# Default Rules

Burp Bounty Pro ships with **27 pre-configured Smart Scan rules**. These rules automate vulnerability scanning by connecting passive detection with targeted active profiles.

## 📊 Summary

| Category                     | Count  |
| ---------------------------- | ------ |
| ✅ Enabled rules              | 23     |
| ❌ Disabled rules (bulk scan) | 4      |
| **Total**                    | **27** |

## 🖥️ Technology Detection Rules

These rules detect specific technologies and automatically run their associated CVE and vulnerability profiles.

### 🌐 Artica\_Web\_Proxy\_Auth\_bypass

|               |                                                                        |
| ------------- | ---------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                    |
| 🔍 **IF**     | Passive Request `Artica_Web_Request` AND Passive Response `Artica_Web` |
| 🎯 **THEN**   | Execute: `CVE-2020-17506_Artica_Web_Proxy_Auth_Bypass`                 |
| 📍 **Scope**  | All Matches                                                            |

### 🛡️ Cisco\_Rule

|               |                                                                                       |
| ------------- | ------------------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                                   |
| 🔍 **IF**     | Passive Response `Cisco_ASA_Device_Found` OR Passive Request `Cisco_Request_Detected` |
| 🎯 **THEN**   | Execute: `CVE-2020-3452_Cisco_ASA_LFI`, `CVE-2019-1653_Cisco_Wan_VPN_disclosure`      |
| 📍 **Scope**  | All Matches                                                                           |

### 🖥️ Citrix\_Rule

|               |                                                                                                                                                      |
| ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                                                                                                  |
| 🔍 **IF**     | Passive Response `Citrix_Detection`                                                                                                                  |
| 🎯 **THEN**   | Execute: `CVE-2019-19781_Citrix_ADC_Directory_Traversal`, `CVE-2020-8209_Citrix_XenMobile_PathTraversal`, `CVE-2020-8982_Citrix_ShareFile_File_Read` |
| 📍 **Scope**  | All Matches                                                                                                                                          |

### 🗄️ CouchDB\_Admin\_Exposure

|               |                                                                           |
| ------------- | ------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                       |
| 🔍 **IF**     | Passive Request `CouchDB_Request` AND Passive Response `CouchDB_Response` |
| 🎯 **THEN**   | Execute: `CouchDB_Admin_Exposure`                                         |
| 📍 **Scope**  | All Matches                                                               |

### 💧 Drupal\_Rule

|               |                                                          |
| ------------- | -------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                      |
| 🔍 **IF**     | Passive Response `Drupal_Response`                       |
| 🎯 **THEN**   | Execute: `Drupal_User_Enum`, `Drupal_User_Enum_Redirect` |
| 📍 **Scope**  | All Matches                                              |

### 🔥 Firebase Database Rule

|               |                                        |
| ------------- | -------------------------------------- |
| ✅ **Enabled** | Yes                                    |
| 🔍 **IF**     | Passive Request `Firebase DB detected` |
| 🎯 **THEN**   | Execute: `Open Firebase Database`      |
| 📍 **Scope**  | First Match                            |

### 🛡️ Fortinet\_Fortigate

|               |                                                                          |
| ------------- | ------------------------------------------------------------------------ |
| ✅ **Enabled** | Yes                                                                      |
| 🔍 **IF**     | Passive Request `Fortinet_Request` AND Passive Response `Fortinet_Panel` |
| 🎯 **THEN**   | Execute: `CVE-2018-13379_FortiOS_Creds_Disclosure`                       |
| 📍 **Scope**  | All Matches                                                              |

### 📋 Jira\_Rule

|               |                                                                                                                                                                                                                                 |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                                                                                                                                                                             |
| 🔍 **IF**     | Passive Request `Jira_Request`                                                                                                                                                                                                  |
| 🎯 **THEN**   | Execute: `CVE-2020-14179_Jira_Info_Exposure`, `CVE-2020-14181_Jira_User_Enum`, `CVE-2017-9506_Jira_SSRF`, `CVE-2019-8442_Jira_Path_Traversal`, `CVE-2019-8449_Jira_Unauthenticated_Sensitive_Info`, `Jira_unauthenticated_Info` |
| 📍 **Scope**  | All Matches                                                                                                                                                                                                                     |

### ☸️ Kubernetes\_Rule

|               |                                        |
| ------------- | -------------------------------------- |
| ✅ **Enabled** | Yes                                    |
| 🔍 **IF**     | Passive Response `Kubernetes_Response` |
| 🎯 **THEN**   | Execute: `Kubernetes_API_Exposed`      |
| 📍 **Scope**  | All Matches                            |

