Onapsis Bizploit – ERP Penetration Testing Framework


Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.

Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of ERP systems.

The term “ERP Security” has been so far understood by most of the IT Security and Auditing industries as a synonym of “Segregation of Duties”. While this aspect is absolutely important for the overall security of the Organization’s core business platforms, there are many other threats that are still overlooked and imply much higher levels of risk. Onapsis Bizploit is designed as an academic proof-of-concept that will help the general community to illustrate and understand this kind of risks.

Currently Onapsis Bizploit provides all the features available in the sapyto GPL project, plus several new plugins and connectors focused in the security of SAP business platforms. Updates for other popular ERPs are to be released in the short term.

You can download Bizploit here:

Bizploit v1.00-rc1 for Windows
Bizploit v1.00-rc1 for Linux

Or read more here.

Posted in: Database Hacking, Security Software

, ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


Comments are closed.