Skip to content
/ SAP-Threat-Modeling Public

The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabilities. With features like inputting SAP credentials, scanning for connections, and visualizing the network.

redrays.io/threat-modeling-for-sap/

License

MIT license
47 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

redrays-io/SAP-Threat-Modeling

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
.idea
.idea
 
 
images
images
 
 
sap_utils
sap_utils
 
 
templates
templates
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

screenshot

SAP Threat Modeling Tool - Readme

This tool helps you analyze and visualize connections between your SAP systems, enabling identification of potential security risks and vulnerabilities.

For more detailed information about potential threats in SAP systems related to inter-SAP connections, visit this page.

Features:

  • Input SAP Credentials: Enter system details (SID, username, password, etc.) to establish initial connections.
  • Scan for Inter-SAP Connections: Discover and display connections between your SAP systems, including usernames and password storage flags.
  • Visualize the Network: View a graph representation of your SAP network, highlighting connections with potential security concerns.
  • Filter Connections: Focus on specific connections, such as those with stored passwords.

Usage:

  1. Initiate Connections:

    • Navigate to the "Init Connections" page.
    • Enter SAP system credentials similar to the format shown in this screenshot.
    • Save the connection details and click "Scan" to start the analysis.

  2. View Existing Connections:

    • After the scan is completed, go to the "Connections Table" page.
    • Here, you can view all existing connections in a tabular format as depicted in this screenshot.

  3. Explore Inter-SAP Connections:

    • Alternatively, visit the "Graph Connection" page to visualize the inter-SAP connections in a graph format like shown in this screenshot.
    • You can filter the connections to display only those with saved passwords, as demonstrated in this screenshot.

Installation:

  1. Clone the repository:

    git clone https://github.com/redrays-io/SAP-Threat-Modeling-Tool.git

    Use code with caution.

  2. Install dependencies:

    pip install -r requirements.txt

    Use code with caution.

  3. Run the application:

    python app.py

    Use code with caution.

  4. Access the web interface: Open http://localhost:5000 in your browser.

Docker Setup:

Alternatively, you can set up the tool using Docker with the following command:

docker pull ghcr.io/redrays-io/sap-threat-modeling:latest

Security Considerations:

  • Credential Storage: This tool stores SAP credentials in a local SQLite database. Ensure proper security measures for the database file.
  • Data Sensitivity: The tool exposes information about SAP connections and potential vulnerabilities. Limit access to authorized personnel only.
  • Production Use: This tool is intended for development and testing purposes. Evaluate its suitability before using it in production environments.

About

The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabilities. With features like inputting SAP credentials, scanning for connections, and visualizing the network.

redrays.io/threat-modeling-for-sap/

Topics

security sap modeling threat threat-modeling sap-security

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

47 stars

Watchers

2 watching

Forks

13 forks
Report repository

Packages

 
 
 

Languages