Your agentic AI partner in Burp Suite - Discover Burp AI now           
Read More
Portswigger Logo
Burp Suite DAST The enterprise-enabled dynamic web vulnerability scanner.
Burp Suite Professional The world's #1 web penetration testing toolkit.
Burp Suite Community Edition The best manual tools to start web security testing.
View all product editions
Burp Scanner Burp Suite's web vulnerability scanner Featured Article
Attack surface visibility Improve security posture, prioritize manual testing, free up time.
CI-driven scanning More proactive security - find and fix vulnerabilities earlier.
Application security testing See how our software enables the world to secure the web.
DevSecOps Catch critical bugs; ship more secure software, more quickly.
Penetration testing Accelerate penetration testing - find more bugs, more quickly.
Automated scanning Scale dynamic scanning. Reduce risk. Save time/money.
Bug bounty hunting Level up your hacking and earn more bug bounties.
Compliance Enhance security monitoring to comply with confidence.
View all solutions
Burp Scanner Burp Suite's web vulnerability scanner Featured Article
Research Academy
Support Center Get help and advice from our experts on all things Burp.
Documentation Tutorials and guides for Burp Suite.
Get Started - Professional Get started with Burp Suite Professional.
Get Started - Enterprise Get started with Burp Suite Enterprise Edition.
User Forum Get your questions answered in the User Forum.
Downloads Download the latest version of Burp Suite.
Visit the Support Center
Downloads Download the latest version of Burp Suite Featured Article
Product Overview Features Workflow Burp AI Burp Scanner Customer Stories Request a Trial Buy
Get certified
Product Overview
Features
Workflow
Burp AI
Burp Scanner
Customer Stories
Request a Trial
Buy
Get certified
Get certified
How to prepare
How it works
Practice exam
What the exam involves
FAQs
Burp Suite Professional

Revolutionize your workflow

Burp Suite Professional is the industry-leading toolkit powering every stage of the pentester’s workflow.
Portswigger Culture Hero Image

The complete toolkit for modern
penetration testing

image

Discovery

Gather intelligence, comprehensive application mapping and identify initial weaknesses.
image

Attack

Explore clues to identify vulnerabilities, validate and analyse findings, generate a proof of concept.
image

Reporting

Evidence vulnerabilities, provide concise reporting and advise on remediation.

Discovery: Map the complex attack surfaces of modern web apps

Gather intelligence. Comprehensively map your target application. Identify initial weaknesses.
image Intercept, log, and manipulate HTTP, HTTPS, and WebSockets traffic with no configuration in Burp’s built-in browser. 
image Unrivalled Burp Scanner automates mapping the attack surface in minutes, rather than hours.
image Keep a persistent log of your interactions with the target, reducing context-switching with the sitemap and proxy history. 
image Test everything from WebSockets and SPAs, to REST , GraphQL , and SOAP APIs. Burp is the only tool for comprehensively testing the modern web.
image Eliminate noise with advanced filtering and focus on the most relevant information.
Portswigger Culture Hero Image

"I love Burp Scanner - it's probably my number one feature. I can remove a lot of the pain - it means I can focus on manual testing.”

Application Security Pentester, AppSec team

Attack: Leverage best-in-class manual and automated tools to identity vulnerabilities

Identify specific functionality or requests to test. Validate your findings. Generate a proof of concept.
image Burp Intruder enables rapid fuzzing without writing a single line of code.
image Automate vulnerability scanning at scale. 
image Take advantage of powerful techniques innovated by PortSwigger’s research team with built-in manual testing features in Burp Collaborator
image Conquer client-side attack surface without trawling through thousands of lines of JavaScript with DOM Invader .
image Unrivalled extensibility . Leverage 10+ years of expertise from the Burp community.
Portswigger Culture Hero Image

“You can't really conduct a web app pentest as a whole without Burp Suite Professional. It would take too much time and be super tedious. For me, Burp is invaluable."

Johan Persson, QueenSec

Reporting: Automatic logging provides centralised data to extract as you need

Summarise your findings. Provide succinct, but valuable reports in numerous formats for remediation.
image Provide as much detail as you need with automated evidence collection and documentation across Burp’s toolkit .
image Selectively export data and log notes as you go for streamlined writing of reports.
image Burp Scanner’s ‘Path to issue’ makes it simple to write accurate reproduction steps for colleagues or clients.
image Automatically generate PoCs to quickly demonstrate the problem for key stakeholders. 
image Fully automated report generation you can trust from the leading web application security toolkit.
Portswigger Culture Hero Image

“It's extremely useful to be able to generate a fully-functioning proof-of-concept in two clicks. If this feature didn't exist, then it would take me a long time to write one myself.”

Lucas Renc, Vendavo
PortSwigger Research

PortSwigger Research

Stay ahead of the latest hacking techniques with our world-leading research.

Web Security Academy

Hone your craft in our Web Security Academy.

PortSwigger Discord

A space dedicated to interacting with other Burp users and AppSec professionals.