Bounty Security

Burp Bounty Pro v3.1.0 is out. New: AI Scanner. Sends each request to an LLM with structured context extracted from the response. The AI decides which profiles to launch automatically. A new option alongside Active Scan and Smart Scan, not a replacement.

👉 New on the blog: Programmatic Scanners in the Age of AI Agents Where AI actually fits in vulnerability scanning and where it doesn't. Cost, speed, reproducibility, hallucinations, and why the hybrid model makes sense today. bountysecurity.ai/blogs/news/pro…

@Ramtic233 Hi @john! thanks for your following, in next versión we will fix these issues. Now, you can specify new headers and cookies before you send the urls to scan, with match and replace feature. If you need more information, please let me know.

@BountySecurity Unfortunately, in the new version, the issues I reported regarding matchtype's content-length and content-length-diff remain unresolved

Burp Bounty Pro v3.1.0 is out. New: AI Scanner. Sends each request to an LLM with structured context extracted from the response. The AI decides which profiles to launch automatically. A new option alongside Active Scan and Smart Scan, not a replacement.

@moscowchill Not for now, here you can see the options:

@BountySecurity Does it integrate with local Claude code?

@adoringthestars Hi @adoringthestars, can you write me through DM? thanks!

@BountySecurity Hello. I received the free key from the survey but when I try to activate it it says it’s invalid. I sent an email a week ago and no response.

Monday: the biggest update to Burp Bounty Pro since v3.0.0 → A new scanning option that picks its own targets → Everything else stays exactly the same → Full blog post explaining the thinking behind it bountysecurity.ai/pages/burp-bou…

Same idea for time-based SQLi: 5s delay, then 10s, then 15s. If all three match the injected WAITFOR DELAY, it's real, not network jitter. Or XSS: send a harmless token first. If it reflects, fire payloads. If it doesn't, skip it. docs.bountysecurity.ai bountysecurity.ai/pages/burp-bou…

A single quote returning 500 doesn't prove SQL injection. Could be anything. But single quote → 500, double quote → 200, triple quote → 500? That's a pattern. Multi-step profiles in Burp Bounty Pro let you chain these checks into one scan. Each step: own payload, own match.

🐳 Want to run it locally? github.com/BountySecurity… Every vulnerability maps to Burp Bounty Pro's 254 profiles and 27 Smart Scan rules. Or use it with any scanner you want. 🔥 👉 bountysecurity.ai/pages/burp-bou…

🏆 Burp Bounty Lab is now officially listed in the @owasp Vulnerable Web Applications Directory. One week after launch. 🙌 100+ vulnerable endpoints. Free. Open source. 👉 burpbountylab.com 📋 #burp-bounty-lab" target="_blank" rel="nofollow noopener">vwad.owasp.org/app/#burp-boun… #BugBounty #OWASP #Pentesting

These results come from ⚡ 📦 254 default vulnerability profiles 🧠 27 Smart Scan IF-THEN rules 🔗 Multi-step scanning ⏱ Time-based blind detection 🎯 30+ insertion point types Skills + automation = impact 💪🔥 👉 bountysecurity.ai/pages/burp-bou…

🐛 We asked Burp Bounty Pro users: what's your best find? 🔴 Path traversal → server takeover 💀 🔴 SQLi → RCE chain 💉 🔴 Chained SSRF 🌐 🔴 HTTP Request Smuggling 📡 🔴 CVE-2021-41773 in prod 🐛 🔴 £5,000 bounty 💰 Real bugs. Real users. 🔥 Yours? 👇 #BurpBounty

🎯 27 rules. Zero manual work. 🛠 You can also build your own rules: IF → passive profile matches [condition] THEN → execute [active profiles] Your scanner adapts to the target automatically. Right-click → Smart Scan → done ✅ 👉 bountysecurity.ai/pages/burp-bou…

🧠 Smart Scan in Burp Bounty Pro: 👁 Passive profile detects a technology 📋 Rule condition matches 🎯 Active profiles fire automatically WordPress detected? → WP CVE profiles 🔥 SQLi params found? → SQLi payloads only 💉 Spring Boot spotted? → Spring checks ⚡

I built a deliberately vulnerable web app so you can test your Burp Bounty Pro profiles against real vulnerabilities. 100+ endpoints. XSS, SQLi, SSRF, SSTI, 42 CVEs, GraphQL... It's live and free. Go break it 👇 🔗 burpbountylab.com #BugBounty #Pentesting #BurpSuite

🐳 Prefer local? Run it with Docker: github.com/BountySecurity… 254 profiles. One target. Go find bugs.

🚀 New: Burp Bounty Lab is live. A deliberately vulnerable web app you can scan with Burp Bounty Pro — no setup, just go. Practice XSS, SQLi, SSRF, path traversal and more against real profiles. 🔗 burpbountylab.com #BugBounty #Pentesting #BurpSuite

🧪 New release: Burp Bounty Vuln App 100+ vulnerable endpoints to test your Burp Bounty Pro profiles actually work. Not a real app — just a local test lab. 👉 docker compose up --build → scan → verify ✅ 🔗github.com/BountySecurity… #BugBounty #BurpSuite #AppSec

📖 New documentation for Burp Bounty Pro 3.0.0 is live. Every feature. Every workflow. Every config option — documented. → docs.bountysecurity.ai #burpbountypro #BugBounty #BurpSuite