3. Run your first scan
Last updated: September 9, 2021
Read time: 2 Minutes
In Burp Suite Enterprise Edition, you create "sites" to represent any websites or web applications that you want to scan. An onboarding wizard helps you to add your first site and then run a scan on it. We've provided a live, deliberately vulnerable website for you to scan so that you can follow along with this tutorial.
Step 1: Skip the web server setup
The first step of the onboarding wizard prompts you to configure the web server. You can come back to this later. Just click Skip for now.
Step 2: Add your first site
You're prompted to add your first site. Start by giving it a name. This can be anything you like, but let's go with
PortSwigger Labs for this example.
The Site URL is the URL from which all scans of this site will start. Any sub-paths of the URL are included in the scope of the scan by default. Enter
portswigger-labs.net. This is a demo website with a few intentional vulnerabilities.
Using Burp Scanner may have unexpected effects on some applications. Until you are fully familiar with its functionality and settings, you should only run scans against non-production systems. Do not run scans against third-party websites unless you have been authorized to do so by the owner.
Leave all the other options as their defaults and click Next: Create a scan.
Step 3: Schedule a scan
You're now presented with various options for scheduling and configuring a scan of the site. Leave all of the options as their defaults and click Finish. This will schedule a one-off scan to run immediately.
Step 4: Monitor the scan's progress
To monitor the scan's progress, select Scans from the main navigation bar at the top of the screen. You can then see your scan and some basic information about it, including the current status. While the scan is being initialized, this will say
Waiting for agent.
A minute or two after the scan begins running, color-coded icons appear in the Issues column. These indicate the number of security issues found by the scan for different severity levels.
Step 5: View more details
You can click on the individual scan to view more details about it. On the Issues tab, you can monitor which issues are discovered in real time. We'll look closer at this tab in the next tutorial once the scan has finished. This should only take about five minutes.
Next step - Analyze the results of your scan