Let's gather or organize information on a target using the supplemental engagement tools in Burp Suite:

1. Engagement tools can be accessed by right-clicking on any object in the Site map tab and then scrolling down to the expansion menu and selecting the desired tool. By default, the selected engagement tool will recursively target the object selected, to include all files and directories within. Consider the following screenshot:

2. We will address each of the engagement tools in the order in which they are presented in this menu. For organization purposes, I think it is best to introduce them in the following bullet points:
   • Search: This tool can be used to search for terms, phrases, or regular expressions. It will return any HTTP requests or responses that include the queried term. For each entry returned, the queried term will be highlighted in either the request or response.
   • Find comments: This tool searches through all JavaScript, HTML, and other sources of code throughout the specified web content and locates all comments. These comments can also be exported for later review. This can be particularly helpful at times, as some developers will often leave sensitive information in the comments of code that they have written.
   • Find scripts: This tool will identify all client- and server-side scripts within the 
web content.
   • Find references: This tool will parse through all HTML content and identify other referenced content.
   • Analyze target: This tool will identify all dynamic content, static content, and parameters within the specified web content. This can be particularly useful to organize testing of web applications that have a lot of parameters and/or dynamic content.
   • Discover content: This tool can be used to brute-force directories and filenames by cycling through a word list and defined list of file extensions.
   • Schedule task: This tool allows the user to define time and dates to start and stop various tasks within Burp Suite.
   • Simulate manual testing: This tool presents an excellent way to appear as though you are performing a manual analysis on a web application when you've actually stepped away for coffee and donuts. There is absolutely no practical function for this tool, beyond just bamboozling the boss.