SAP ERP Penetration Testing framework / Tools List :
- Bizploit By Onapsis
- Sapyto By Cyber System Security
- ERPScan’s By SAP AG
is the first Opensource SAP ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.
Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.
is the first SAP Penetration Testing Framework. Fully developed at CYBSEC-Labs, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.
Sapyto is periodically updated with the outcome of the deep research constantly carried out by CYBSEC-Labs on the various security aspects in SAP systems.
To obtain further information about specific SAP security services, please visit our SAP Security section.
The following versions of sapyto are available at this moment:
Sapyto Public Edition (v0.99) for Windows [DOWNLOAD]
Sapyto Public Edition (v0.99) for Linux [DOWNLOAD]
SAP Pentesting Tool is NOT a demo or part of professional product called ERPScan Security Scanner it is just a number of perl scripts for penetration testers.
OverviewERPScan's SAP Pentesting Tool is a freeware tool that is intended for penetration testers and security officers for vulnerability assessment of SAP systems using Black Box testing methodologies. It means that you do not need to know any information about the target system or have a legal account in it. All the information will be collected by SAP Pentesting tool.
Updated release 0.6 from 01.10.2012
- Total 31 modules
- 18 Information gathering
- 3 Command execution
- 8 Aux
- 4 DoS
- Exploit for Verb Tampering (add user and add role)
- P4 password decryptor plugin
- ~40 default public ICM pages scan
FeaturesUsing ERPScan's SAP Pentesting Tool you can:
- Obtain information using information disclosure vulnerability;
- Exploit potential vulnerabilities;
- Collect business critical data or the data for conducting other attacks