Viewing scan details
You can click on any scan to view more details, regardless of its current status. However, different information will be presented depending on the status.
For scheduled scans, you can see the settings that you made when creating the scan, such as the configuration and scheduling settings. Depending on your authorizations, you can also edit these details.
For recurring scans, you can also see a list of all previous times the scan has run, including information about the issues that were found, the duration of the scan, and so on. You can click on any previous scan to view more details about it.
Running and completed scans
For scans that are currently in progress or have already finished, you can see the settings that you made when creating the scan. Once a scan has started, you can no longer make changes to these settings.
For running scans, the data is updated in real time, but you might have to refresh the page every now and then to see the changes. As issues are found, they appear in the "Issues" tab at the bottom of the page and the "Issues by severity" chart is updated accordingly. Issues are grouped by their type. The number next to each issue indicates the number of instances of this issue type that were found. You can click on each issue or the URL at which it was found to view more information.
The "More details" tab shows more detailed information about the scan, such as which agent machine the scan is running on and which version of Burp Scanner it is using. You can also see information about how many requests were made by the scan and the number of issues found for each severity level. Importantly, this tab also shows details about the site at the time when it was scanned, such as the included URLs. This is useful in situations where the site settings have been changed since the scan was performed.
For recurring scans, the number of issues that are new, resolved, and regressed as compared to the previous scan are also shown. This enables you to monitor your progress over time
Once a scan is complete, the "Scanned URLs" tab also appears, showing information about which URLs were scanned successfully or unsuccessfully. This tab is a useful entry point for working with scan results.
From the "More actions" button in the upper-right of the page, you can:
- Cancel a running scan.
- Download a scan report in HTML format. You can choose whether to download a short summary or a fully detailed report. You have options for selecting which severity levels are included as well as whether false positives are included.
- Run the scan again.
Download Burp Scanner's event log in
CSVformat or the scan log to help with troubleshooting. Note that the scan log is only available for scans that:
- Were successfully assigned to an agent
- Have run or started running since you upgraded to Burp Suite Enterprise Edition 2020.12
- Are less than 10 days old
- Delete the scan.
Scans with the status "Failed" are scans that were terminated early for some reason. It could be that the scan never started, for example, if the scanner was unable to connect to any of the URLs specified.
If the scan was able to begin but was terminated early, such as if there were too many consecutive errors triggered, then the failed scan details page shows much of the same information as a completed scan. However, on the "Scanned URLs" page, you can see which specific URLs caused the scan to fail.