The Pentester’s Co-Pilot: Revolutionizing Security Audits with Burp AI Agent

Ollama, LM Studio, Generic OpenAI-compatible, Gemini CLI, Claude CLI, Codex CLI, OpenCode CLI.

53+ MCP Tools

History, Repeater, Intruder, Scanner, Scope, Site Map, Collaborator, Utilities, and more.

62 Vulnerability Classes

From SQLi and XSS to cache poisoning, JWT attacks, and API security issues.

3 Scan Modes

BUG_BOUNTY, PENTEST, and FULL for different engagement styles.

3 Privacy Modes

STRICT (zero trust), BALANCED (pragmatic), and OFF (raw data).

9 Prompt Templates

Editable templates for request and issue context menu actions.

8 Curated BountyPrompt Actions

Detection, recon, and advisory prompts with selective context tags.

Token-Aware Controls

Passive scanner and manual context caps, dedup windows, and prompt-result caching to reduce model spend.

Burp Pro Integration

Native ScanCheck, Collaborator OAST, and scanner issue actions.

Use Cases

• AI-Assisted Analysis: Analyze requests, explain JS, draft PoCs, and generate issue narratives directly from Burp context.
• Local Privacy: Run local models for low-leakage workflows and keep strict redaction controls when using cloud providers.
• MCP Workflows: Connect external MCP clients to Burp and run supervised tool-driven workflows.
• Automated Scanning: Keep passive and active AI scanners running while you focus on manual testing.
• Defensible Operations: Preserve auditable, reproducible prompt bundles with deterministic redaction options.

Operational Guarantees

• Your settings persist across restarts and are migrated safely between versions.
• Passive and active scanners enforce queue/size limits to avoid runaway resource usage.
• Privacy policies are applied before prompt data leaves Burp.
• MCP tools are safety-gated with safe/unsafe controls and per-tool toggles.
• Session history and context size controls help limit token/cost growth.
• Audit logging provides tamper-evident JSONL records for reproducibility workflows.

Install & Use