# Introduction

<div align="center"><img src="https://710436228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FK0ure45w5tAMFDkq49ZN%2Fuploads%2Fgit-blob-42dc7c9b35341087fd7783fa41079e0ec90e63f2%2FLogo_pro.png?alt=media" alt="" width="700"></div>

**Burp Bounty Pro** is a powerful Burp Suite extension that allows security researchers and bug bounty hunters to create custom scan profiles for detecting vulnerabilities in web applications. It extends Burp Suite's scanning capabilities by letting you define custom payloads, match conditions, and detection rules — without writing any code.

### ✨ Key Features

* 🤖 **AI Scanner** — AI-powered analysis that identifies attack surfaces, correlates parameters with vulnerability types, detects technologies, and auto-launches the right scan profiles. Supports OpenAI, Anthropic, Google Gemini, OpenRouter, and local models (Ollama)
* 🎯 **Custom Active Scanning** — Define payloads and match patterns to detect vulnerabilities like XSS, SQLi, SSRF, RCE, path traversal, and more
* 👁️ **Passive Scanning with Tag-Based Launching** — Analyze requests and responses passing through Burp Suite. Launch passive scans by tag to run only the checks you need (e.g., only security headers, only secret detection)
* 🧠 **Smart Scan (Rules)** — Create IF-THEN rules that automatically trigger active scans when specific passive conditions are detected
* 🔗 **Multi-Step Profiles** — Chain multiple scanning steps together with cookie reuse and sequential execution for complex attack scenarios
* 🔀 **Global Variables** — Use dynamic variables like `{REDIRECT_DOMAIN}`, `{BC}`, `{CURRENT_HOST}` in payloads and match patterns
* 📦 **256 Default Profiles** — Ready-to-use profiles covering CVEs, common vulnerabilities, technology detection, and sensitive data exposure
* 📋 **28 Default Rules** — Pre-configured Smart Scan rules for automated vulnerability detection workflows
* 🔍 **Flexible Match Types** — Simple string, regex, payload reflection, response variations, content length differences, HTTP response codes, time-based detection, and Burp Collaborator integration
* 📍 **30+ Insertion Point Types** — URL parameters, body parameters, cookies, JSON keys/values, XML, HTTP headers, URL path components, and more
* 🔎 **Scan Scope** — Per-profile scan scope: per-URL (default) or per-host for path discovery and fixed-path CVE profiles
* ⚡ **Per-Scan Performance Settings** — Configure threads, concurrency, and requests per second independently for each scan
* ⏸️ **Pause & Resume** — True thread-safe pause/resume that preserves full scan state. Paused time is excluded from scan duration.
* 🏷️ **Tags System** — Organize profiles with tags across all profile types. Tags power the passive scan submenu and Smart Scan rule targeting.
* 📤 **Profile Import/Export** — Share and reuse profiles across teams with JSON-based `.bb` profile files

### 🆕 What's New in v3.1.0

* 🤖 **AI Scanner** — AI-powered reconnaissance that analyzes parameters, detects technologies, identifies attack surfaces, and auto-launches the right scan profiles. Supports OpenAI, Anthropic, Google Gemini, OpenRouter, and local models (Ollama). Includes programmatic response analysis for reflection context detection and customizable prompts.
* 🔎 **Scan Scope (per-host)** — New `scanScope` field in active profiles. Per-URL (default) scans every URL; per-host scans once per host:port, ideal for path discovery and fixed-path CVE profiles.
* 📊 **Redesigned Scanners Tab** — The Scanner tab is now split into dedicated sub-tabs: **Active**, **Passive**, **Smart**, **AI**, and **Live**, each with its own results table, entry controls, and request/response viewers.
* ⚡ **Context-Aware Scanner Settings** — The URL Filter popup now adapts its settings based on the scan type (Active, Smart, Passive, AI Scanner), showing only relevant options for each.
* 📨 **Passive & Smart Scanner Tabs** — Dedicated tabs for monitoring passive scan results and Smart Scan rule matches with real-time entry tracking.

### What's New in v3.0.0

* 🔗 Multi-step scanning for complex attack chains
* 🔀 Global variables system with user-configurable values
* ⏱️ Time-based vulnerability detection engine
* ⚡ **Per-scan scanner settings** (threads, concurrency, RPS) in the scan popup
* ⏸️ **Pause/resume** with PausableThreadPoolExecutor — true zero-loss state management
* 🏷️ **Tag-based passive scan launching** with Request/Response submenus and profile counts
* 🏷️ **Tags column and Set New Tag** on all profile tables (Active, Passive Request, Passive Response)
* 🎯 Stop-on-first-match optimization for single-step profiles
* 🪟 Non-modal dialogs, profile duplication, payload/grep markers
* 🔗 URL filtering for all scan types
* 🛡️ 30-redirect loop protection and scan timeout detection (with paused time excluded)

### 🚀 Getting Started

Head to the [Installation](https://docs.bountysecurity.ai/getting-started/installation) guide to set up Burp Bounty Pro, or jump straight to the [Quick Start](https://docs.bountysecurity.ai/getting-started/quick-start) guide to run your first scan.

### 📚 Documentation Overview

| Section                                                                                     | Description                                         |
| ------------------------------------------------------------------------------------------- | --------------------------------------------------- |
| 🚀 [Quick Start](https://docs.bountysecurity.ai/getting-started/quick-start)                | Run your first scan in 5 minutes                    |
| 🖥️ [Interface Overview](https://docs.bountysecurity.ai/getting-started/interface-overview) | Understand all tabs and controls                    |
| 🎯 [Active Scan](https://docs.bountysecurity.ai/scanning/active-scan)                       | Active scanning with custom payloads                |
| 👁️ [Passive Scan](https://docs.bountysecurity.ai/scanning/passive-scan)                    | Passive analysis with tag-based launching           |
| 🧠 [Smart Scan](https://docs.bountysecurity.ai/scanning/smart-scan)                         | Automated scanning with IF-THEN rules               |
| 🤖 [AI Scanner](https://docs.bountysecurity.ai/scanning/ai-scan)                            | AI-powered analysis and auto-scanning               |
| ⚙️ [Scan Control](https://docs.bountysecurity.ai/scanning/scan-control)                     | Pause/resume, per-scan settings, performance tuning |
| 📝 [Profiles](https://docs.bountysecurity.ai/profiles/overview)                             | Creating and managing scan profiles                 |
| 🏷️ [Tags](https://docs.bountysecurity.ai/profiles/tags)                                    | Organizing profiles with tags                       |
| 📋 [Rules](https://docs.bountysecurity.ai/rules/overview)                                   | Creating Smart Scan rules                           |
| 🔀 [Variables](https://docs.bountysecurity.ai/variables/global-variables)                   | Global variable reference                           |
| ⚙️ [Settings](https://docs.bountysecurity.ai/options/settings)                              | Configuration options                               |
| 📦 [Default Profiles](https://docs.bountysecurity.ai/reference/default-profiles)            | 256 built-in profiles reference                     |
| 📋 [Default Rules](https://docs.bountysecurity.ai/reference/default-rules)                  | 28 built-in rules reference                         |
| ❓ [FAQ](https://docs.bountysecurity.ai/appendix/faq)                                        | Frequently asked questions                          |