### 🛒 MAGMI\_Remote\_Auth

|               |                                                                      |
| ------------- | -------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                  |
| 🔍 **IF**     | Passive Request `MAGMI_Request` OR Passive Response `MAGMI_Response` |
| 🎯 **THEN**   | Execute: `CVE-2020-5777_MAMGI_Auth_Bypass`                           |
| 📍 **Scope**  | All Matches                                                          |

### 🌐 Netsweeper\_CodeInjection

|               |                                                                                 |
| ------------- | ------------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                             |
| 🔍 **IF**     | Passive Request `Netsweeper_Request` AND Passive Response `Netsweeper_Response` |
| 🎯 **THEN**   | Execute: `CVE-2020-13167_Netsweeper_code_injection`                             |
| 📍 **Scope**  | All Matches                                                                     |

### ☀️ Solarwinds

|               |                                                                                            |
| ------------- | ------------------------------------------------------------------------------------------ |
| ✅ **Enabled** | Yes                                                                                        |
| 🔍 **IF**     | Passive Request `Solarwinds_Orion_Request` OR Passive Response `Solarwinds_Orion_Response` |
| 🎯 **THEN**   | Execute: `solarwinds_default_admin`                                                        |
| 📍 **Scope**  | All Matches                                                                                |

### 🍃 SpringBoot\_Rule

|               |                                       |
| ------------- | ------------------------------------- |
| ✅ **Enabled** | Yes                                   |
| 🔍 **IF**     | Passive Request `Springboot_Requests` |
| 🎯 **THEN**   | Execute: `Spring_Boot_Actuators`      |
| 📍 **Scope**  | All Matches                           |

### 🎵 Symfony\_Rule

|               |                                     |
| ------------- | ----------------------------------- |
| ✅ **Enabled** | Yes                                 |
| 🔍 **IF**     | Passive Response `Symfony_Response` |
| 🎯 **THEN**   | Execute: `Symfony_Debug`            |
| 📍 **Scope**  | All Matches                         |

### 🔀 Traefik\_Rule

|               |                                                 |
| ------------- | ----------------------------------------------- |
| ✅ **Enabled** | Yes                                             |
| 🔍 **IF**     | Passive Response `Traefik_Response`             |
| 🎯 **THEN**   | Execute: `CVE-2020-15129_Traefik_Open_Redirect` |
| 📍 **Scope**  | All Matches                                     |

### 🖥️ Weblogic\_Rule

|               |                                          |
| ------------- | ---------------------------------------- |
| ✅ **Enabled** | Yes                                      |
| 🔍 **IF**     | Passive Request `Weblogic_Request`       |
| 🎯 **THEN**   | Execute: `CVE-2020-2551_Oracle_WebLogic` |
| 📍 **Scope**  | All Matches                              |

### 🔵 Wordpress\_Rule

|               |                                                                                                                                                                                                                                                                                                                                                        |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| ✅ **Enabled** | Yes                                                                                                                                                                                                                                                                                                                                                    |
| 🔍 **IF**     | Passive Response `Wordpress detection`                                                                                                                                                                                                                                                                                                                 |
| 🎯 **THEN**   | Execute: `Wordpress_user_enum_oembed`, `wordpress_users_enum_yoastseo`, `Wordpress_user_enum_json`, `Wordpress_directory_listing`, `Woody_Wordpress_RCE`, `CVE-2020-24312_File_Manager_Wordpress_Backups`, `Wordpress_Path_Traversal`, `Wordpress_Config_Accessible`, `easy_wp_smtp_listing_enabled`, `CVE-2020-11738_Wordpress_Duplicator_Plugin_LFI` |
| 📍 **Scope**  | First Match                                                                                                                                                                                                                                                                                                                                            |

***

## 💉 Vulnerability Parameter Detection Rules

These rules detect interesting parameters in requests and trigger targeted vulnerability testing.

