Integrating Burp Suite with Acunetix Vulnerability Scanner

An Acunetix crawl can be pre-seeded using Burp Suite. This can be very useful when an automated Acunetix scan needs to be done following the assessment of the same target application using Burp.

Pre-seeding an Acunetix Crawl with such data gives the Acunetix Crawler a head start when scanning the site, while ensuring that the requests already captured using Burp are not missed by the Acunetix Crawler. This may happen when there are parts of the site which are not linked to from the main web site.

To use the integration, follow the instructions below.

Integration_Acunetix_1

After running a Burp Scan or spidering an application, go to the Burp Target "Site map".

Right click on an individual item or a selected or single branches in the Site map to bring up the context menu.

Click "Save item" or “Save selected items” to create a file to import in to Acunetix.

 
Integration_Acunetix_2

Save the file using an appropriate name and location.

 
Integration_Acunetix_3

Open Acunetix and click "New Scan" to start the new scan wizard.

 
Integration_Acunetix_4

Insert the website URL of the site you want to scan and click "Next".

 
Integration_Acunetix_5

Select your desired Scan options and settings.

Ensure "Show advanced options in the scan wizard" is selected beneath the "Adjust advanced scan settings" header.

Click "Next".

 
Integration_Acunetix_6

Choose the option “Define a file to be imported by crawler at start”.

Click the browse file button.

 
Integration_Acunetix_7

Locate your saved Burp file, select it and click "Open".

In the Acunetix Scan wizard, click "Next".

 
Integration_Acunetix_8

Check the target settings and click "Next".

 
Integration_Acunetix_9

Enter any known login details or sequences and click "Next".

 
Integration_Acunetix_10

Review the recommendations and click "Finish".

 
Integration_Acunetix_11

Acunetix will now carry out a Crawl and Scan using HTTP requests captured by Burp.