Wednesday, September 4, 2013

SAP ERP Penetration Testing framework / Tools List

SAP ERP Penetration Testing framework / Tools List :

  • Bizploit By Onapsis
  • Sapyto By Cyber System Security
  • ERPScan’s By SAP AG

                     
Bizploit :
            is the first Opensource SAP ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.


Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.



  • Download Bizploit v1.50-rc1 for Windows  
  • Download Bizploit v1.50-rc1 for Linux

  • Sapyto:
               is the first SAP Penetration Testing Framework. Fully developed at CYBSEC-Labs, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.

              Sapyto is periodically updated with the outcome of the deep research constantly carried out by CYBSEC-Labs on the various security aspects in SAP systems.

              Although sapyto is a versatile and powerful tool, it is of major importance for it to be used by consultants who are highly skilled and specialized in its usage, preventing any interference with your organization’s usual SAP operation.

               To obtain further information about specific SAP security services, please visit our SAP Security section.

    The following versions of sapyto are available at this moment:


    Sapyto Public Edition (v0.99) for Windows [DOWNLOAD]
    Sapyto Public Edition (v0.99) for Linux [DOWNLOAD]

    ERPScan's:
                     SAP Pentesting Tool is NOT a demo or part of professional product called ERPScan Security Scanner it is just a number of perl scripts for penetration testers.
    Overview
    ERPScan's SAP Pentesting Tool is a freeware tool that is intended for penetration testers and security officers for vulnerability assessment of SAP systems using Black Box testing methodologies. It means that you do not need to know any information about the target system or have a legal account in it. All the information will be collected by SAP Pentesting tool.


    Updated release 0.6 from 01.10.2012

    - Total 31 modules
    - 18 Information gathering
    - 3 Command execution
    - 8 Aux
    - 4 DoS
    - Exploit for Verb Tampering (add user and add role)
    - P4 password decryptor plugin
    - ~40 default public ICM pages scan

    Features
    Using ERPScan's SAP Pentesting Tool you can:
    • Obtain information using information disclosure vulnerability;
    • Exploit potential vulnerabilities;
    • Collect business critical data or the data for conducting other attacks
    If you want to test professional product please fill this form.

    6 comments:

    1. Thanks for sharing. Learn a lot from your Blog.I have read your blog about it-security-matter It is very help full.I really enjoyed reading it, you may be a great author.I must say you've done a wonderful job by sharing your article with us. penetration testing

      ReplyDelete
    2. Hi the download link for bizploit is broke and also sapyto is not downloadable from their website. If you can help me to download both the tools it will be very helpful.
      Thanks

      ReplyDelete
    3. My colleagues were looking for UPS Bill of Lading a few days ago and were informed of a web service that has a ton of fillable forms . If people are looking for UPS Bill of Lading too , here's http://goo.gl/ctym7D

      ReplyDelete
    4. Thanks for sharing this information. Kanhasoft is the ERP Software Development Agency in India and USA. We are delivering secured and affordable web application development services to 45+ offshore countries. Visit our site to know more.

      ReplyDelete