CYBSEC News - New sapyto release (v0.98)

[Mariano Nuñez Di Croce <mnunez () cybsec com>]

Hello list,

I'm glad to let you know that a new version of sapyto, the SAP Penetration Testing Framework, is available.

You can download it by accessing the following link: http://www.cybsec.com/EN/research/sapyto.php

News in this version:
---------------------

This version is mainly a complete re-design of sapyto's core and architecture to support future releases. Some of the 
new features now available are:

. Target configuration is now based on "connectors", which represent different ways to communicate with SAP services 
and components. This makes the
framework extensible to handle new types of connections to SAP platforms.

. Plugins are now divided in three categories:
        . Discovery: Try to discover new targets from the configured/already-discovered ones.
        . Audit: Perform some kind of vulnerability check over configured targets.
        . Exploit: Are used as proofs of concept for discovered vulnerabilities.

. Exploit plugins now generate shells and/or sapytoAgent objects.

. New plugins!: User account bruteforcing, client enumeration, SAProuter assessment, and more...

. Plugin-developer interface drastically simplified and improved.

. New command switches to allow the configuration of targets/scripts/output independently.

. Installation process and general documentation improved.

. Many (*many*) bugs fixed. :P


Enjoy!
Cheers,

-- 
-----------------------------------------
Mariano Nuñez Di Croce

CYBSEC S.A. Security Systems
Email: mnunez () cybsec com
Tel/Fax: (54-11) 4371-4444
Web: http://www.cybsec.com
PGP: http://www.cybsec.com/pgp/mnunez.txt
-----------------------------------------