Here’s what you need to do in order to start importing findings within the Pentest-Tools platform and generate the reports you need.
Requirements
- Burp Suite Professional (Community edition not supported)
- A valid Pentest-Tools.com API key (Pentest Suite plan required)
Set up:
- Download the extension’s .jar file from the public releases page, then load it in Burp: open Extensions → Installed → Add, choose Java as the extension type, point to the JAR, and click Next. You’ll see a new Pentest-Tools.com tab appear.
- If you don’t already have one, you can create a new API key from our Integration page, assigning it a suitable name and expiration date.
- Copy the
Personal access token - Go back to Burp Suite Professional, open the Pentest-Tools.com tab, paste your API key, and hit Save. If the key is valid, your workspaces are pulled in automatically.
Choose the one you want to use for this Burp project. Each Burp project is linked to the workspace you select, so you can pick a different workspace per project. This setting persists between Burp sessions. Switching later is just a dropdown away.
Sending findings to the Findings page:
When you’re ready to export, select one or more Audit Issues in Burp’s Issues view, right-click, and choose Extensions → Pentest-Tools.com → Send issues to [workspace_name].
The extension sends core metadata (issue name, severity, target, and description) to your selected workspace.
Note: references/classifications from Burp are not included, and request/response content is not exported at this time. Watch the inline log for success messages or any errors that need attention.
Because multi‑select is supported, you can ship a batch of confirmed issues at once.
The structure of the sent findings will be the following:
- Burp’s Issue name becomes the finding title
- The host/URL/path inform the affected asset and precise location
- Severity(High/Medium/Low/Info) maps one‑to‑one, and confidence
Certainis preserved where available. We include issue background/details as the description and remediation guidance as remediation.
If you re-send similar issues, they will be grouped together, with only one variant displayed. Findings associated with different targets will appear as separate entries in the Findings table.
You can also edit and clone findings after import, if needed.
Updates and removal
To update, download the new JAR, remove the old entry from Extensions → Installed, and add the new file. To uninstall, remove the extension from the same screen. Your Burp projects remain untouched, and previously exported findings stay available in the Pentest-Tools.com workspace.
FAQ
Does this work with Burp Community?
No. The extension targets Burp Suite Professional.
Can I send multiple issues at once?
Yes. Multi-select issues in Burp and use the right-click action.
Can I switch workspaces mid-project?
Yes. Change the workspace in the extension tab any time. Your next submissions go to the newly selected workspace.
Which Burp items are supported?
Audit Issues from Burp’s scanning/manual verification views. (Non-issue items like generic proxy history entries aren’t exported.)
Where do my submissions appear?
In Pentest-Tools.com → Findings, inside the workspace you selected.
What about custom fields?
Standard fields are mapped automatically. You can enrich or edit findings after import within our platform.
Will I be billed for the imported findings?
This applies only if you choose to scan the newly created targets. If those targets are linked to a base domain you’ve already scanned, you can scan or rescan them as many times as needed within the same scan cycle. You can find more details on the difference between assets and targets here.
How many findings can I import into the Pentest-Tools platform?
Currently, the rate limit is set to 50 findings per hour.