# Settings The Options tab provides global configuration settings that control Burp Bounty Pro's behavior. ## โšก Scanner Settings (Per-Scan) > โš ๏ธ **Important:** Thread pool size, concurrency, and requests per second are now configured **per scan** in the URL Filter popup that appears before each scan. This gives you precise control over each scan's performance, and allows different scans to run with different settings simultaneously. See [Scan Control](/scanning/scan-control.md) for details on per-scan configuration. | Setting | Where | Default | | -------------------------- | -------------- | ------- | | ๐Ÿงต **Threads** | Per-scan popup | 10 | | ๐Ÿ”€ **Concurrency** | Per-scan popup | 10 | | ๐Ÿ“ˆ **Requests per second** | Per-scan popup | 10 | ## โฑ๏ธ Scan Timeout | Setting | Description | Default | | ---------------- | ---------------------------------------------------------- | ------- | | **Scan Timeout** | Maximum time for a scan before marking as failed (minutes) | 60 | When a scan exceeds this time limit, it's marked as "โŒ Failed" in the Dashboard. This prevents stalled scans from consuming resources indefinitely. > ๐Ÿ“ **Note:** Paused time is excluded from the timeout calculation. If you pause a scan for 30 minutes, those 30 minutes do not count toward the timeout. ## ๐ŸŒ Collaborator Settings | Setting | Description | Default | | ----------------------------- | ------------------------------------------------------------- | ------------ | | **Collaborator Refresh Time** | Polling interval for Burp Collaborator results (milliseconds) | Configurable | Controls how often Burp Bounty Pro checks for Burp Collaborator interactions. Lower values detect out-of-band vulnerabilities faster but increase Collaborator server load. ## ๐Ÿ”ข Max Concurrent Scans | Setting | Description | Default | | ------------- | ---------------------------------- | ------------ | | **Max Scans** | Maximum number of concurrent scans | Configurable | Limits the total number of scans running at any time. Helps prevent excessive resource consumption when scanning multiple targets. ## ๐Ÿšซ URL Exclusions | Setting | Description | | -------------- | ------------------------------------- | | **Avoid URLs** | URL patterns to exclude from scanning | Specify URL patterns that should not be scanned. Useful for: * ๐Ÿšช Excluding logout URLs to avoid session termination * ๐Ÿ”’ Skipping administrative panels * โš ๏ธ Avoiding destructive endpoints (delete, reset, etc.) ## ๐Ÿค– AI Scanner Settings AI Scanner settings are configured from the **Scanners** > **AI** tab via the **Settings** button. | Setting | Description | Default | | ---------------------------- | ------------------------------------------------------------------------ | ---------------- | | **Enable** | Enable/disable AI Scanner | Enabled | | **Auto-scan after analysis** | Automatically launch active scans with recommended profiles | Enabled | | **Provider** | AI provider (OpenAI, Anthropic, Google Gemini, OpenRouter, Local/Ollama) | OpenAI | | **API Key** | API key for the selected provider | (empty) | | **Model** | AI model name | gpt-4o | | **Endpoint** | API endpoint URL | Provider default | ### Prompt Customization Click **Edit Prompts** to customize the system and user prompts used by the AI Scanner. The default prompts include a comprehensive profile taxonomy, parameter name correlations, technology detection rules, and a 12-field output schema. > โš ๏ธ **Note:** When updating Burp Bounty Pro, if your saved prompts are outdated (missing new schema fields), they are automatically reset to the new defaults. See [AI Scanner](/scanning/ai-scan.md) for full documentation. ## ๐ŸŽจ Console Output | Setting | Description | | --------------- | ---------------------------------------- | | **Print Color** | Color scheme for console output messages | Controls the color of log messages in the extension output console. ## ๐Ÿ’พ Persistence All settings are persisted in Burp Suite's extension settings storage: * โœ… Settings survive Burp Suite restarts * โœ… Settings survive extension reloads * โœ… Settings are stored per Burp project ## ๐Ÿ“‹ Recommended Configurations ### ๐Ÿดโ€โ˜ ๏ธ Bug Bounty (Fast Scanning) ``` Per-Scan Settings: ๐Ÿงต Threads: 20-30 ๐Ÿ”€ Concurrency: 20-30 ๐Ÿ“ˆ RPS: 50-100 Global Settings: โฑ๏ธ Scan Timeout: 120 minutes ๐Ÿ”ข Max Scans: 5 ``` ### ๐Ÿ”’ Penetration Testing (Controlled Scanning) ``` Per-Scan Settings: ๐Ÿงต Threads: 5-10 ๐Ÿ”€ Concurrency: 5-10 ๐Ÿ“ˆ RPS: 5-10 Global Settings: โฑ๏ธ Scan Timeout: 60 minutes ๐Ÿ”ข Max Scans: 3 ``` ### ๐Ÿ›ก๏ธ Rate-Limited Target ``` Per-Scan Settings: ๐Ÿงต Threads: 2-3 ๐Ÿ”€ Concurrency: 2-3 ๐Ÿ“ˆ RPS: 1-2 Global Settings: โฑ๏ธ Scan Timeout: 180 minutes ๐Ÿ”ข Max Scans: 1 ``` ### ๐Ÿข Internal Network (Maximum Speed) ``` Per-Scan Settings: ๐Ÿงต Threads: 30-50 ๐Ÿ”€ Concurrency: 30-50 ๐Ÿ“ˆ RPS: 100+ Global Settings: โฑ๏ธ Scan Timeout: 60 minutes ๐Ÿ”ข Max Scans: 10 ``` > ๐Ÿ’ก **Tip:** You can adjust per-scan settings differently for each scan. Run a fast scan against the main application with high threads, while simultaneously running a slow, careful scan against a sensitive API endpoint with low threads and RPS. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bountysecurity.ai/options/settings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.