π¦Default Profiles
Burp Bounty Pro ships with 254 pre-configured profiles covering CVE exploits, common vulnerabilities, technology detection, and sensitive data exposure.
π Summary
π― Active Scanning Profiles
101
π© Passive Response Profiles
95
π¨ Passive Request Profiles
58
Total
254
β οΈ Severity Distribution
π΄ High
68
π Medium
29
π‘ Low
8
π΅ Information
149
π― Active Profiles by Category
π CVE Exploits
CVE-2017-9506_Jira_SSRF
Medium
CVEs
CVE-2018-1271_Spring_MVC_Path_Traversal
High
CVEs
CVE-2018-13379_FortiOS_Creds_Disclosure
High
CVEs
CVE-2019-11510_Pulse_Secure
High
CVEs
CVE-2019-11580_Atlassian_Crowd_RCE
High
CVEs
CVE-2019-1653_Cisco_Wan_VPN_disclosure
High
CVEs
CVE-2019-19781_Citrix_ADC_Directory_Traversal
Medium
CVEs
CVE-2019-3799_Spring_Cloud_Path_Traversal
High
CVEs
CVE-2019-5418_Ruby on Rails
High
CVEs
CVE-2019-5418_Ruby on Rails - WAF bypass
High
CVEs
CVE-2019-8442_Jira_Path_Traversal
Medium
CVEs
CVE-2019-8449_Jira_Unauthenticated_Sensitive_Info
Medium
CVEs
CVE-2020-11738_Wordpress_Duplicator_Plugin_LFI
High
CVEs, Wordpress
CVE-2020-13167_Netsweeper_code_injection
High
CVEs
CVE-2020-13379_Grafana_SSRF
High
CVEs
CVE-2020-14179_Jira_Info_Exposure
Medium
CVEs
CVE-2020-14181_Jira_User_Enum
Medium
CVEs
CVE-2020-14815_XSS
Medium
XSS
CVE-2020-15129_Traefik_Open_Redirect
Medium
CVEs
CVE-2020-17506_Artica_Web_Proxy_Auth_Bypass
High
CVEs
CVE-2020-24312_File_Manager_Wordpress_Backups
High
CVEs, Wordpress
CVE-2020-2551_Oracle_WebLogic
High
CVEs
CVE-2020-3452_Cisco_ASA_LFI
Medium
CVEs
CVE-2020-5410_Path_Traversal_Spring_Cloud
Medium
CVEs
CVE-2020-5412_Spring_Cloud_Netflix
High
CVEs
CVE-2020-5777_MAMGI_Auth_Bypass
Medium
CVEs
CVE-2020-5902_F5-BigIP
High
CVEs
CVE-2020-8209_Citrix_XenMobile_PathTraversal
High
CVEs
CVE-2020-8982_Citrix_ShareFile_File_Read
Medium
CVEs
CVE-2020-9484_Tomcat_Groovy
High
CVEs
CVE-2021-26086_PathTraversal_Atlassian_Jira
Medium
CVEs
CVE-2021-40438_Apache_mod_proxy_SSRF
High
CVEs
CVE-2021-40539_Zoho_ManageEngine_ADSelfService
High
CVEs
CVE-2021-43798_Grafana_LFI
High
CVEs
CVE-2021-44228_RCE_Log4j
High
RCE, CVEs
CVE-2021-44228_RCE_Log4j_GETPOST
High
RCE, CVEs
CVE-2021-44228_RCE_Log4j_urlEncode
High
RCE, CVEs
CVE-2022-1388_F5_Big_IP_RCE
High
CVEs, RCE
CVE-2022-26134_Confluence_RCE
High
CVEs, RCE
CVE-2022-31474_BackupBuddy_LFI
Medium
CVEs
CVE-2022-32276_Grafana_8.4.3
Medium
CVEs
CVE-2022-32276_Grafana_8.4.3_poc2
Medium
CVEs
CVE-2022-42889_Text4Shell
High
CVEs
CVE-2023-24488_Citrix_XSS
Medium
All
CVE-2025-55182_React2Shell_RCE
High
RCE, CVEs, React/Next.js
CVE-2025-55182_React2Shell_RCE_OOB
High
RCE, React/Next.js, CVEs
CVE-2025-55182_React2Shell_RCE_Windows
High
RCE, CVEs, React/Next.js
CVE-2025-68613_n8n_Vulnerable_Version
High
CVEs, RCE, n8n
π XSS (Cross-Site Scripting)
Blind_XSS
Medium
XSS, Blind XSS
Openredirect_to_XSS
Medium
XSS
Test_XSS_discover
Medium
XSS
XSS
Information
XSS
XSS_DOM_Context
Information
XSS, DOM_Context
XSS_GETPOST
Medium
XSS
XSS_HTML_Attribute_Context
Information
XSS, HTML_Attribute
XSS_HTML_Comment_Context
Information
XSS, HTML_Comment
XSS_HTML_Tag_Context
Information
XSS, HTML_Tag
XSS_HtmlUrlEncode
Information
XSS
XSS_JavaScript_Context
Information
XSS, JavaScript_Context
XSS_URLEncode
Information
XSS
XSS_URL_Context
Information
XSS, URL_Context
ποΈ SQL Injection
SQLi
High
SQLi
SQLi_Collaborator
High
SQLi
SQLi_ContentLength
High
SQLi, SQLi_ContentLength
SQLi_StausCode
High
SQLi, SQLi_StatusCode
SQLi_Timebased
High
SQLi, SQLi_TimeBased
SQLi_Timebased_Encoded_KeyCharacter
High
SQLi, SQLi_TimeBased
SQLi_Timebased_Encoded_Space
High
SQLi, SQLi_TimeBased
β‘ RCE (Remote Code Execution)
Blind_RCE_Linux
High
RCE
Blind_RCE_Windows
High
RCE
Echo_RCE
High
RCE
Expect_RCE
High
RCE
PHP_RCE
High
RCE
RCE_Linux
High
RCE
RCE_Windows
High
RCE
π SSRF (Server-Side Request Forgery)
OpenRedirect_SSRF
High
SSRF, Open Redirect
OpenRedirect_SSRF_Collaborator
Medium
SSRF, Open Redirect
OpenRedirect_SSRF_Collaborator_HTTP0_9
Medium
All
OpenRedirect_SSRF_Collaborator_HTTP1_0
Medium
All
SSRF-Collaborator
Medium
SSRF
SSRF-URLScheme
High
SSRF
SSRF_Collaborator_HTTP0_9
Medium
SSRF
SSRF_Collaborator_HTTP1_0
Medium
SSRF
π Open Redirect
OpenRedirect
Medium
Open Redirect
OpenRedirect-ParameterPollution
Medium
Open Redirect
OpenRedirect-ParameterPollution_Path
Medium
Open Redirect
OpenRedirect_to_Account_Takeover
High
All
π XXE (XML External Entity)
Blind_XXE
High
XXE
XXE_Linux
High
XXE
XXE_Windows
High
XXE
π Path Traversal
PathTraversal_Linux
High
Path Traversal
PathTraversal_Windows
High
Path Traversal
π§ Other Active Profiles
CORS Misconfiguration
Low
CORS
CRLF
Medium
CRLF
CouchDB_Admin_Exposure
Medium
CVEs
DWR_enpoints
Information
DRWuzz
Drupal_User_Enum
Medium
Drupal
Drupal_User_Enum_Redirect
Medium
Drupal
Fuzzing_directories
Information
Fuzzing Files
GitFinder
Low
Fuzzing Files
GraphQL Alias Overloading
Medium
GraphQL
GraphQL Batching
Medium
GraphQL
GraphQL Circular Queries
Medium
GraphQL
GraphQL Directives Overloading
Medium
GraphQL
GraphQL Field Duplication
Medium
GraphQL
Graphql Introspection
Low
Introspection
Host_Header_Injection
High
All
Java_De-Serialization
Information
All
Jira_unauthenticated_Info
Medium
CVEs
Kubernetes_API_Exposed
Medium
All
Open Firebase Database
High
All
Password-Reset-Headers
High
Forgot Password
Password-Reset-Params
High
Forgot Password
Password-Reset-URL
High
Forgot Password
SSTI
High
SSTI
SVNFinder
Low
Fuzzing Files
Source_code
Information
All
Spring_Boot_Actuators
High
Spring
Swagger-Finder
Information
Fuzzing Files
Symfony_Debug
Medium
All
Wordpress_Config_Accessible
High
Wordpress
Wordpress_Path_Traversal
High
Wordpress
Wordpress_XMLRPC_ListMethods
Low
Wordpress
Wordpress_XMLRPC_Pingback
Low
Wordpress
Wordpress_directory_listing
Low
Wordpress
Wordpress_user_enum_json
Low
Wordpress
Wordpress_user_enum_oembed
Low
Wordpress
Woody_Wordpress_RCE
Medium
Wordpress
X-Headers-Collaborator
Medium
X-Headers-Collab
easy_wp_smtp_listing_enabled
High
Wordpress
solarwinds_default_admin
High
All
wordpress_users_enum_yoastseo
Low
Wordpress
π© Passive Response Profiles (95)
These profiles analyze HTTP responses for security issues, sensitive data, and technology indicators.
