Introduction

Overview

Pulsar is an automated network footprint scanner designed specifically for Red Teams, Pentesters, and Bug Bounty hunters. Its primary objective is the discovery of an organization's public-facing assets with minimal prior knowledge of the underlying infrastructure.

By combining automated reconnaissance with network data visualization, Pulsar maps out infrastructure weak points and establishes relationships between discovered resources. Unlike many enterprise tools, Pulsar is built with openness in mind—it is 100% free and does not require third-party API keys to perform its core discovery functions.

Key Capabilities

Pulsar acts as a central orchestrator for several security discovery tasks:

• Asset Discovery: Automatically identifies Subdomains, TLDs, and Cloud resources (AWS, Azure, GCP).
• Vulnerability Assessment: Provides a basic vulnerability score to help prioritize infrastructure weak points.
• Data Visualization: Generates a visual representation of network data to help users understand the relationship between different assets.
• Collaboration & Integration: Features built-in data export, OAUTH integration, and a REST API for programmatic access.
• Extensibility: Supports custom scanner extensions and flexible scan policies to optimize performance for specific scopes.

Integrated Toolset

Pulsar leverages industry-standard open-source tools to provide comprehensive coverage:

| Category | Integrated Tools | | :--- | :--- | | Discovery | OWASP Amass, CloudEnum, RIPEstat API | | Scanning | ZMap, Nmap, SSH Audit, WhatWeb | | Intelligence | NVD (National Vulnerability Database) Data Feed |

System Architecture & Interface

Pulsar is built on a modern stack consisting of a Django (Python) backend, Celery for task orchestration, and a Vue.js frontend.

Web Dashboard

The primary interface is a responsive Vue.js dashboard that allows users to manage scan policies, view real-time scan progress, and interact with data visualizations.

REST API

Pulsar provides a robust REST API powered by the Django Rest Framework (DRF). This allows users to trigger scans and retrieve asset data programmatically.

Example Request: Retrieve Assets

curl -H "Authorization: Token <your_token>" \
     -H "Accept: application/json" \
     https://<pulsar-instance>/api/assets/

Example Response:

[
  {
    "id": 1,
    "domain": "example.com",
    "subdomains": ["api.example.com", "dev.example.com"],
    "vulnerability_score": 4.2,
    "last_scan": "2023-10-27T10:00:00Z"
  }
]

Project Status

[!IMPORTANT] Project Archived: As of version 1.0.3, this project is in maintenance mode. The original author is no longer developing new features due to low community support. The repository remains open for security patches and forks.

What Pulsar is Not

To use Pulsar effectively, it is important to understand its limitations:

• Not a Vulnerability Management Platform: It is for discovery and initial scoring, not long-term remediation tracking.
• Not a Full OSINT Framework: It focuses specifically on network footprinting rather than social media or people-based intelligence.
• Not Built for Instant Results: Reconnaissance takes time; Pulsar prioritizes thoroughness over immediate output.