Penetration Testing mailing list archives
RE: SAP Pen-Test
From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 2 Nov 2004 11:05:33 -0600
Hydra (parallized login hacker) from THC uses some SAP R/3 stuff. Anyone ever use test it? Currently this tool supports: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, Cisco enable, Cisco AAA (incorporated in telnet module). http://www.thc.org/releases.php
-----Original Message----- From: Sven Tambler [mailto:tambler.20.tam () spamgourmet com] Sent: Friday, October 29, 2004 3:42 AM To: pen-test () securityfocus com Subject: SAP Pen-Test Hello everyone, I want to test a SAP Enterprise Portal. Do you know a tool for pen-testing a SAP portal? Of course, there are a lot of tools and techniques for apache or IIS and you can use them in a similar way. Otherwise there are a lot of SAP originalities and specialities you have to keep in mind. I don´t search for a tool like "nessus for SAP" - such a thing doesn´t exist - but some advices or plug-ins could be very useful. Could you by any chance be able to help? Thanks - Sven
Current thread:
- SAP Pen-Test Sven Tambler (Nov 01)
- RE: SAP Pen-Test Rob Shein (Nov 03)
- RE: SAP Pen-Test Marc Heuse (Nov 05)
- Re: SAP Pen-Test Nicolas Gregoire (Nov 03)
- Re: SAP Pen-Test Martin Eiszner (Nov 05)
- <Possible follow-ups>
- RE: SAP Pen-Test Todd Towles (Nov 03)
- RE: SAP Pen-Test Nicolas Gregoire (Nov 05)
- RE: SAP Pen-Test Rob Shein (Nov 03)