Comparison · Self-hosted vs Self-hosted

Ordnance vs Burp Suite

Burp Suite is $449/yr (Professional). Ordnance is a self-hosted alternative at $1.99/mo. Here's when each makes sense.

At a glance

	Ordnance	Burp Suite
Hosting	Self-hosted, your infra	Desktop app, runs locally
Data location	Your server, your disk	Your server (if self-hosted)
Free tier	5 scans	Paid only
Pro pricing	$1.99/mo	$449/yr (Professional)
Dependencies	None (single binary + SQLite)	Docker, Postgres, etc.
Setup time	~30 seconds	15-30 minutes (self-host)
Dashboard	Built-in at /ui	Web UI
License	BSL 1.1	Open source

When to use Ordnance

Pick Ordnance when you want simplicity and ownership.

$1.99/mo vs $449/yr
Web-based dashboard (no Java desktop app)
Scheduled automated scanning
Single binary, API-driven

Ordnance is a single Go binary with embedded SQLite. Install it with one command, and you are running in under a minute. Your data stays on your server.

curl -fsSL https://stockyard.dev/ordnance/install.sh | sh

Install Ordnance Ordnance docs

When Burp Suite fits better

Burp Suite makes sense when you need more.

Industry standard for web security testing
Manual testing tools (Repeater, Intruder)
Extensive extension marketplace
Professional certification ecosystem

Burp Suite is the industry standard for web application security testing. For professional penetration testing, Burp is essential. Ordnance handles automated vulnerability scanning for teams that want basic security checks without Burp's price or Java dependency.

How to choose

Teams evaluating Burp Suite alongside Ordnance tend to split on two axes: feature depth and data residency. Burp Suite wins on feature depth — it is a mature product with integrations, mobile apps, and a dedicated support team. Ordnance wins on residency — your penetration testing toolkit data lives on your server in a SQLite file you can inspect, back up, and migrate without asking anyone for permission.

Architecture comparison

The operational difference is significant. Burp Suite requires you to trust their infrastructure, their security practices, and their business continuity. Ordnance requires you to run a process and keep the data directory backed up. If your server dies, restore the binary and the SQLite file to a new server. The entire recovery procedure fits in a single paragraph because there is nothing else involved.

Both Ordnance and Burp Suite offer self-hosted options, but the operational requirements differ. Desktop app, runs locally Ordnance is a single binary with embedded SQLite — no containers, no external databases, no orchestration. The practical difference: Ordnance runs on a $5 VPS with no configuration. Self-hosting Burp Suite typically requires a more substantial infrastructure investment.

Switching from Burp Suite

The migration path from Burp Suite depends on how much history you need to bring over. If you only need active records, a manual re-entry through Ordnance's dashboard might be faster than writing a migration script. If you need full history, export from Burp Suite and use Ordnance's POST API to import records. Either way, the process is measured in hours, not weeks.

FAQ

Is Ordnance a Burp Suite alternative?

Burp Suite is for professional pen testing. Ordnance does automated scanning. Very different depth.

Does Ordnance do manual testing?

No. Ordnance runs automated scans. For manual testing (Repeater, Intruder), Burp Suite is necessary.

Get started

Self-hosted penetration testing toolkit in 30 seconds.

Single binary. Free to start. $1.99/mo for Pro.

Install Ordnance All 150 tools for $29/mo →