Intentionally vulnerable web application for testing Burp Bounty Pro detection profiles
Quick Start • Categories • Usage • Bounty Security
WARNING: This application is intentionally insecure. It contains real vulnerability patterns (XSS, SQLi, RCE, SSRF, etc.). Run it only in isolated environments.
Burp Bounty Lab provides a safe, local target to validate that your Burp Bounty Pro scanner profiles detect vulnerabilities correctly. It simulates 100+ vulnerability endpoints across multiple categories so you can test your profiles against known-vulnerable patterns.
git clone https://github.com/BountySecurity/BurpBountyLab.git
cd BurpBountyLab
docker compose up --builddocker build -t burpbounty-lab .
docker run -p 8088:8088 burpbounty-labOpen http://localhost:8088 in your browser.
| Category | # | Description |
|---|---|---|
| XSS | 14 | Reflected, DOM, blind, attribute/tag/JS context, encoded |
| SQL Injection | 7 | Error-based, time-based, blind, OOB |
| Remote Code Execution | 13 | Command injection, eval, Log4j, blind RCE |
| Path Traversal | 3 | Linux/Windows file read, PHP include |
| SSRF | 6 | URL fetch, proxy, scheme bypass |
| Open Redirect | 4 | Basic, login, outbound, parameter pollution |
| CORS | 1 | Misconfigured CORS |
| CRLF Injection | 1 | Header injection |
| SSTI | 2 | Jinja2 template injection |
| XXE | 3 | XML parser, upload, SOAP |
| GraphQL | 6 | Introspection, injection |
| CVEs | 42 | Jira, Confluence, Grafana, FortiOS, Spring, Apache, Tomcat, WebLogic, and more |
| WordPress | 10 | Login, XMLRPC, user enum, plugin vulns |
| Spring Boot | 5 | Actuator endpoints |
| Drupal | 2 | User autocomplete, user profile |
| Passive Detection | 7 | Leaked secrets, insecure cookies, missing headers, tech fingerprints |
| Header Injection | 3 | X-Headers, Host header, password reset |
- Start the Lab with Docker
- Configure your browser to use Burp Suite as a proxy
- Browse to
http://localhost:8088— the landing page lists all available endpoints - Load your Burp Bounty Pro profiles
- Scan — run active/passive scans against the application
- Verify that your profiles detect the expected vulnerabilities
- Docker and Docker Compose
This project is provided for educational and testing purposes only. Use responsibly.
