Code Pulse an project by
Fork me on GitHub

Code Pulse is a free real-time code coverage tool for penetration testing activities

Download Code PulseVersion 1.1

How it works

  1. Download & run Code Pulse
  2. Point Code Pulse at your app bundle
  3. Configure your app for monitoring
  4. Monitor code coverage in real-time!
Download Code Pulse, extract the zip archive, and run the application.
Detailed Installation Instructions
Create a new project and pass it your war/jar/zip so that it can index your application inventory.
Creating Code Pulse Projects Instructions
Pass an extra flag to your application's JVM startup so that we can monitor it.
-javaagent:CodePulse/agent.jar=localhost:8765
Agent Configuration Instructions
Code Pulse receives the coverage data while your application runs and shows it to you in realtime!
Tracing Instructions
Compare coverage across testing tools

Are you using automated penetration testing tools? Monitor and compare their coverage. Visually understand where there were coverage overlaps and where there weren't any.

Communicate your testing activity

Export your coverage activity and share it with others so they can easily understand which parts of the application were covered in testing.

Why Code Pulse?

A continuous challenge facing penetration testers is ensuring adequate coverage of a target application. A purely black box perspective makes it almost impossible to accurately identify how much of the attack surface was tested for penetration during assessment.

Code Pulse is a glass box tool that provides insight into the real-time code coverage of penetration testing activities. Code Pulse automatically detects coverage information while the tests are being conducted and will even make it possible to understand the overlaps and boundaries of the different tools coverage.

Code Pulse presents coverage information in a visual form to make it easy to understand at-a-glance which parts of an application have been covered and how much. The real-time coverage feedback makes it easy to adjust testing activity based on the observed coverage. In addition, for testing activities relying on multiple techniques (a variety of dynamic analysis tools for instance) it's easy to split up the recorded activity to understand which code was covered by each tool independently or alternatively to view coverage overlaps between multiple tools.

Identify coverage gaps

Even if you visited a page, you may not have triggered certain critical code paths. See exactly what methods were called during your testing.

Learn how to fine-tune your testing tools

There are a lot of unknowns when using active scanners. Use Code Pulse as you let your scanners loose on the application and understand where the scan shortcomings were as you fine-tune the testing tool configuration.

Features

Real-time insight

See what code is called in real-time as a result of your testing activities

Works with any testing tool

Code Pulse is testing-tool agnostic and will happily continue to give you coverage information regardless of which tool you're using

Separate Recordings

Code Pulse gives you the tools to identify coverage activity based on what you were doing at the time

Detailed coverage information

See coverage information from a high level view all the way down to individual methods

Visualizations

See code coverage in a single at-a-glance visualization

Third-party vulnerabilities

Code Pulse integrates directly with Dependency Check to automatically notify you when a third-party dependency has a known vulnerability

Application Inventory

Understand the structure and dependencies of the monitored application right from the Code Pulse interface

Multi-session traces

No need to worry about doing your testing activity in one session; with Code Pulse you can spread your testing over many sessions and still get coverage data

Share/Export

Export your coverage information and share it easily with other people