SAP Infrastructure security internals: Google and Shodan hacking for SAP

SAP

The SAP security is still surrounded by many myrths. For example they say that SAP applications are avaiable only internally. Here I have collected some simple Google hacking and Shodan hacking tricks that can be used to find SAP servers on the Internet.


GOOGLE HACKS

  • SAP NetWeaver ABAP

inurl:/sap/bc/bsp

  • SAP NetWeaver Portal

inurl:/irj/portal

  • SAP ITS

unurl:/scripts/wgate
unurl:/scripts/wgate/webgui

  • SAP BusinessObjects

inurl:infoviewapp

SHODAN HACKS

  • SAP Web Application Server (ICM)
  • SAP NetWeaver Application Server
  • SAP Web Application Server
  • SAP J2EE Engine
  • SAP Internet Graphics Server

Do you want more?

Subscribe me to your mailing list