Spring Boot Dump Scanner

Spring Boot Dump Scanner provides a scan check to automatically detect exposed actuator endpoints that can leak sensitive application data. The extension identifies publicly accessible heapdump and threaddump endpoints that expose memory dumps and thread states, helping security professionals find critical information disclosure vulnerabilities in Spring Boot applications.

Features

Comprehensive endpoint discovery for /heapdump and /threaddump paths
Multiple path variant detection including /manage/, /admin/, /debug/, /monitor/, /system/, and /internal/ prefixes
Smart response validation to reduce false positives by checking content types and headers

Usage

This extension integrates with Burp Scanner as an active scan check
Perform active scans on Spring Boot applications or right-click targets and select "Scan". Ensure that your scan configuration includes "Extension-generated issues"
Review identified issues in the Issues tab of your scan task for exposed dump endpoints

Author	Author Mukeshj008
Version	Version 1.0.0
Rating	Rating
Popularity	Popularity
Last updated	Last updated 10 November 2025
Estimated system impact	Estimated system impact Overall impact: Empty Memory Empty CPU Empty General Empty Scanner Empty

Author

Author

Mukeshj008

Version

Version

1.0.0

Rating

Rating

Popularity

Popularity

Last updated

Last updated

10 November 2025

Estimated system impact

Estimated system impact

Overall impact: Empty

Memory

Empty

CPU

Empty

General

Empty

Scanner

Empty

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

	You can view the source code for all BApp Store extensions on our GitHub page.
	Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.