Key features include:

• User-directed scanning, with ability to scan individual requests and selected regions of the target application.
• "Live scanning" in the background as you browse.
• Active and passive scanning modes.
• Advanced feedback-driven scan logic that reproduces the actions of a skilled, methodical human tester.
• Very strong coverage of core vulnerability areas whose detection can be automated, matching or surpassing other commercial-grade scanners.
• Fully customised vulnerability advisories, with all request and response details.
• Fine-grained configuration of scanning actions.
• Immediate feedback about scan results for each base request scanned, and direct control over the scan queue.
• Close integration with other Burp tools, and Suite-wide target scope configuration.
• Configurable reporting, in a format suitable for direct incorporation into client deliverables.
• Ability to save and restore state.

Burp Scanner is part of Burp Suite Professional. For examples of Burp Scanner in action, see the screenshots, or for detailed information about the configuration and execution of Burp Scanner, see the help file.

Buy Burp Scanner.