Skip to main content
SAP Pentest Playbook
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  2. /
  3. Other SAP Solutions
  4. /
  5. SAP Web Dispatcher
  6. /
  7. Service discovery & enumeration
Edit page

Service discovery & enumeration

Description

SAP Web Dispatcher provides it’s own administrative http portal which can be a hughe security risk when exposed to the broad internet.

Common used Network Ports:

  • 80/tcp
  • 443/tcp
  • 8000/tcp
  • any other potential port which hosts a webservice

If SAP Web Dispatcher is used together with SAP HANA, the following ports are used by the service.

  • 80XX/tcp (as part of SAP HANA)
  • 43XX/tcp (as part of SAP HANA)
Note
Any common HTTP Port can be configured to be used by SAP ICM

Options

  • Shodan:
    • "server: Web Dispatcher"
  • Hunter.how:
    • web.body="SAP Web Dispatcher"&&header="sap"
    • header="Server: Web Dispatcher" (newer releases > 7.77)
  • Nmap:
    • nmap -sSVC -n -Pn -p<Port> <Target Address(es)/Domain Name>
  • nuclei templates

References