Onapsis is continuously investing resources in the research of the security of business critical systems and applications. They Released Bizploit, which is the first Opensource ERP Penetration Testing framework. It is a free command-line application to perform proof-of-concept penetration tests of the technical layer of SAP platforms. Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms.
Changes made to Bizploit 1.50-rc1:
- New exploits for Management Console.
- New modules for SAProuter.
- New modules for remote execution of RFC Functions.
- Module to detect the CTC Verb Tampering vulnerability.
- Several bug fixes.
Posted by Mohit Kumar at Wednesday, October 03, 2012