Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Enterprise Edition

Setting up a self-hosted scanning machine for a Cloud instance

  • Last updated: June 6, 2024

  • Read time: 2 Minutes

We provide an installer for Windows and Linux operating systems. You can download these from Burp Suite Enterprise Edition.

Prerequisites

Downloading the installer

  1. From the settings menu , select Scanning resources.
  2. Click Manage scanning machines.
  3. On the Self-hosted scan settings page, click Add scanning machine.
  4. Click Generate token, and save the authentication token. You cannot retrieve the authentication token later, so keep it somewhere safe.
  5. Choose your operating system and copy the URL.
  6. Use the URL to download the installer.

Running the installer

  1. Unzip and run the installer. For Linux, run the installer from the terminal.
  2. The wizard opens. Follow the wizard, and enter the authentication token when prompted.
  3. Enter the hostname of your instance when prompted. The format should look something like this:

    xxxxxx.portswigger-dev.cloud
  4. Click Next. The scanning machine will be installed.

In Burp Suite Enterprise Edition, the new scanning machine is displayed under Self-hosted scanning machines. The Health status shows as Starting, and then Connected.

Note

For Linux, you need to do some additional steps to enable browser-powered scanning. This gives you access to the full capabilities of Burp Scanner. For more information, see Browser-powered scanning for Burp Suite Enterprise Edition.

Scanning your sites with self-hosted scanning machines

The new scanning machine is automatically added to a default self-hosted scanning pool. A scanning pool determines which sites are scanned by which machines.

In order to use your self-hosted scanning machine, you need to assign your sites to use the same scanning pool.

If you don't assign your site to a scanning pool, the PortSwigger-hosted scanning machines are used by default.

To learn how to reassign a site to your scanning pool, see Reassigning a site to a different pool.

Was this article helpful?