Portswigger Logo
Burp Suite DASTThe enterprise-enabled dynamic web vulnerability scanner.
Burp Suite ProfessionalThe world's #1 web penetration testing toolkit.
Burp Suite Community EditionThe best manual tools to start web security testing.
View all product editions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
Attack surface visibilityImprove security posture, prioritize manual testing, free up time.
CI-driven scanningMore proactive security - find and fix vulnerabilities earlier.
Application security testingSee how our software enables the world to secure the web.
DevSecOpsCatch critical bugs; ship more secure software, more quickly.
Penetration testingAccelerate penetration testing - find more bugs, more quickly.
Automated scanningScale dynamic scanning. Reduce risk. Save time/money.
Bug bounty huntingLevel up your hacking and earn more bug bounties.
ComplianceEnhance security monitoring to comply with confidence.
View all solutions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
ResearchAcademy
Support CenterGet help and advice from our experts on all things Burp.
DocumentationTutorials and guides for Burp Suite.
Get Started - ProfessionalGet started with Burp Suite Professional.
Get Started - EnterpriseGet started with Burp Suite Enterprise Edition.
User ForumGet your questions answered in the User Forum.
DownloadsDownload the latest version of Burp Suite.
Visit the Support Center
DownloadsDownload the latest version of Burp SuiteFeatured Article
Product OverviewFeaturesWorkflowBurp AIBurp ScannerCustomer StoriesRequest a TrialBuy
Get certified
Product Overview
Features
Workflow
Burp AI
Burp Scanner
Customer Stories
Request a Trial
Buy
Get certified
Get certified
How to prepare
How it works
Practice exam
What the exam involves
FAQs
Burp Suite Professional

Revolutionize your workflow

Burp Suite Professional is the industry-leading toolkit powering every stage of the pentester’s workflow.
Portswigger Culture Hero Image

The complete toolkit for modern
penetration testing

image

Discovery

Gather intelligence, comprehensive application mapping and identify initial weaknesses.
image

Attack

Explore clues to identify vulnerabilities, validate and analyse findings, generate a proof of concept.
image

Reporting

Evidence vulnerabilities, provide concise reporting and advise on remediation.

Discovery: Map the complex attack surfaces of modern web apps

Gather intelligence. Comprehensively map your target application. Identify initial weaknesses.
imageIntercept, log, and manipulate HTTP, HTTPS, and WebSockets traffic with no configuration in Burp’s built-in browser. 
imageUnrivalled Burp Scanner automates mapping the attack surface in minutes, rather than hours.
imageKeep a persistent log of your interactions with the target, reducing context-switching with the sitemap and proxy history. 
imageTest everything from WebSockets and SPAs, to REST, GraphQL, and SOAP APIs. Burp is the only tool for comprehensively testing the modern web.
imageEliminate noise with advanced filtering and focus on the most relevant information.
Portswigger Culture Hero Image

"I love Burp Scanner - it's probably my number one feature. I can remove a lot of the pain - it means I can focus on manual testing.”

Application Security Pentester, AppSec team

Attack: Leverage best-in-class manual and automated tools to identity vulnerabilities

Identify specific functionality or requests to test. Validate your findings. Generate a proof of concept.
imageBurp Intruder enables rapid fuzzing without writing a single line of code.
imageAutomate vulnerability scanning at scale. 
imageTake advantage of powerful techniques innovated by PortSwigger’s research team with built-in manual testing features in Burp Collaborator
imageConquer client-side attack surface without trawling through thousands of lines of JavaScript with DOM Invader.
imageUnrivalled extensibility. Leverage 10+ years of expertise from the Burp community.
Portswigger Culture Hero Image

“You can't really conduct a web app pentest as a whole without Burp Suite Professional. It would take too much time and be super tedious. For me, Burp is invaluable."

Johan Persson, QueenSec

Reporting: Automatic logging provides centralised data to extract as you need

Summarise your findings. Provide succinct, but valuable reports in numerous formats for remediation.
imageProvide as much detail as you need with automated evidence collection and documentation across Burp’s toolkit.
imageSelectively export data and log notes as you go for streamlined writing of reports.
imageBurp Scanner’s ‘Path to issue’ makes it simple to write accurate reproduction steps for colleagues or clients.
imageAutomatically generate PoCs to quickly demonstrate the problem for key stakeholders. 
imageFully automated report generation you can trust from the leading web application security toolkit.
Portswigger Culture Hero Image

“It's extremely useful to be able to generate a fully-functioning proof-of-concept in two clicks. If this feature didn't exist, then it would take me a long time to write one myself.”

Lucas Renc, Vendavo
PortSwigger Research

PortSwigger Research

Stay ahead of the latest hacking techniques with our world-leading research.

Web Security Academy

Hone your craft in our Web Security Academy.

PortSwigger Discord

A space dedicated to interacting with other Burp users and AppSec professionals.