# sncscan
Tool for analyzing SAP Secure Network Communications (SNC).
# How to use?
In its current state, `sncscan` can be used to read the SNC configurations for SAP Router and DIAG (SAP GUI) connections. The implementation for the SAP RFC protocol is currently in development.
## SAP Router
SAP Routers can either support SNC or not, a more granular configuration of the SNC parameters is not possible.
Nevertheless, `sncscan` find out if it is activated:
```
sncscan -H 10.3.161.4 -S 3299 -p router
```
## DIAG / SAP GUI
The SNC configuration of a DIAG connection used by a SAP GUI can have more versatile settings than the router configuration.
A detailled overview of the system parameterss that can be read with `sncscan` and impact the connections security is in the section [Background](#background-snc-system-parameters)
```
sncscan -H 10.3.161.3 -S 3200 -p diag
```
Multiple targets can be scanned with one command:
```
sncscan -L /H/192.168.56.101/S/3200,/H/192.168.56.102/S/3206
```
### Through SAP Router
```
sncscan --route-string /H/10.3.161.5/S/3299/H/10.3.161.3/S/3200 -p diag
```
# Install
Requirements: Currently the sncscan only works with the pysap libary from our fork.
```
pip install sncscan
```
# Background: SNC system parameters
## SNC Basics
SAP protocols, such as DIAG or RFC, do not provide high security themselves. To increase security and ensure Authentication, Integrity and Encryption, the use of SNC (Secure Network Communications) is required.
SNC protects the data communication paths between various client and server components of the SAP system that use the RFC, DIAG or router protocol by applying known cryptographic algorithms to the data in order to increase its security.
There are three different levels of data protection, that can be applied for an SNC secured connection:
1. Authentication only: Verifies the identity of the communication partners
2. Integrity protection: Protection against manipulation of the data
3. Confidentiality protection: Encrypts the transmitted messages
## SNC Parameter
Each SAP system can be configured with SNC parameters for the communication security.
The level of the SNC connection is determined by the Quality of Protection parameters:
- snc/data_protection/min: Minimum security level required for SNC connections.
- snc/data_protection/max: highest security level, initiated by the SAP system
- snc/data_protection/use: default security level, initiated from the SAP system
Additional SNC parameters can be used for further system-specific configuration options, including the snc/only_encrypted_gui parameter, which ensures that encrypted SAPGUI connections are enforced.
## Reading out SNC Parameters
As long as a SAP System is addressed that is capable of sending SNC messages, it also responds to valid SNC requests, regardless of which IP, port, and CN were specified for SNC.
This response contains the requirements that the SAP system has for the SNC connection, which can then be used to obtain the SNC parameters.
This can be used to find out whether an SAP system has SNC enabled and, if so, which SNC parameters have been set.
Raw data
{
"_id": null,
"home_page": "https://github.com/usdAG/sncscan",
"name": "sncscan",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "",
"author": "Jonas Wamsler, Nicolas Schickert",
"author_email": "jonas.wamsler@usd.de",
"download_url": "https://files.pythonhosted.org/packages/44/ca/f7a5b70a1d42fc91ae21a3eabce3b9b3f51a8618038b80b2ba9b421b5d2c/sncscan-1.0.1.tar.gz",
"platform": null,
"description": "\n\n\n# sncscan\nTool for analyzing SAP Secure Network Communications (SNC).\n\n\n\n# How to use?\n\nIn its current state, `sncscan` can be used to read the SNC configurations for SAP Router and DIAG (SAP GUI) connections. The implementation for the SAP RFC protocol is currently in development.\n\n\n## SAP Router\n\nSAP Routers can either support SNC or not, a more granular configuration of the SNC parameters is not possible.\nNevertheless, `sncscan` find out if it is activated:\n\n```\nsncscan -H 10.3.161.4 -S 3299 -p router\n```\n\n\n## DIAG / SAP GUI\n\nThe SNC configuration of a DIAG connection used by a SAP GUI can have more versatile settings than the router configuration.