πDefault Rules
Burp Bounty Pro ships with 27 pre-configured Smart Scan rules. These rules automate vulnerability scanning by connecting passive detection with targeted active profiles.
π Summary
β Enabled rules
23
β Disabled rules (bulk scan)
4
Total
27
π₯οΈ Technology Detection Rules
These rules detect specific technologies and automatically run their associated CVE and vulnerability profiles.
π Artica_Web_Proxy_Auth_bypass
β Enabled
Yes
π IF
Passive Request Artica_Web_Request AND Passive Response Artica_Web
π― THEN
Execute: CVE-2020-17506_Artica_Web_Proxy_Auth_Bypass
π Scope
All Matches
π‘οΈ Cisco_Rule
β Enabled
Yes
π IF
Passive Response Cisco_ASA_Device_Found OR Passive Request Cisco_Request_Detected
π― THEN
Execute: CVE-2020-3452_Cisco_ASA_LFI, CVE-2019-1653_Cisco_Wan_VPN_disclosure
π Scope
All Matches
π₯οΈ Citrix_Rule
β Enabled
Yes
π IF
Passive Response Citrix_Detection
π― THEN
Execute: CVE-2019-19781_Citrix_ADC_Directory_Traversal, CVE-2020-8209_Citrix_XenMobile_PathTraversal, CVE-2020-8982_Citrix_ShareFile_File_Read
π Scope
All Matches
ποΈ CouchDB_Admin_Exposure
β Enabled
Yes
π IF
Passive Request CouchDB_Request AND Passive Response CouchDB_Response
π― THEN
Execute: CouchDB_Admin_Exposure
π Scope
All Matches
π§ Drupal_Rule
β Enabled
Yes
π IF
Passive Response Drupal_Response
π― THEN
Execute: Drupal_User_Enum, Drupal_User_Enum_Redirect
π Scope
All Matches
π₯ Firebase Database Rule
β Enabled
Yes
π IF
Passive Request Firebase DB detected
π― THEN
Execute: Open Firebase Database
π Scope
First Match
π‘οΈ Fortinet_Fortigate
β Enabled
Yes
π IF
Passive Request Fortinet_Request AND Passive Response Fortinet_Panel
π― THEN
Execute: CVE-2018-13379_FortiOS_Creds_Disclosure
π Scope
All Matches
π Jira_Rule
β Enabled
Yes
π IF
Passive Request Jira_Request
π― THEN
Execute: CVE-2020-14179_Jira_Info_Exposure, CVE-2020-14181_Jira_User_Enum, CVE-2017-9506_Jira_SSRF, CVE-2019-8442_Jira_Path_Traversal, CVE-2019-8449_Jira_Unauthenticated_Sensitive_Info, Jira_unauthenticated_Info
π Scope
All Matches
βΈοΈ Kubernetes_Rule
β Enabled
Yes
π IF
Passive Response Kubernetes_Response
π― THEN
Execute: Kubernetes_API_Exposed
π Scope
All Matches
π MAGMI_Remote_Auth
β Enabled
Yes
π IF
Passive Request MAGMI_Request OR Passive Response MAGMI_Response
π― THEN
Execute: CVE-2020-5777_MAMGI_Auth_Bypass
π Scope
All Matches
π Netsweeper_CodeInjection
β Enabled
Yes
π IF
Passive Request Netsweeper_Request AND Passive Response Netsweeper_Response
π― THEN
Execute: CVE-2020-13167_Netsweeper_code_injection
π Scope
All Matches
βοΈ Solarwinds
β Enabled
Yes
π IF
Passive Request Solarwinds_Orion_Request OR Passive Response Solarwinds_Orion_Response
π― THEN
Execute: solarwinds_default_admin
π Scope
All Matches
π SpringBoot_Rule
β Enabled
Yes
π IF
Passive Request Springboot_Requests
π― THEN
Execute: Spring_Boot_Actuators
π Scope
All Matches
π΅ Symfony_Rule
β Enabled
Yes
π IF
Passive Response Symfony_Response
π― THEN
Execute: Symfony_Debug
π Scope
All Matches
π Traefik_Rule
β Enabled
Yes
π IF
Passive Response Traefik_Response
π― THEN
Execute: CVE-2020-15129_Traefik_Open_Redirect
π Scope
All Matches
π₯οΈ Weblogic_Rule
β Enabled
Yes
π IF
Passive Request Weblogic_Request
π― THEN
Execute: CVE-2020-2551_Oracle_WebLogic
π Scope
All Matches
π΅ Wordpress_Rule
β Enabled
Yes
π IF
Passive Response Wordpress detection
π― THEN
Execute: Wordpress_user_enum_oembed, wordpress_users_enum_yoastseo, Wordpress_user_enum_json, Wordpress_directory_listing, Woody_Wordpress_RCE, CVE-2020-24312_File_Manager_Wordpress_Backups, Wordpress_Path_Traversal, Wordpress_Config_Accessible, easy_wp_smtp_listing_enabled, CVE-2020-11738_Wordpress_Duplicator_Plugin_LFI
π Scope
First Match
π Vulnerability Parameter Detection Rules
These rules detect interesting parameters in requests and trigger targeted vulnerability testing.
