Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Report wasn't generated after scan finished #17

Open
IgorSasovets opened this issue Apr 1, 2019 · 10 comments
Open

Report wasn't generated after scan finished #17

IgorSasovets opened this issue Apr 1, 2019 · 10 comments

Comments

@IgorSasovets
Copy link

Hi, team! I faced with next issue: after headless-burp-scanner finished its work and terminated there wasn't generated report in project folder. Scan which had 17 urls in scope took approximately 6 hours to complete. I reviewed generated Burp project file in UI mode and didn't find any errors, all tasks were completed. What could go wrong in this case? Thanks in advance!
@IgorSasovets
Copy link
Author

Here is my config file:

<?xml version="1.0" encoding="UTF-8"?>
<config>
  <reportType>HTML</reportType>
  <targetSitemap><![CDATA[http://localhost:5000/api/]]></targetSitemap>
  <scope>
<url><![CDATA[http://localhost:5000/api/auth/]]></url>
<url><![CDATA[http://localhost:5000]]></url>
<url><![CDATA[http://localhost:5000/api]]></url>
<url><![CDATA[http://localhost:5000/api/account]]></url>
<url><![CDATA[http://localhost:5000/api/account/accept]]></url>
  </scope>
</config>

@0xm4ud
Copy link

0xm4ud commented Dec 19, 2019

@IgorSasovets have you manage to find a fix, bud ?

@IgorSasovets
Copy link
Author

Hi, @m4udSec ! Unfortunately, no. I was forced to use BurpSuite REST API because after upgrade to the latest BurpSuite Pro version scan didn't start at all.

@Anurag599
Copy link

Hi @IgorSasovets are you able to generate report through BurpSuite Rest API? if yes, can you please help me how to do it?

@IgorSasovets
Copy link
Author

Hello @Anurag599 , unfortunately no. I managed to achieve my goals using burp-rest-api tool. So far, it works well with the latest versions of Burp Suite

@gabriel-cardoso-dev
Copy link

Hello, @IgorSasovets. Can't you generate a report with burp-rest-api either? I'm making a project where I'm supposed to send an xml report from Burp to DefectDojo, a tool that would store and do the management of the vulnerabilities, but it seems to be impossible to generate a report with headless burp.

@Anurag599
Copy link

Hello @IgorSasovets , How are you able to generate report using burp-rest-api? It would be great help if you share some sort of solution.

@IgorSasovets
Copy link
Author

@gabriel-cardoso-dev , @Anurag599 , in order to generate report using burp-rest-api tool you should do the following (I assume that at the moment of generating report active scan is done and your target domain name was added to scope):

curl -X GET "http://localhost:8090/burp/report?reportType=HTML&urlPrefix=http%3A%2F%2Fexample.com"

where http%3A%2F%2Fexample.com represents the tested application URL.
More details about the allowed APIs can be reviewed in the documentation.

@gabriel-cardoso-dev
Copy link

Thank you very much @IgorSasovets , I'll try it out!

@Anurag599
Copy link

Thanks a lot @IgorSasovets, I tried and it is working perfectly fine.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@IgorSasovets @gabriel-cardoso-dev @0xm4ud @Anurag599