OWASP / pysap

pysap is an open source Python library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols.
https://owasp.org/www-project-core-business-application-security/
GNU General Public License v2.0
220 stars 61 forks source link
cbas python sap scapy

pysap - Python library for crafting SAP's network protocols packets

Build and test pysap Latest Version Documentation Status

Version 0.1.20.dev0 (XXX 2023)

:information_source: Python 3 port project

Overview

SAP Netweaver and SAP HANA are technology platforms for building and integrating SAP business applications. Communication between components uses different network protocols and some services and tools make use of custom file formats as well. While some of them are standard and well-known protocols, others are proprietaries and public information is generally not available.

pysap is an open source Python 2 library that provides modules for crafting and sending packets using SAP's NI, Diag, Enqueue, Router, MS, SNC, IGS, RFC and HDB protocols. In addition, support for creating and parsing different proprietary file formats is included. The modules are built on top of Scapy and are based on information acquired at researching the different protocols, file formats and services.

Features

Installation

To install pysap simply run:

$ python -m pip install pysap

pysap is compatible and tested with Python 2.7.

Roadmap

Python 3 port project

:warning: For legacy reasons, the project is only Python 2 compatible. There were some initial efforts to port the project to be Python 2 and 3 compatible, but those were never completed.

As time passed, and Python 2 started to loss relevance, we decided to start a new effort to complete the project and move the project to be Python 3 only compatible. The main reason is to avoid the introduction of backwards compatibility libraries that add complexity to the code and are not relevant in the current state of the Python project.

This project is actively being worked on right now by the OWASP CBAS project as part of the master-0.2 branchand tracked as a project.

Further efforts

The document

Documentation

Documentation is available at Read the Docs.

License

This library is distributed under the GPLv2 license. Check the COPYING file for more details.

Authors

he tool was initially designed and developed by Martin Gallo wile working at SecureAuth's Innovation Labs team, with the help of many contributors. The code was then contributed by SecureAuth to the OWASP CBAS Project in October 2022.

Contributors

Contributions made by:

Disclaimer

The spirit of this Open Source initiative is to help security researchers, and the community, speed up research and educational activities related to the implementation of networking protocols and stacks.

The information in this repository is for research and educational purposes only and is not intended to be used in production environments and/or as part of commercial products.

If you desire to use this tool or some part of it for your own uses, we recommend applying proper security development life cycle and secure coding practices, as well as generate and track the respective indicators of compromise according to your needs.

Contact Us

Whether you want to report a bug, send a patch, or give some suggestions on this package, drop a few lines to OWASP CBAS' project leaders.

For security-related questions check our security policy.