[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CYBSEC News - New sapyto release (v0.98)

Hello list,

I'm glad to let you know that a new version of sapyto, the SAP Penetration 
Testing Framework, is available.

You can download it by accessing the following link: 
http://www.cybsec.com/EN/research/sapyto.php

News in this version:
---------------------

This version is mainly a complete re-design of sapyto's core and architecture 
to support future releases. Some of the new features now available are:

. Target configuration is now based on "connectors", which represent different 
ways to communicate with SAP services and components. This makes the
framework extensible to handle new types of connections to SAP platforms.

. Plugins are now divided in three categories:
        . Discovery: Try to discover new targets from the 
configured/already-discovered ones.
        . Audit: Perform some kind of vulnerability check over configured 
targets.
        . Exploit: Are used as proofs of concept for discovered vulnerabilities.

. Exploit plugins now generate shells and/or sapytoAgent objects.

. New plugins!: User account bruteforcing, client enumeration, SAProuter 
assessment, and more...

. Plugin-developer interface drastically simplified and improved.

. New command switches to allow the configuration of targets/scripts/output 
independently.

. Installation process and general documentation improved.

. Many (*many*) bugs fixed. :P


Enjoy!
Cheers,

-- 
-----------------------------------------
Mariano Nuñez Di Croce

CYBSEC S.A. Security Systems
Email: mnunez@xxxxxxxxxx
Tel/Fax: (54-11) 4371-4444
Web: http://www.cybsec.com
PGP: http://www.cybsec.com/pgp/mnunez.txt
-----------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/