Burp Suite Integration

Burp Suite integration can be enabled with a single click through the UI. Once enabled, there are two different methods to transfer scan results from Burp Suite into Invicti ASPM.

You can import the results file generated by Burp Suite either through the Invicti ASPM UI or via the CLI.

Example guides for both methods are provided below.

Invicti ASPM UI

Navigate to the Vulnerabilities page of the project where you want to add findings. On the right side of the page, you will see the Actions button. Select Import from the menu.

Next, select Template, then choose DAST/API and Burp Suite as the scanner type. Provide the required Branch and Owner information. After uploading the file, click Import, and the vulnerabilities will be added automatically.

If an error occurs during this step, you can review the failed reason to identify the cause. Any incompatible or missing fields will be listed in the failure reason details.

CLI (KDT)

To use this method, you must have the KDT tool installed and an Access Token belonging to a user with the Admin role.

You can download the KDT tool from: GitHub | KDT

After installing KDT, verify connectivity by running commands such as kdt ping or kdt list scanners. Once access is confirmed, you can perform the import operation via the CLI using the following command:

kdt scan -p [Project_Name] -b [Branch_Name] -t burpsuite -f [Import_File_Path]