AWS_Access_Key_ID
Information
π Detects AWS Access Key IDs
AWS_Client_Secret
Information
π Detects AWS Client Secrets
AWS_Creds_File
Information
π Detects AWS credentials file references
AWS_EC2_Url
Information
βοΈ Detects AWS EC2 metadata URLs
AWS_Region
Information
βοΈ Detects AWS region identifiers
AccessToken
Information
π Detects access tokens in responses
AmazonAWS
Information
βοΈ Detects Amazon AWS URLs
Amazon_AWS_Url
Information
βοΈ Detects Amazon AWS endpoint URLs
Amazon_MWS_Auth_Token
Information
π Detects Amazon MWS authentication tokens
Android_WebView_JS
Information
π± Detects Android WebView JavaScript interfaces
ApiKeyResponse
Information
π Detects API keys in responses
Artica_Web
Information
π₯οΈ Detects Artica Web Proxy
Artifactory_API_Token
Information
π Detects JFrog Artifactory API tokens
Authorization_Bearer
Information
π Detects Bearer tokens in responses
Azure_Blob_Discovered
Information
βοΈ Detects Azure Blob storage URLs
Basic_Auth_Credentials
Information
π Detects Basic Auth credentials
Bitcoin_Address
Information
π° Detects Bitcoin addresses
CDN_Detected
Information
π Detects CDN usage
CMS_Found
Information
π₯οΈ Detects CMS platforms
Cache-Control
Information
π‘οΈ Analyzes Cache-Control headers
Cisco_ASA_Device_Found
Low
π₯οΈ Detects Cisco ASA devices
Citrix_Detection
Information
π₯οΈ Detects Citrix products
Content-Security-Policy
Information
π‘οΈ Analyzes CSP headers
CookieFlag-HttpOnly
Low
πͺ Checks for missing HttpOnly flag
CookieFlag-SameSite
Information
πͺ Checks for SameSite cookie attribute
CookieFlag-Secure
Low
πͺ Checks for missing Secure flag
CouchDB_Response
Information
ποΈ Detects CouchDB responses
DWREndpoints
Information
π Detects DWR (Direct Web Remoting) endpoints
Debug Pages
Information
β οΈ Detects debug/error pages
Debug_variables
Information
β οΈ Detects debug variables in responses
DefaultRDP
Information
π₯οΈ Detects default RDP configurations
DigitalOcean_Space_Discovered
Information
βοΈ Detects DigitalOcean Spaces
DirectoryListing
Information
π Detects directory listing
Docker_API_Response
Information
π³ Detects Docker API responses
DomainTakeOver_Strings
Information
π Detects domain takeover indicators
Drupal_Response
Information
π₯οΈ Detects Drupal CMS
EndpointsExtractor
Information
π Extracts API endpoints from JS
Env_Vars
Information
β οΈ Detects environment variables
Facebook_Client_ID
Information
π Detects Facebook Client IDs
Facebook_OAuth
Information
π Detects Facebook OAuth tokens
Fortinet_Panel
Information
π‘οΈ Detects Fortinet admin panels
GCP_Service_Account
Information
βοΈ Detects GCP service accounts
GCP_Urls
Information
βοΈ Detects Google Cloud Platform URLs
Gmail_Oauth_2.0
Information
π Detects Gmail OAuth tokens
Google_Cloud_Buckets
Information
βοΈ Detects Google Cloud Storage buckets
Hidden Parameters
Information
π Detects hidden form parameters
Interesting_Keyworks
Information
π Detects interesting keywords
JS_Variables
Information
π Extracts JavaScript variables
Jenkins_Response
Information
π₯οΈ Detects Jenkins CI
Joomla detection
Information
π₯οΈ Detects Joomla CMS
Joomla-CVE-2015-7297
High
π Detects Joomla CVE-2015-7297
Kubernetes_Response
Information
βΈοΈ Detects Kubernetes
LinkedIn_Secret
Information
π Detects LinkedIn API secrets
MAC_Address
Information
π Detects MAC addresses
MAGMI_Response
Information
π₯οΈ Detects MAGMI (Magento Mass Importer)
Netsweeper_Response
Information
π₯οΈ Detects Netsweeper
NoSQL_Session_Token
Information
π Detects NoSQL session tokens
NuGet_Api_Key
Information
π Detects NuGet API keys
Octopus_API_Key
Information
π Detects Octopus Deploy API keys
Outlook_Team
Information
π§ Detects Outlook/Teams info
Paypal_Braintree_access_token
Information
π Detects PayPal Braintree tokens
Picatic_API_Key
Information
π Detects Picatic API keys
Private_SSH_Key
Information
π Detects private SSH keys
Reflected_values_greater_than_three_characters