\nA detailled overview of the system parameterss that can be read with `sncscan` and impact the connections security is in the section [Background](#background-snc-system-parameters)\n\n```\nsncscan -H 10.3.161.3 -S 3200 -p diag\n```\n\nMultiple targets can be scanned with one command:\n\n```\nsncscan -L /H/192.168.56.101/S/3200,/H/192.168.56.102/S/3206 \n```\n\n\n### Through SAP Router\n\n```\nsncscan --route-string /H/10.3.161.5/S/3299/H/10.3.161.3/S/3200 -p diag\n```\n\n# Install\nRequirements: Currently the sncscan only works with the pysap libary from our fork. \n\n```\npip install sncscan\n```\n\n\n# Background: SNC system parameters\n\n## SNC Basics\n\nSAP protocols, such as DIAG or RFC, do not provide high security themselves. To increase security and ensure Authentication, Integrity and Encryption, the use of SNC (Secure Network Communications) is required.\nSNC protects the data communication paths between various client and server components of the SAP system that use the RFC, DIAG or router protocol by applying known cryptographic algorithms to the data in order to increase its security.\nThere are three different levels of data protection, that can be applied for an SNC secured connection:\n\n1. Authentication only: Verifies the identity of the communication partners\n2. Integrity protection: Protection against manipulation of the data\n3. Confidentiality protection: Encrypts the transmitted messages\n\n\n## SNC Parameter\n\nEach SAP system can be configured with SNC parameters for the communication security. \nThe level of the SNC connection is determined by the Quality of Protection parameters:\n- snc/data_protection/min: Minimum security level required for SNC connections.\n- snc/data_protection/max: highest security level, initiated by the SAP system\n- snc/data_protection/use: default security level, initiated from the SAP system\n\nAdditional SNC parameters can be used for further system-specific configuration options, including the snc/only_encrypted_gui parameter, which ensures that encrypted SAPGUI connections are enforced. \n\n\n## Reading out SNC Parameters\n\nAs long as a SAP System is addressed that is capable of sending SNC messages, it also responds to valid SNC requests, regardless of which IP, port, and CN were specified for SNC. \nThis response contains the requirements that the SAP system has for the SNC connection, which can then be used to obtain the SNC parameters.\nThis can be used to find out whether an SAP system has SNC enabled and, if so, which SNC parameters have been set.\n",
"bugtrack_url": null,
"license": "GPLv3",
"summary": "sncscan: Tool for analyzing SAP Secure Network Communications (SNC).",
"version": "1.0.1",
"project_urls": {
"Homepage": "https://github.com/usdAG/sncscan"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "405c086ff1d6457b902188465b527a2e8aeaeaa12fe967f4bf5b14ac5dcd18b0",
"md5": "628795d9b147b17aa97e5d28b6a9e2ad",
"sha256": "b7e88368f4211e011cc7ac0d6bf664a47791569b56b2015a9de8d6df0029f436"
},
"downloads": -1,
"filename": "sncscan-1.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "628795d9b147b17aa97e5d28b6a9e2ad",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 20522,
"upload_time": "2023-09-21T10:01:21",
"upload_time_iso_8601": "2023-09-21T10:01:21.891415Z",
"url": "https://files.pythonhosted.org/packages/40/5c/086ff1d6457b902188465b527a2e8aeaeaa12fe967f4bf5b14ac5dcd18b0/sncscan-1.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "44caf7a5b70a1d42fc91ae21a3eabce3b9b3f51a8618038b80b2ba9b421b5d2c",
"md5": "b2fbb0d1e89a44fcf34437af68e95200",
"sha256": "0ddf9ebd571ba8847229c126c1ccc324b06be255cbc260778cd3b6cba00b1e39"
},
"downloads": -1,
"filename": "sncscan-1.0.1.tar.gz",
"has_sig": false,
"md5_digest": "b2fbb0d1e89a44fcf34437af68e95200",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 20067,
"upload_time": "2023-09-21T10:01:23",
"upload_time_iso_8601": "2023-09-21T10:01:23.925354Z",
"url": "https://files.pythonhosted.org/packages/44/ca/f7a5b70a1d42fc91ae21a3eabce3b9b3f51a8618038b80b2ba9b421b5d2c/sncscan-1.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-21 10:01:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "usdAG",
"github_project": "sncscan",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "pysap",
"specs": []
}
],
"lcname": "sncscan"
}
JSON
