Burp-Pentest-Coverage-Tracker is a tool designed to help penetration testers keep track of their testing coverage while working inside Burp Suite. It shows which parts of a web application have been tested and which have not. This makes it easier to avoid missing any vulnerable spots during security testing.
This tool logs all the endpoints you find and tracks whether you tested all their parameters. By using this extension, you get a clear picture of what parts of the application still need attention. This is useful for pentesters and security teams who want a complete and systematic testing process.
- Tracks discovered endpoints automatically during testing.
- Records which parameters have been tested.
- Shows which attack surfaces remain untested.
- Integrates directly with Burp Suite for real-time feedback.
- Easy-to-read interface that highlights gaps in testing.
- Helps security teams clearly see testing progress.
Before installing Burp-Pentest-Coverage-Tracker, make sure your system meets these requirements:
- Windows 10 or later.
- Burp Suite Professional or Community Edition v2.0 or higher.
- Java Runtime Environment (JRE) 8 or newer installed.
- At least 4 GB RAM and 2 GHz processor.
- Internet connection to download the extension.
You can visit the Burp-Pentest-Coverage-Tracker GitHub page to find the latest release and download the extension.
- Click the button above or go directly to https://github.com/msalyas/Burp-Pentest-Coverage-Tracker.
- Find the Releases section on the page.
- Download the file with the
.jarextension. This is the Burp Suite extension file you will need.
- Start Burp Suite on your Windows machine.
- Go to the Extender tab in Burp Suite.
- Select the Extensions sub-tab.
- Click Add.
- In the new window, select the extension type as Java.
- Click Select file and browse to the
.jarfile you downloaded. - Click Next or Load to install the extension.
The extension should now appear in the list and be active. You will see new panels or tabs related to Pentest Coverage Tracking.
- Start your normal pentest workflow in Burp Suite.
- The coverage tracker logs all the endpoints you visit or find.
- For each endpoint, it shows parameters and tracks whether you have tested them.
- Use the interface to check which parts are missing tests.
- Focus on untested parameters to improve your coverage.
- The tool updates in real time, so you can see progress as you test.
- Regularly check coverage to avoid missing targets.
- Combine this tool with other Burp extensions for thorough testing.
- Use coverage data to create clear reports for security teams.
- Update the extension regularly by downloading new releases.
- Visit the GitHub issues page to report bugs or request features.
- Look for troubleshooting guides in the repository’s Wiki or Docs folder.
- If you are new to Burp Suite, consider learning basics from official tutorials.
- The extension works only with Burp Suite installed on your machine.
- It requires Java to run; ensure your system's Java version is compatible.
- It tracks coverage within Burp Suite only and does not cover external tools.
- Your testing strategy affects the accuracy of coverage results.
- API security
- Attack surface management
- Bug bounty testing
- Burp Suite extensions
- Penetration testing
- Security testing
- Web application security
This project is open source. Check the LICENSE file in the repository for details on terms and conditions.
To download and install now, visit: