Integrated Toolset

Pulsar operates as a centralized orchestrator for several industry-standard security tools. By integrating these engines, Pulsar automates the transition from raw asset discovery to vulnerability assessment without requiring manual intervention or external API keys for core functionality.

Infrastructure Discovery Tools

Pulsar leverages high-performance discovery engines to map an organization's perimeter from minimal starting data (e.g., a single domain).

OWASP Amass

Used for in-depth subdomain enumeration. Pulsar utilizes Amass to perform active and passive discovery to build a comprehensive map of an organization's DNS footprint.

• Role: Subdomain and TLD discovery.
• Usage: Automatically triggered during the initial discovery phase of a scan.

ZMap

For wide-scope scanning, Pulsar utilizes ZMap to perform high-speed IPv4 surface analysis. This allows Pulsar to identify active hosts across large CIDR blocks or unmapped subnets quickly.

• Role: Rapid network-wide port discovery.
• Context: Used when the scope involves large IP ranges rather than specific hostnames.

CloudEnum

To address the risk of "shadow IT" in the cloud, Pulsar integrates cloud_enum to hunt for public-facing resources across major providers (AWS, Azure, and Google Cloud).

• Role: Discovering S3 buckets, Azure containers, and GCP buckets.
• Visibility: Discovered cloud assets are visualized within the "Cloud Resources" tab of the dashboard.

Service Analysis & Fingerprinting

Once assets are identified, Pulsar dispatches analysis tools to determine what services are running and identify their specific configurations.

Nmap

The core engine for port scanning and service version detection. Pulsar interprets Nmap's XML output to populate the database with open ports and service banners.

• Usage Example (API Policy): When defining a scan policy via the REST API, you can toggle service detection which informs the Nmap execution parameters.

  {
      "name": "Aggressive Analysis",
      "nmap_service_detection": true,
      "nmap_port_range": "1-65535",
      "nmap_timing": 4
  }
  

WhatWeb

Pulsar uses WhatWeb to fingerprint web technologies. This identifies CMS platforms (WordPress, Joomla), web servers (Nginx, Apache), and underlying frameworks or JavaScript libraries.

• Role: Web application metadata extraction.
• Data Point: Extracted headers and "X-Powered-By" tags are used to correlate versions against vulnerability databases.

SSH Audit

For hosts running SSH, Pulsar executes ssh-audit to evaluate the security of the key exchange, encryption algorithms, and MACs.

• Role: Identifying weak SSH configurations (e.g., support for ssh-dss or arcfour).
• Output: Generates a security score specifically for the SSH service of a host.

Vulnerability Intelligence & Scoring

Pulsar transforms raw service data into actionable intelligence by correlating findings with global vulnerability feeds.

NVD Data Feed

Pulsar maintains a local synchronization with the National Vulnerability Database (NVD). It performs offline lookups of discovered service versions against the current CVE (Common Vulnerabilities and Exposures) feed.

• Internal Role: The checkForNewVuln utility in scanner_utils processes service strings to calculate a basic vulnerability score.
• Benefit: Provides immediate "weak point" identification without sending sensitive asset data to external vulnerability scanners.

RIPEstat API

Pulsar queries the RIPEstat API to gather BGP information, IP registry data, and geolocation for discovered assets.

• Role: Enrichment of network data (ASN, Organization name, Geolocation).
• User Interface: This data is primarily used in the visualization engine to group assets by their physical or logical network location.

Configuration via Scan Policies

The behavior of these integrated tools is managed through Scan Policies. Policies allow users to define which tools are active and how aggressive they should be.

API Endpoint: /api/policies/

| Parameter | Type | Description | | :--- | :--- | :--- | | use_amass | Boolean | Enable/Disable DNS enumeration. | | use_whatweb | Boolean | Enable/Disable web technology fingerprinting. | | ssh_audit_level | Integer | Depth of SSH analysis (0: Off, 1: Standard, 2: Aggressive). | | discovery_optimization | String | Sets the ZMap/Nmap timing templates (e.g., T3, T4). |

Example Policy Creation:

curl -X POST http://pulsar-instance/api/policies/ \
     -H "Authorization: Token <YOUR_TOKEN>" \
     -d '{
       "name": "Cloud Only Scan",
       "use_cloud_enum": true,
       "use_amass": false,
       "nmap_service_detection": false
     }'

Note: While Pulsar is designed to work out-of-the-box, ensure that the binary paths for Nmap and ZMap are correctly set in the environment if you are running a custom installation outside of the provided Docker/install scripts.