. It's probably best to remove it from your target scope. Please let us know if you need any further assistance.

Burp User | Last updated: Aug 03, 2017 03:47PM UTC

OK, I have a question if this is static file. I talked with webserver admin, one of the exe files only gets upgrade if from vendor sends update. Is that a static file ??

PortSwigger Agent | Last updated: Aug 07, 2017 10:09AM UTC

Yes, that does sounds like a static file. To be clear we mean static as in "the exe does not run on the server" not "the exe never changes"

Burp User | Last updated: Aug 07, 2017 07:38PM UTC

Correct exe does not run on the server Ok great that just save me hours of scanning thank you very much

Amol | Last updated: Sep 10, 2022 07:03PM UTC

How to scan .exe file on burpsuite.

Michelle, PortSwigger Agent | Last updated: Sep 12, 2022 02:57PM UTC

Thanks for your message. Burp Suite Professional is used to scan websites for vulnerabilities rather than looking for issues with specific exe files. I hope this helps.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.