Pulsar

What is it?

Pulsar is an automated network footprint scanner for Red Teams, Pentesters and Bounty Hunters. Its focused on discovery of organization public facing assets with minimal knowledge about its infrastructure. Along with network data visualization, it attempts to give a basic vulnerability score to find infrastructure weak points and their relation to other resources. It can be also used as a custom vulnerability scanner for wide and uncharted scopes. This software was created with availability and openness in mind, so it is 100% free, and does not require any API keys to use its features.

What it is not?

• Vulnerability Management Platform
• Full OSINT framework scanner
• Speed oriented tool with immediate results

Project discontinued / archived

Due to low interest and lack of community support I will no longer continue this project. Only security patches and fixes. Feel free to fork your own.

Key features

• Subdomains discovery
• TLD discovery
• Cloud resources discovery
• Basic vulnerability scanning
• Scan policies & optimization
• Data visualization
• Collaboration & data export
• Scheduling & notifications
• REST API
• External APIs integration
• OAUTH integration
• Custom scanner extensions

Integrated projects

• OWASP Amass
• ZMap
• Nmap
• RIPEstat API
• CloudEnum
• SSH Audit
• WhatWeb
• NVD Data Feed

Future ideas

• CLI client
• More open source integrations.
• Stability and speed improvements.
• More detailed scan settings.
• IPv4 subnet discovery.
• Additional confidence tests.
• Additional frontend user controls.
• Harvesting false positive metadata for machine learning model.

Installation instructions

If you would like to use External APIs see USAGE.md

In order to use email notifications, edit EMAIL_BACKEND SETTINGS in portal/portal/settings.py before the installation or web container will need to be rebuild.

In case of build issues (see the repo build flag) please use the release branch

Windows

Prerequisites

1. Git-tools
   • Installer is available here.
2. Docker engine and docker-compose
   • Docker installation instructions are available here.
   • docker-compose installation instructions are available here.

Prerequisites will be verified during installation process.

:warning: For Windows 10 Home users: Since Docker desktop cannot be installed on Windows 10 Home, please install Hyper-V manually, instructions can be found here

Installation

1. Clone or download latest pulsar repository

git clone https://github.com/FooBallZ/pulsar

1. Run powershell installer

PS> .\install.ps1

1. Proceed with installer instructions

   :warning: Make sure you store generated password before further installation steps. Administrator password can be changed in Django admin console at /admin/.

2. Login to pulsar console at https://localhost:8443/ with generated default credentials

Linux

Prerequisites

1. Git-tools Install git from package manager of your distribution, i.e.

   sudo apt install git
   

2. Docker engine and docker-compose
   • Docker installation instructions are available here.
   • Docker-compose installation instructions are available here.

Prerequisites will be verified during installation process.

Installation

1. Clone or download latest pulsar repository

git clone https://github.com/FooBallZ/pulsar

1. Run bash installer

# ./install.sh

1. Proceed with installer instructions

   :warning: Make sure you store generated password before further installation steps. Administrator password can be changed in Django admin console at /admin/.

2. Login to pulsar console at https://localhost:8443/ with generated default credentials

Video guide

In case you have hard times installing Pulsar or wondering how to install dependencies:

Game Flexer created a linux installation tutorial available here.

:warning: I do not take responsibility for any of this content including links in the description.

Contribution

Have an idea, or a tool you would like to integrate? Feel free to issue a pull request.

Current issues and features can be found at projects section. Feel free to pick something.

Currently most help is needed with Vue.js frontend and Docker optimization.

In case you like the idea

• Star me and tell your friends!
• Hit the sponsor button!

In case of issues

• Feel free to issue a bug report.
• See troubleshooting section here.

In case of ideas

• Feel free to issue a change request.
• Feel free to issue a pull request.
• Send me a private message.

In case you would like to see it hosted

• I’m considering launching a funding campaign.

In case of general criticism about code quality and architecture

• You don’t need to use it.
• Feel free to issue a pull request.

Documentation

User guide

Basic usage guide can be found here.

REST API

Self describing API is available at /pulsar/api/v1/ endpoint.

Development

Currently the only available documentation is available at /admin/doc/ endpoint.

Full development documentation will be available in future release.

Architecture

Pulsar is a PaaS based on docker-compose file with pre-installed requirements. Provided architecture can be easliy scaled, converted and deployed to multiple common cloud environments. Web application server is based on services such as Nginx, Gunicorn and Django Rest Framework.

Docker container structure

For more information see docker-compose.yml

Legal

:warning: Althrough Pulsar is focusing on basic service fingerprinting, port scanning and banner grabbing might be illegal in some countries. Please make sure you are authorized to perform network scans on targeted resource before using this tool.

| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | — |