Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

CYBSEC News - New sapyto release (v0.98)

From: "Mariano Nuñez Di Croce" <mnunezdicroce () gmail com>
Date: Wed, 10 Dec 2008 15:29:31 -0200
Hello list,

I'm glad to let you know that a new version of sapyto, the SAP
Penetration Testing Framework, is available.

You can download it by accessing the following link:
http://www.cybsec.com/EN/research/sapyto.php

News in this version:
---------------------------

This version is mainly a complete re-design of sapyto's core and
architecture to support future releases. Some of the new features now
available are:

. Target configuration is now based on "connectors", which represent
different ways to communicate with SAP services and components. This
makes the
framework extensible to handle new types of connections to SAP platforms.

. Plugins are now divided in three categories:
        . Discovery: Try to discover new targets from the
configured/already-discovered ones.
        . Audit: Perform some kind of vulnerability check over configured targets.
        . Exploit: Are used as proofs of concept for discovered vulnerabilities.

. Exploit plugins now generate shells and/or sapytoAgent objects.

. New plugins!: User account bruteforcing, client enumeration,
SAProuter assessment, and more...

. Plugin-developer interface drastically simplified and improved.

. New command switches to allow the configuration of
targets/scripts/output independently.

. Installation process and general documentation improved.

. Many (*many*) bugs fixed. :P


Enjoy!
Cheers,

-- -----------------------------------------
Mariano Nuñez Di Croce
CYBSEC S.A. Security Systems
Email: mnunez () cybsec com
Tel/Fax: (54-11) 4371-4444
Web: http://www.cybsec.com
PGP: http://www.cybsec.com/pgp/mnunez.txt
-----------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: