Home
The project aims to help organizations and security professionals to identify and discover open SAP services through the use of different network scanning techniques. This allows individuals to further test these services for any potential threat that might affect SAP applications in their organizations.
Make sure you have the appropriate permissions to actively scan and test applications. Without doing so, you might face legal implications
- Allow security professionals to be able to identify and discover SAP internet-facing applications being used by their organization
- Be able to demonstrate to organizations the risk that can exist from SAP applications facing the internet
- Aligning the results of the research to a single organization to demonstrate SAP technology risk
- Allow contribution to the SAP Internet Research project
Below is a list of how you can benefit from the different research areas of the project:
- Using different port scanners to discover your organization's open SAP services that are published to the internet, below are the services included in the project:
- SAP Router
- SAP Cloud Connector
- SAP Internet Graphic Server
- SAP Message Server
- SAP Dispatcher
- SAP RFC Gateway
- SAP Start Service
- SAP Web Dispatcher
- HANA Database
- SAP ASE DB
- Conducting further analysis of the discovered services
- Aligning discovery with the Core Business Application Security (CBAS) – Security Aptitude Assessment.
- Monitoring services within your organization's IP block that might get published due to misconfiguration
As the world is always changing and new services get deployed on the Internet every day, we welcome any contribution you want to add. We welcome pull requests and issues on GitHub.
To update the wiki page, use the following template page to submit new service information
In general, anyone interested in supporting, contributing or giving feedback join us in our discord channel.