Skip to content
/ SAP-Threat-Modeling Public

The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabilities. With features like inputting SAP credentials, scanning for connections, and visualizing the network.

redrays.io/threat-modeling-for-sap/

License

MIT license
37 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

redrays-io/SAP-Threat-Modeling

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

.github/workflows

.github/workflows

 
 

.idea

.idea

 
 

images

images

 
 

sap_utils

sap_utils

 
 

templates

templates

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

app.py

app.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

screenshot

SAP Threat Modeling Tool - Readme

This tool helps you analyze and visualize connections between your SAP systems, enabling identification of potential security risks and vulnerabilities.

For more detailed information about potential threats in SAP systems related to inter-SAP connections, visit this page.

Features:

  • Input SAP Credentials: Enter system details (SID, username, password, etc.) to establish initial connections.
  • Scan for Inter-SAP Connections: Discover and display connections between your SAP systems, including usernames and password storage flags.
  • Visualize the Network: View a graph representation of your SAP network, highlighting connections with potential security concerns.
  • Filter Connections: Focus on specific connections, such as those with stored passwords.

Usage:

  1. Initiate Connections:

    • Navigate to the "Init Connections" page.
    • Enter SAP system credentials similar to the format shown in this screenshot.
    • Save the connection details and click "Scan" to start the analysis.

  2. View Existing Connections:

    • After the scan is completed, go to the "Connections Table" page.
    • Here, you can view all existing connections in a tabular format as depicted in this screenshot.

  3. Explore Inter-SAP Connections:

    • Alternatively, visit the "Graph Connection" page to visualize the inter-SAP connections in a graph format like shown in this screenshot.
    • You can filter the connections to display only those with saved passwords, as demonstrated in this screenshot.

Installation:

  1. Clone the repository:

    git clone https://github.com/redrays-io/SAP-Threat-Modeling-Tool.git

    Use code with caution.

  2. Install dependencies:

    pip install -r requirements.txt

    Use code with caution.

  3. Run the application:

    python app.py

    Use code with caution.

  4. Access the web interface: Open http://localhost:5000 in your browser.

Docker Setup:

Alternatively, you can set up the tool using Docker with the following command:

docker pull ghcr.io/redrays-io/sap-threat-modeling:latest

Security Considerations:

  • Credential Storage: This tool stores SAP credentials in a local SQLite database. Ensure proper security measures for the database file.
  • Data Sensitivity: The tool exposes information about SAP connections and potential vulnerabilities. Limit access to authorized personnel only.
  • Production Use: This tool is intended for development and testing purposes. Evaluate its suitability before using it in production environments.

About

The SAP Threat Modeling Tool is an on-premises open-source web application designed to analyze and visualize connections between SAP systems, helping users identify security risks and vulnerabilities. With features like inputting SAP credentials, scanning for connections, and visualizing the network.

redrays.io/threat-modeling-for-sap/

Topics

security sap modeling threat threat-modeling sap-security

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

37 stars

Watchers

2 watching

Forks

8 forks
Report repository

Packages 1

 

Languages