1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Trial setup guide
  5. Add a website to scan

Add a website to scan

You need to create a "site" in Burp Suite Enterprise Edition to represent each website or web application that you want to scan and track. You also manage several settings on a site-by-site basis. The "Sites" page contains a list of sites, known as the site tree. You can create folders and subfolders to organize the site tree into a more manageable, hierarchical structure. Later, we'll also show you how you can manage user authorizations based on folders.

Once you've run a few scans, the "Sites" page will also provide an overview of how many issues need your attention in each site or folder. At the moment, the "Sites" page is empty, so let's get to work adding our first folders and a site.

Create a folder

We'll start by adding a folder or two to help keep our site tree organized. It may seem a bit unnecessary for now, but it's good practice to get into the habit of using folders.

  1. On the "Sites" page, in the upper-right corner, click the "New folder" button. A blank folder appears in the list.
  2. Enter a name for the folder, for example, "Dummy folder" and press enter. If you hover the mouse over the folder, notice that several small icons appear on the right of the screen. These are for creating a new site, creating a new folder, and deleting the current folder.
  3. For the purpose of demonstration, let's add a subfolder. Hover the mouse over the folder you created and click the "New folder" icon that appears. A blank subfolder is created as a child of the other one. Enter a name, for example, "Dummy subfolder".
  4. If you click on a folder, you will eventually see metrics, scans, and issues for all sites in this folder. At the moment, this page is blank because we haven't run any scans.
Creating folders

Add a new site

Now let's add our dummy site so that we've got something to work with.

  1. On the "Sites" page, in the upper-right corner, click the "New site" button to open the site creation page.
  2. Enter a name for the site to help you identify it. This can be anything you want, but for now, let's just call it "Dummy site".
  3. Under "Folder", select the folder to which you want the site to belong. Let's select "Dummy subfolder". Note that sites can only belong to one folder at a time.
  4. Under "URLs - Included", you normally enter the highest-level URL that you want to include in scans of this site. All subdirectories of this URL will be scanned by default. As we want to scan our entire dummy site, we'll just enter the root path, portswigger-labs.net/. If you wanted to enter multiple URLs for the same site, you would separate them each with a new line, but we're only using one URL for now.
  5. On second thoughts, the path /index_files/ on our dummy site might contain some sensitive information. To be on the safe side, let's exclude it from scans. Under "URLs - Excluded" enter portswigger-labs.net/index_files/. All scans on this site will now skip this path.
  6. Under "Application logins", you can enter any usernames and passwords for the site so that the scan can access areas that are restricted to logged in users. However, we don't need to do anything here for our dummy site, so you can leave it blank.
  7. A scan configuration is essentially a list of settings to fine-tune the scan's behavior to your needs. Burp Suite Enterprise Edition provides the same predefined scan configurations as Burp Suite Professional. Under "Default scan configurations", you can select scan configurations that will always be pre-selected for any new scans you create for this site. If you want, you can overwrite this default later when creating an individual scan. For now, select "Crawl strategy - fastest".
  8. Later, we'll show you how to set up your email server so that users can receive scan completion reports. But for now, leave the "Email recipients for scan completion report" section blank.
  9. When you're done, click the green "Save" icon in the upper-right corner to add the dummy site to Burp Suite Enterprise Edition.
Creating a site


Now you've got your first site set up in Burp Suite Enterprise Edition, let's try creating some scans.