Troubleshooting & FAQs

Troubleshooting

If you encounter issues while setting up or running Pulsar, please review the common solutions below. Most problems arise from missing binary dependencies or incorrect configuration in the Django settings.

Logs Location

When an error occurs, the first step is to check the application and task logs.

• Web Portal Logs: Located in portal/logs/. This directory contains the Django server logs and error traces.
• Task Logs: Pulsar uses Celery for background scanning tasks. Ensure you are monitoring the Celery worker output for real-time scan debugging.

Common Installation Hurdles

Missing Binary Dependencies

Pulsar integrates several third-party tools (Nmap, ZMap, Amass, etc.). If a scan finishes instantly or yields no results, ensure these tools are installed and available in your system's PATH.

# Example: Verify integrated tools are accessible
which nmap
which amass
which zmap

Email Notifications Not Working

As noted in the installation instructions, EMAIL_BACKEND settings must be configured in portal/portal/settings.py before the installation process to function correctly. If notifications are failing:

1. Verify your SMTP credentials in portal/portal/settings.py.
2. Check if your firewall allows outbound traffic on ports 25, 465, or 587.

Database Connectivity

Pulsar relies on a Django-managed database. If you see "Database Connection" errors:

• Ensure your database service (e.g., PostgreSQL) is running.
• Check the DATABASES section in portal/portal/settings.py for correct credentials.
• Run migrations to ensure the schema is up to date:

  python manage.py migrate
  

Scanning Issues

Scans are "Stuck" or Not Starting

This is usually related to the Celery worker or Redis (the message broker).

1. Verify that Redis is running.
2. Ensure the Celery worker is active:

   celery -A portal worker -l info
   

3. Check the worker logs for "Permission Denied" errors, especially when running scans like ZMap that require root/sudo privileges.

No Subdomains Discovered

If OWASP Amass or other discovery tools return zero results:

• Verify your internet connectivity.
• If using External APIs, ensure your API keys are correctly configured in the External APIs integration section of the web UI. (Pulsar does not require these to function, but they significantly improve discovery results).

FAQs

General Questions

Is Pulsar free to use?
Yes. Pulsar is 100% free and open-source. It does not require any paid API keys for its core discovery and scanning features.

Why is the project discontinued?
Due to low community engagement, the original author has moved the project into maintenance mode. It will receive security patches and critical fixes, but no new features are planned. Users are encouraged to fork the repository for custom development.

Can I use Pulsar as a full Vulnerability Management Platform?
No. Pulsar is designed as a footprint scanner and discovery tool. While it provides basic vulnerability scoring and weak-point identification, it is not intended to replace enterprise-grade vulnerability management suites.

Technical Questions

How do I use the REST API?
Pulsar includes a built-in API explorer. You can authenticate using:

• Session Authentication: Used by the web frontend.
• Basic Authentication: Using your portal credentials.
• Token Authentication: For programmatic access.

API documentation is accessible via the portal at /docs/ or through the interactive explorer.

How do I add custom scanner extensions?
Pulsar supports custom extensions. You can integrate your own scripts by interacting with the Sandbox and scanner_utils modules located in portal/pulsar/modules/.

How are the vulnerability scores calculated?
Pulsar correlates discovered asset data with the NVD (National Vulnerability Database) Data Feed and runs specialized modules like SSH Audit and WhatWeb to identify known weaknesses and misconfigurations.

Does Pulsar support IPv6?
The current version focuses on IPv4 assets (via IPv4AddrInstance). IPv6 support and wider subnet discovery are listed as future ideas but are not currently implemented.