# Quick Start This guide walks you through running your first scan with Burp Bounty Pro in under 5 minutes. ## Step 1️⃣ — Browse to a Target 1. Configure your browser to use Burp Suite as a proxy 2. Browse to the target web application 3. Ensure the target appears in Burp Suite's **Target** > **Site Map** ## Step 2️⃣ — Select Profiles 1. Go to the **Burp Bounty Pro** tab > **Profiles** sub-tab 2. Review the three profile categories: * 🎯 **Active Profiles** — Profiles that send payloads to test for vulnerabilities * 📨 **Passive Request Profiles** — Profiles that analyze outgoing requests * 📩 **Passive Response Profiles** — Profiles that analyze incoming responses 3. Each table shows: Enabled, Profile Name, **Tags**, and Author's Twitter 4. Enable or disable profiles using the **Enabled** checkbox in each profile row 5. All default profiles are enabled by default ![Active Profiles table](/files/Q5rgQ4q6ijYDYsy6k1s8) > 💡 **Tip:** Use the tag dropdown at the top to filter profiles by category (XSS, SQLi, CVEs, etc.) and focus on what matters for your target. ## Step 3️⃣ — Enable Smart Scan Rules *(Optional)* 1. Go to the **Rules** sub-tab 2. Review the available rules — these define IF-THEN conditions that automatically trigger active scans when passive matches are found 3. Enable the rules you want (most are enabled by default) ## Step 4️⃣ — Launch an Active Scan 1. In Burp Suite, right-click on target URLs in **Target** > **Site Map**, **Proxy History**, or **Repeater** 2. Select **Active Scan** from the Burp Bounty Pro context menu 3. The **URL Filter popup** appears — review the URLs, configure **Scanner Settings** (Threads, Concurrency, RPS), and click OK 4. Burp Bounty Pro launches the scan with your per-scan settings 🎯 ![URL Filter popup with Scanner Settings](/files/HqANbNlQdg3RTdGDRrOz) > 💡 **Tip:** For fast targets, increase threads to 20. For rate-limited targets, decrease to 3 and set RPS to 2. ## Step 5️⃣ — Launch a Passive Scan Passive scanning can run in two ways: ### 🔄 Automatic (Live Passive Scan) 1. In the **Dashboard** tab, toggle **Live Passive Scan on** 2. All traffic passing through Burp Suite is automatically analyzed ### 🏷️ Manual (Tag-Based) 1. Right-click on one or more requests 2. Select **Passive Scan** from the context menu 3. Choose the scope from the tag-based submenu: * **All** — Run all passive profiles * **Passive Request** > **Tag** — Run only request profiles with a specific tag * **Passive Response** > **Tag** — Run only response profiles with a specific tag ![Passive Scan context menu with tags](/files/foYSy5BzzGIXZJh7nlgn) ## Step 6️⃣ — Launch an AI Scan *(Optional)* The AI Scanner uses AI to automatically identify attack surfaces and launch the right profiles: 1. Right-click on one or more requests 2. Select **AI Scanner** from the Burp Bounty Pro context menu 3. Configure the URL filter and click **OK** 4. The AI analyzes each request's parameters, detects reflection contexts, fingerprints technologies, and recommends profiles 5. If **Auto-scan** is enabled, recommended active profiles are launched automatically > 💡 **Tip:** Configure your AI provider and API key first in **Scanners** > **AI** > **Settings**. ## Step 7️⃣ — Monitor and Control Results 1. Go to the **Burp Bounty Pro** tab > **Dashboard** sub-tab 2. The dashboard shows: * 📊 **Scanner progress** — Active tasks, completed scans, and queue status * 🐛 **Issues found** — Detected vulnerabilities with severity, confidence, and details 3. Use the control buttons: * ⏸️ **Pause All** — Pause all scans without losing progress * ▶️ **Resume All** — Resume paused scans from where they left off * ⏹️ **Stop** — Stop all scans ![Dashboard with scan progress and issues](/files/FwtY3bpyS9yTADtSbJmy) ## Step 8️⃣ — Review Findings Each issue reported includes: * 📛 **Issue Name** — The vulnerability type (e.g., "XSS", "SQLi", "CORS Misconfiguration") * 🔴🟠🟡🔵 **Severity** — High, Medium, Low, or Information * 🎯 **Confidence** — Certain, Firm, or Tentative * 📝 **Detail** — The payload used and the grep pattern that matched Issues also appear in Burp Suite's **Dashboard** > **Issue activity** for integrated review. ## 📌 Next Steps * 🖥️ [Interface Overview](/getting-started/interface-overview.md) — Learn about all the tabs and controls * 📝 [Creating Active Profiles](/profiles/creating-active-profile.md) — Create your own vulnerability detection profiles * 🧠 [Smart Scan](/scanning/smart-scan.md) — Set up automated scanning workflows with Rules * 🤖 [AI Scanner](/scanning/ai-scan.md) — AI-powered analysis and auto-scanning * ⚙️ [Scan Control](/scanning/scan-control.md) — Learn about pause/resume, per-scan settings, and performance tuning * 🏷️ [Tags](/profiles/tags.md) — Organize profiles and launch targeted passive scans * 🔀 [Global Variables](/variables/global-variables.md) — Configure variables like `{REDIRECT_DOMAIN}` and `{BC}` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bountysecurity.ai/getting-started/quick-start.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.