### 🗄️ SQLi\_Rule

|               |                                                 |
| ------------- | ----------------------------------------------- |
| ✅ **Enabled** | Yes                                             |
| 🔍 **IF**     | Passive Request `SQLi_Parameters`               |
| 🎯 **THEN**   | Execute: `SQLi`, `SQLi_Timebased_Encoded_Space` |
| 📍 **Scope**  | All Matches                                     |

### 💉 XSS\_rule

|               |                                                                                                                                                     |
| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                                                                                                 |
| 🔍 **IF**     | Passive Request `XSS_Parameters`                                                                                                                    |
| 🎯 **THEN**   | Execute: `XSS`, `XSS_URLEncode`, `XSS_HtmlUrlEncode`, `XSS_GETPOST`, `XSS_HTML_Tag_Context`, `XSS_HTML_Attribute_Context`, `XSS_JavaScript_Context` |
| 📍 **Scope**  | All Matches                                                                                                                                         |

### ⚡ RCE\_Rule

|               |                                                                                                                  |
| ------------- | ---------------------------------------------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                                                              |
| 🔍 **IF**     | Passive Request `RCE_Parameters`                                                                                 |
| 🎯 **THEN**   | Execute: `RCE_Linux`, `Blind_RCE_Linux`, `Blind_RCE_Windows`, `Echo_RCE`, `Expect_RCE`, `PHP_RCE`, `RCE_Windows` |
| 📍 **Scope**  | All Matches                                                                                                      |

### 📂 LFI\_Rule

|               |                                                                               |
| ------------- | ----------------------------------------------------------------------------- |
| ✅ **Enabled** | Yes                                                                           |
| 🔍 **IF**     | Passive Request `LFI_RFI_Parameters` OR Passive Request `URL_Path_as_a_Value` |
| 🎯 **THEN**   | Execute: `PathTraversal_Linux`, `PathTraversal_Windows`                       |
| 📍 **Scope**  | All Matches                                                                   |

### 🔧 SSTI\_Rule

|               |                                   |
| ------------- | --------------------------------- |
| ✅ **Enabled** | Yes                               |
| 🔍 **IF**     | Passive Request `SSTI_Parameters` |
| 🎯 **THEN**   | Execute: `SSTI`                   |
| 📍 **Scope**  | All Matches                       |

### 🔄 OpenRedirect\_SSRF\_Rule

|               |                                                                                                                                                                                                                                                                                                  |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| ✅ **Enabled** | Yes                                                                                                                                                                                                                                                                                              |
| 🔍 **IF**     | Passive Request `OpenRedirect_SSRF_Parameters` OR Passive Request `URL_as_a_Value` OR Passive Request `URL_Path_as_a_Value`                                                                                                                                                                      |
| 🎯 **THEN**   | Execute: `OpenRedirect`, `OpenRedirect_SSRF_Collaborator`, `Openredirect_to_XSS`, `OpenRedirect_to_Account_Takeover`, `SSRF-Collaborator`, `SSRF-URLScheme`, `SSRF_Collaborator_HTTP1_0`, `SSRF_Collaborator_HTTP0_9`, `OpenRedirect-ParameterPollution`, `OpenRedirect-ParameterPollution_Path` |
| 📍 **Scope**  | All Matches                                                                                                                                                                                                                                                                                      |

***

## ⚠️ Bulk Scanning Rules (Disabled by Default)

> ⚠️ **Warning:** These rules match all requests and can generate significant traffic. Only enable when needed.

### 🔄 Scan all requests with Open redirect profiles

|               |                                               |
| ------------- | --------------------------------------------- |
| ❌ **Enabled** | No                                            |
| 🔍 **IF**     | Passive Request `All_Requests_And_Parameters` |
| 🎯 **THEN**   | Execute tag: `Open Redirect`                  |
| 📍 **Scope**  | All Matches                                   |

### 🌐 Scan all requests with SSRF

|               |                                               |
| ------------- | --------------------------------------------- |
| ❌ **Enabled** | No                                            |
| 🔍 **IF**     | Passive Request `All_Requests_And_Parameters` |
| 🎯 **THEN**   | Execute tag: `SSRF`                           |
| 📍 **Scope**  | All Matches                                   |

### 🌐 Scan all requests with all Profiles

|               |                                               |
| ------------- | --------------------------------------------- |
| ❌ **Enabled** | No                                            |
| 🔍 **IF**     | Passive Request `All_Requests_And_Parameters` |
| 🎯 **THEN**   | Execute tag: `All`                            |
| 📍 **Scope**  | All Matches                                   |

### 🐛 Scan all requests with log4shell profiles

|               |                                                                                                               |
| ------------- | ------------------------------------------------------------------------------------------------------------- |
| ❌ **Enabled** | No                                                                                                            |
| 🔍 **IF**     | Passive Request `All_Requests_And_Parameters`                                                                 |
| 🎯 **THEN**   | Execute: `CVE-2021-44228_RCE_Log4j`, `CVE-2021-44228_RCE_Log4j_GETPOST`, `CVE-2021-44228_RCE_Log4j_urlEncode` |
| 📍 **Scope**  | All Matches                                                                                                   |