Target Policy

Structured Scope

• Asset Identifier

  Asset Type

  Max Severity

• Burp Suite DAST

  ---

  Install from https://portswigger.net/burp/enterprise

  OTHER

  critical
• ai.portswigger.net

  URL

  critical
• http1mustdie.com

  ---

  This is static content hosted using CloudFront.

  URL

  high
• portswigger.net

  ---

  https://portswigger.net

  URL

  critical
• *.web-security-academy.net

  ---

  The Academy contains numerous intentional vulnerabilities, and is completely isolated from our other infrastructure.

  WILDCARD

  none
• Burp Suite Extension (BApps)

  ---

  These are made by third parties, and installed via the BApp store in the Burp Extender tab. High severity vulnerabilities only please.

  DOWNLOADABLE_EXECUTABLES

  none
• *.portswigger.net

  ---

  Subdomains of portswigger.net that are not explicitly whitelisted are out of scope.

  WILDCARD

  none
• Burp Suite Enterprise Edition

  ---

  Download from https://portswigger.net/requestfreetrial/enterprise

  DOWNLOADABLE_EXECUTABLES

  critical
• https://enterprise-demo.portswigger.net/

  ---

  This is a hosted demo of Burp Suite DAST

  URL

  critical
• Burp Collaborator

  ---

  Burp Collaborator is part of Burp Suite Pro - for further information refer to https://portswigger.net/burp/help/collaborator.html

  DOWNLOADABLE_EXECUTABLES

  critical
• forum.portswigger.net

  URL

  critical
• Burp Suite Pro/Community

  ---

  Download from https://portswigger.net/burp

  DOWNLOADABLE_EXECUTABLES

  high

Target Scope Domains

• ai.portswigger.net
• enterprise-demo.portswigger.net
• forum.portswigger.net
• http1mustdie.com
• portswigger.net

• 191 Subdomains
• 366 Endpoints
• Download wordlist

Last Finished Scan: