Powershell SAP assessment tool
Switch branches/tags
Nothing to show
Clone or download
Sn0rkY Merge pull request #2 from hnzlmnn/master
Override hardcoded sysnumber with user input
Latest commit 610e2de Aug 13, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
NCo_x86 NCo folders and instructions Jan 20, 2017
NCo_x86_64 NCo folders and instructions Jan 20, 2017
Standalone Override hardcoded sysnumber with user input Feb 28, 2018
LICENSE.md Add License Apr 27, 2017
README.md Credit Yvan GENUER (@_1ggy) for the updated version Dec 28, 2017



PowerSAP is a simple powershell re-implementation of popular & effective techniques of all public tools such as Bizploit, Metasploit auxiliary modules, or python scripts available on the Internet. This re-implementation does not contain any new or undisclosed vulnerability.

PowerSAP allows to reach SAP RFC with .Net connector 'NCo'.


All credit goes to:

  • Onapsis - Mariano, Jordan…
  • ERPScan (@_chipik)
  • ERPSEC - Joris van De Vis (@jvis)
  • Chris John Riley (@ChrisJohnRiley)
  • Agnivesh Sathasivam and Dave Hartley (@nmonkee)
  • Martin Gallo (@MartinGalloAr)
  • Yvan GENUER (@_1ggy)

What is this repository for?


  • Test your .Net Connector 'NCo':

PS C:\PowerSAP\Standalone> .\Get-NCoVersion.ps1

NCo Version: Patch Level: 525 SAP Release: 720

  • How to run testis:

Invoke PS scripts in the Standalone folder.


Feel free to contribute and add features.


Simple bruteforce attack on SAP RFC


READ_TABLE RFC function module call through SOAP request