ποΈ SQLi_Rule
β Enabled
Yes
π IF
Passive Request SQLi_Parameters
π― THEN
Execute: SQLi, SQLi_Timebased_Encoded_Space
π Scope
All Matches
π XSS_rule
β Enabled
Yes
π IF
Passive Request XSS_Parameters
π― THEN
Execute: XSS, XSS_URLEncode, XSS_HtmlUrlEncode, XSS_GETPOST, XSS_HTML_Tag_Context, XSS_HTML_Attribute_Context, XSS_JavaScript_Context
π Scope
All Matches
β‘ RCE_Rule
β Enabled
Yes
π IF
Passive Request RCE_Parameters
π― THEN
Execute: RCE_Linux, Blind_RCE_Linux, Blind_RCE_Windows, Echo_RCE, Expect_RCE, PHP_RCE, RCE_Windows
π Scope
All Matches
π LFI_Rule
β Enabled
Yes
π IF
Passive Request LFI_RFI_Parameters OR Passive Request URL_Path_as_a_Value
π― THEN
Execute: PathTraversal_Linux, PathTraversal_Windows
π Scope
All Matches
π§ SSTI_Rule
β Enabled
Yes
π IF
Passive Request SSTI_Parameters
π― THEN
Execute: SSTI
π Scope
All Matches
π OpenRedirect_SSRF_Rule
β Enabled
Yes
π IF
Passive Request OpenRedirect_SSRF_Parameters OR Passive Request URL_as_a_Value OR Passive Request URL_Path_as_a_Value
π― THEN
Execute: OpenRedirect, OpenRedirect_SSRF_Collaborator, Openredirect_to_XSS, OpenRedirect_to_Account_Takeover, SSRF-Collaborator, SSRF-URLScheme, SSRF_Collaborator_HTTP1_0, SSRF_Collaborator_HTTP0_9, OpenRedirect-ParameterPollution, OpenRedirect-ParameterPollution_Path
π Scope
All Matches
β οΈ Bulk Scanning Rules (Disabled by Default)
β οΈ Warning: These rules match all requests and can generate significant traffic. Only enable when needed.
π Scan all requests with Open redirect profiles
β Enabled
No
π IF
Passive Request All_Requests_And_Parameters
π― THEN
Execute tag: Open Redirect
π Scope
All Matches
π Scan all requests with SSRF
β Enabled
No
π IF
Passive Request All_Requests_And_Parameters
π― THEN
Execute tag: SSRF
π Scope
All Matches
π Scan all requests with all Profiles
β Enabled
No
π IF
Passive Request All_Requests_And_Parameters
π― THEN
Execute tag: All
π Scope
All Matches
π Scan all requests with log4shell profiles
β Enabled
No
π IF
Passive Request All_Requests_And_Parameters
π― THEN
Execute: CVE-2021-44228_RCE_Log4j, CVE-2021-44228_RCE_Log4j_GETPOST, CVE-2021-44228_RCE_Log4j_urlEncode
π Scope
All Matches
Last updated