# Settings

The Options tab provides global configuration settings that control Burp Bounty Pro's behavior.

## ⚡ Scanner Settings (Per-Scan)

> ⚠️ **Important:** Thread pool size, concurrency, and requests per second are now configured **per scan** in the URL Filter popup that appears before each scan. This gives you precise control over each scan's performance, and allows different scans to run with different settings simultaneously.

See [Scan Control](https://docs.bountysecurity.ai/scanning/scan-control) for details on per-scan configuration.

| Setting                    | Where          | Default |
| -------------------------- | -------------- | ------- |
| 🧵 **Threads**             | Per-scan popup | 10      |
| 🔀 **Concurrency**         | Per-scan popup | 10      |
| 📈 **Requests per second** | Per-scan popup | 10      |

## ⏱️ Scan Timeout

| Setting          | Description                                                | Default |
| ---------------- | ---------------------------------------------------------- | ------- |
| **Scan Timeout** | Maximum time for a scan before marking as failed (minutes) | 60      |

When a scan exceeds this time limit, it's marked as "❌ Failed" in the Dashboard. This prevents stalled scans from consuming resources indefinitely.

> 📝 **Note:** Paused time is excluded from the timeout calculation. If you pause a scan for 30 minutes, those 30 minutes do not count toward the timeout.

## 🌐 Collaborator Settings

| Setting                       | Description                                                   | Default      |
| ----------------------------- | ------------------------------------------------------------- | ------------ |
| **Collaborator Refresh Time** | Polling interval for Burp Collaborator results (milliseconds) | Configurable |

Controls how often Burp Bounty Pro checks for Burp Collaborator interactions. Lower values detect out-of-band vulnerabilities faster but increase Collaborator server load.

## 🔢 Max Concurrent Scans

| Setting       | Description                        | Default      |
| ------------- | ---------------------------------- | ------------ |
| **Max Scans** | Maximum number of concurrent scans | Configurable |

Limits the total number of scans running at any time. Helps prevent excessive resource consumption when scanning multiple targets.

## 🚫 URL Exclusions

| Setting        | Description                           |
| -------------- | ------------------------------------- |
| **Avoid URLs** | URL patterns to exclude from scanning |

Specify URL patterns that should not be scanned. Useful for:

* 🚪 Excluding logout URLs to avoid session termination
* 🔒 Skipping administrative panels
* ⚠️ Avoiding destructive endpoints (delete, reset, etc.)

## 🤖 AI Scanner Settings

AI Scanner settings are configured from the **Scanners** > **AI** tab via the **Settings** button.

| Setting                      | Description                                                              | Default          |
| ---------------------------- | ------------------------------------------------------------------------ | ---------------- |
| **Enable**                   | Enable/disable AI Scanner                                                | Enabled          |
| **Auto-scan after analysis** | Automatically launch active scans with recommended profiles              | Enabled          |
| **Provider**                 | AI provider (OpenAI, Anthropic, Google Gemini, OpenRouter, Local/Ollama) | OpenAI           |
| **API Key**                  | API key for the selected provider                                        | (empty)          |
| **Model**                    | AI model name                                                            | gpt-4o           |
| **Endpoint**                 | API endpoint URL                                                         | Provider default |

### Prompt Customization

Click **Edit Prompts** to customize the system and user prompts used by the AI Scanner. The default prompts include a comprehensive profile taxonomy, parameter name correlations, technology detection rules, and a 12-field output schema.

> ⚠️ **Note:** When updating Burp Bounty Pro, if your saved prompts are outdated (missing new schema fields), they are automatically reset to the new defaults.

See [AI Scanner](https://docs.bountysecurity.ai/scanning/ai-scan) for full documentation.

## 🎨 Console Output

| Setting         | Description                              |
| --------------- | ---------------------------------------- |
| **Print Color** | Color scheme for console output messages |

Controls the color of log messages in the extension output console.

## 💾 Persistence

All settings are persisted in Burp Suite's extension settings storage:

* ✅ Settings survive Burp Suite restarts
* ✅ Settings survive extension reloads
* ✅ Settings are stored per Burp project

## 📋 Recommended Configurations

### 🏴‍☠️ Bug Bounty (Fast Scanning)

```
Per-Scan Settings:
  🧵 Threads: 20-30
  🔀 Concurrency: 20-30
  📈 RPS: 50-100

Global Settings:
  ⏱️ Scan Timeout: 120 minutes
  🔢 Max Scans: 5
```

### 🔒 Penetration Testing (Controlled Scanning)

```
Per-Scan Settings:
  🧵 Threads: 5-10
  🔀 Concurrency: 5-10
  📈 RPS: 5-10

Global Settings:
  ⏱️ Scan Timeout: 60 minutes
  🔢 Max Scans: 3
```

### 🛡️ Rate-Limited Target

```
Per-Scan Settings:
  🧵 Threads: 2-3
  🔀 Concurrency: 2-3
  📈 RPS: 1-2

Global Settings:
  ⏱️ Scan Timeout: 180 minutes
  🔢 Max Scans: 1
```

### 🏢 Internal Network (Maximum Speed)

```
Per-Scan Settings:
  🧵 Threads: 30-50
  🔀 Concurrency: 30-50
  📈 RPS: 100+

Global Settings:
  ⏱️ Scan Timeout: 60 minutes
  🔢 Max Scans: 10
```

> 💡 **Tip:** You can adjust per-scan settings differently for each scan. Run a fast scan against the main application with high threads, while simultaneously running a slow, careful scan against a sensitive API endpoint with low threads and RPS.