Burp Scanner

The gold standard for web vulnerability scanning

Try for free

The scanner behind Burp Suite's popularity has more to it than most. Burp Scanner uses PortSwigger's world-leading research to help its users find a wide range of vulnerabilities in web applications, automatically.

Sitting at the core of both Burp Suite Enterprise Edition and Burp Suite Professional, Burp Scanner is the weapon of choice for over 45,000 users across more than 12,000 companies.

Easily find vulnerabilities you'd otherwise miss

For years, Burp Suite has been the gold standard among security professionals. These experts recognize that Burp Scanner improves their work - by finding bugs they'd otherwise miss. Now, Burp Suite Enterprise Edition enables everyone to deploy Burp Scanner at scale.

"Burp Scanner is capable of finding many critical vulnerabilities that even an expert manual tester could easily miss - like deferred asynchronous command injection."

James Kettle portrait

James Kettle

PortSwigger Director of Research

PortSwigger Research means unrivaled protection against zero-day vulnerabilities

Professionals trust Burp Scanner because they know it's based on our groundbreaking research. PortSwigger constantly pushes the boundaries of what's possible. Burp Scanner's users are protected from many new vulnerabilities before hackers are even aware they exist - quite simply because we discovered them.

Groundbreaking innovation

Burp Scanner is well-known for shaking up security automation. Capabilities like automated OAST scanning have pioneered new paradigms in the field. Consequently, Burp Scanner is capable of finding vulnerabilities many other scanners would miss. These include asynchronous SQL injection and blind SSRF.

Burp Scanner using Burp Collaborator
OAST scanning finds out-of-band vulnerabilities that are missed by conventional testing

More coverage means less friction - minimal false positives

It's common for scanners to rely on a single methodology for application security testing - but this is far from ideal. Instead, Burp Scanner draws from a varied arsenal of techniques to produce a more comprehensive picture. This combined approach maximizes coverage while producing minimal false positives.

Some of the methods used by Burp Scanner include:

Conventional DAST

By sending payloads and monitoring an application's resultant behavior, DAST testing simulates a real world attack. This is the classic "black box" testing method.


Burp Collaborator (included) uses an external server to detect out-of-band vulnerabilities missed by conventional DAST. Pioneered by PortSwigger.

Client-side DAST

Burp Scanner uses an instrumented Chromium browser to perform client-side DAST testing on an application. In today's world of client-side JavaScript, this is invaluable.

Client-side SAST

As with client-side DAST, client-side SAST is required in today's online environment. Burp Scanner uses this to detect vulnerable paths through client-side JavaScript.


SCA (software composition analysis) allows Burp Scanner to identify vulnerable JavaScript files based on various signatures. This capability is currently added through Burp Extender and the Retire.js BApp.


If desired, Burp Infiltrator (included) can instrument a target (Java or .NET). This allows internal monitoring during a scan - and can pinpoint vulnerable lines of code.

Finding the right combination

By combining methodologies, Burp Scanner gains a wider, more reliable view of its target's vulnerabilities. In today's world, an increasing amount of business logic is implemented on the client-side - often composed dynamically at runtime. Burp Scanner's client-side scanning capabilities therefore give it yet another edge over conventional server-side SAST.

Application security testing Venn diagram
When it comes to false positives, not all methods of application security testing are equal

Written by pentesters, for you

Burp Suite's creator - and industry pioneer - Dafydd Stuttard, wrote the book that educated a generation of pentesters. Since then, our software has become synonymous with security expertise. This is the foundation that has helped Burp Scanner become the most widely used scanner of its type. Burp Suite Enterprise Edition makes this expertise available to everyone.

"As a pentester, I tried out all of the vulnerability scanners that were out there, and I was always underwhelmed. I needed a scanner that didn't just cover the essentials, but could find the weird and wonderful vulnerabilities that I was finding manually in real-world applications. From the start, Burp Scanner was built to replicate the actions of a skilled manual tester. That approach continues today, and Burp Scanner is powered by the world's leading web security research team."

Dafydd Stuttard portrait

Dafydd Stuttard

PortSwigger founder and CEO

The Burp Suite family

Burp Scanner sits at the heart of both Burp Suite Enterprise Edition and Burp Suite Professional. Whether you're a pentester, or an organization interested in automating security at scale, we've got you covered. Find out which version of Burp Suite is right for you - below.