What is pysap?
SAP Netweaver is a technology platform for building and integrating SAP business applications. Communication between components uses different network protocols. While some of them are standard and well-known protocols, others are proprietaries and public information is not available.
This Python library provides modules for crafting and sending packets using SAP's NI and Diag protocols. The modules are based on Scapy. The dissectors are based on information acquired at researching the SAP Diag protocol. Additional experimental support is included for SAP's Router protocol.
This tool counts with the following components:
- SAPNI module. Scapy class for the SAP NI (Network Interface protocol). It also includes a Stream Socket implementation for the SAP NI protocol, as well as a base proxy and server implementation.
- SAPDiag module. Contain Scapy classes for craft and dissect DiagDP headers, Diag packets and items. The main class is SAPDiag that is in charge of handling compression/decompression of payload items and serve as a container for them.
- SAPDiagItems module. Some classes for craft and dissect common Diag items.
- SAPDiagClient module. Basic class for establishing a connection with an application server.
- pysapcompress extension. C++ extension for compression/decompression using LZH/LZC algorithms.
Example and proof of concept scripts to illustrate the use of the different modules: login brute force, gather information on the application server, intercept communications, a rogue diag server implementation, test of Denial of Server issues, etc.
- Security research and penetration testing.
- Vulnerability research and exploitation.
- Interact with SAP Netweaver application servers and SAP GUI clients.
- Pysap python module v0.1.3 - MD5: 96206b4b577eb524db2afa63a9d33fb1 [latest version]
- Pysap python module v0.1.2 - MD5: 3a946188f9f1f6653a11c87b184592b1
- Pysap python module v0.1.1 - MD5: b7460a5d01bd869a45684baa69af260b
The tool relays on the Scapy library for crafting packets.
This tool is distributed under the GPLv2 license. Check the COPYING file for more details.
This tool was designed and developed by Martin Gallo from the Security Consulting Services team.
Whether you want to report a bug or give some suggestions on this package, drop us a few lines at oss[at]coresecurity[dot]com or contact the author email mgallo[at]coresecurity[dot]com.
- Martín Gallo
- Release date
- License type