A collection of notes/exceptions/issues I've encountered while using Onapsis Bizsploit.

1_OnapsisBizsploitNotes-README.md

Onapsis Bizsploit Notes/Exceptions/Issues

A collection of notes/exceptions/issues I've encountered while using Onapsis Bizsploit.

2_OnapsisBizsploit-Notes.md

Onapsis Bizsploit - Notes

This will be a collection of random notes/musings. Probably mostly this will aim to store a digital copy of the enhancements I think of as I use bizsploit.

Helper/wrapper script to simplify functions

• Create a target(s) script
• Target + discovery
• Target + discovery + vulnassess
• Etc

External Requirements

• sqlplus (/usr/bin/sqlplus)
• SAP RFC Framework

Bugs/Etc

• Tools option not shown in help screen (main menu)

• Also see 3_OnapsisBizsploit-Exceptions.txt

General enhancements

• Fix up inconsistencies with menu names/commands/etc
  • Eg. list/view/show/etc
  • Enable support for cd .. as well as back
  • Etc
• Ability to execute a script from inside bizsploit (eg for vulnassess/etc after targetting)
• Passthrough unknown commands to operating system (like metasploit)
• Interact with metasploit database?

Plugins

• Plugin to mirror all console output to a file (i believe something like this existed in v1?)
• Plugin to generate/output scripts for all entered commands (think metasploit makerc)
• Drone support (See Lair-Drones below)

Reporting

• Options to output to xml, txt, etc as well as html
• Drone support (See Lair-Drones below)

Lair-Drones

• Add support for sending data to lair through drones.
• A few potential (or all) options
  • Plugin: Sends data 'live'
  • Report: Exports data in a drone compatible format and/or sends it directly when report is generated

3_OnapsisBizsploit-Exceptions.txt

v1.50RC

Running 'icmErrorInfodisc' against [10.x.y.z(0)-SAPICM(1)]
	Sending invalid request to trigger error message...
Traceback (most recent call last):
  File "/root/pentest/bizsploit/core/ui/consoleUi/consoleUi.py", line 176, in _handleKey
    self._handlers[key]()
  File "/root/pentest/bizsploit/core/ui/consoleUi/consoleUi.py", line 271, in _onEnter
    self._execute()
  File "/root/pentest/bizsploit/core/ui/consoleUi/consoleUi.py", line 238, in _execute
    menu = self._context.execute(params)
  File "/root/pentest/bizsploit/core/ui/consoleUi/menu.py", line 170, in execute
    return handler( params )
  File "/root/pentest/bizsploit/core/ui/consoleUi/rootMenu.py", line 74, in _cmd_start
    self._bizploit.start(params)
  File "/root/pentest/bizsploit/core/bizploitCore.py", line 135, in start
    self._vulnassess(commands)
  File "/root/pentest/bizsploit/core/bizploitCore.py", line 258, in _vulnassess
    plugin.run()
  File "/root/pentest/bizsploit/core/basePlugins/basePlugin.py", line 85, in run
    res = apply(functor, ())
  File "/root/pentest/bizsploit/plugins/vulnassess/icmErrorInfodisc.py", line 51, in _run_SAPICM
    data = re.search('Server:</td><td>(.*?)_(.*?)_(.*?)</td>', resp.read())
  File "/usr/lib/python2.7/socket.py", line 351, in read
    data = self._sock.recv(rbufsize)
  File "/usr/lib/python2.7/httplib.py", line 561, in read
    s = self.fp.read(amt)
  File "/usr/lib/python2.7/socket.py", line 380, in read
    data = self._sock.recv(left)
timeout: timed out