Information
πͺ Detects reflected values
SQL_Message_Detected
Information
ποΈ Detects SQL error messages
ServerBannerResponse
Information
π₯οΈ Detects server banners
Software_Version
Information
π Detects software version strings
Solarwinds_Orion_Response
Information
π₯οΈ Detects SolarWinds Orion
SonarQube_API_Key_Docs
Information
π Detects SonarQube API keys
StackHawk_API_Key
Information
π Detects StackHawk API keys
Strict-Transport-Security
Information
π‘οΈ Checks HSTS header
Subdomain_takeover
Low
π Detects subdomain takeover indicators
Swagger_found
Information
π Detects Swagger/OpenAPI docs
Symfony_Response
Information
π₯οΈ Detects Symfony framework
Tomcat_Response_Detection
Information
π₯οΈ Detects Apache Tomcat
Traefik_Response
Information
π₯οΈ Detects Traefik proxy
WAF_Found
Information
π‘οΈ Detects Web Application Firewalls
WP_Config
Information
β οΈ Detects WordPress config exposure
Wordpress detection
Information
π₯οΈ Detects WordPress CMS
Wordpress-SensitiveDirectories
Information
π Detects sensitive WP directories
X-Content-Type-Options
Information
π‘οΈ Checks X-Content-Type-Options
X-Frame-Options
Information
π‘οΈ Checks X-Frame-Options
vBulletin_Response
Information
π₯οΈ Detects vBulletin forum
Docker_API_Response
Information
π³ Detects Docker API
π¨ Passive Request Profiles (58)
These profiles analyze HTTP requests to detect interesting parameters, endpoints, and technology indicators.
Action_parameters
Information
βοΈ Detects action-related parameters
All_Requests_And_Parameters
Information
π Matches all requests (for bulk rules)
AmazonAWSRequest
Information
βοΈ Detects AWS API requests
ApiKeyRequest
Information
π Detects API key parameters in requests
Api_path
Information
π Detects API path patterns
Artica_Web_Request
Information
π₯οΈ Detects Artica Web requests
AuthorizationBearerToken
Information
π Detects Bearer tokens in requests
Cisco_Request_Detected
Information
π₯οΈ Detects Cisco-related requests
CouchDB_Request
Information
ποΈ Detects CouchDB requests
Debug_Logic_Parameters
Information
β οΈ Detects debug parameters
ErrorPages-JobApps
Information
β οΈ Detects error page requests
Firebase DB detected
Information
π₯ Detects Firebase requests
Fortinet_Request
Information
π‘οΈ Detects Fortinet requests
GraphQL_Endpoint
Information
π Detects GraphQL endpoints
IDOR_parameters
Information
π Detects IDOR-prone parameters
Jira_Request
Information
π Detects Jira requests
Key_Parameters
Information
π Detects key/token parameters
LFI_RFI_Parameters
Information
π Detects LFI/RFI-prone parameters
MAGMI_Request
Information
π₯οΈ Detects MAGMI requests
Netsweeper_Request
Information
π₯οΈ Detects Netsweeper requests
OAuth_parameters
Information
π Detects OAuth parameters
OpenRedirect_SSRF_Parameters
Information
π Detects redirect/URL parameters
RCE_Parameters
Information
β‘ Detects RCE-prone parameters
RegisterUser_parameters
Information
π€ Detects registration parameters
SQLi_Parameters
Information
ποΈ Detects SQLi-prone parameters
SSTI_Parameters
Information
π§ Detects SSTI-prone parameters
Secret-keywords-SecLists
Information
π Detects secret keywords
Secrets_Request
Information
π Detects secrets in requests
Solarwinds_Orion_Request
Information
π₯οΈ Detects SolarWinds requests
Springboot_Requests
Information
π Detects Spring Boot requests
Swagger_Request
Information
π Detects Swagger requests
Token_Parameters
Information
π Detects token parameters
URL_Path_as_a_Value
Information
π Detects URL paths in parameters
URL_as_a_Value
Information
π Detects URLs in parameters
UUID_Request
Information
π’ Detects UUIDs in requests
UserEnum_parameters
Information
π€ Detects user enumeration parameters
WeblogicServer-UDDI_Explorer
Information
π₯οΈ Detects WebLogic UDDI
Weblogic_Request
Information
π₯οΈ Detects WebLogic requests
XSS_Parameters
Information
π Detects XSS-prone parameters
Last updated