Description: PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server - Home · NetSPI/PowerUpSQL Wiki
Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Case Studies Customer Stories Resources Open Source GitHub Sponsors Fund
The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used by administrators to quickly inventory the SQL Servers in their ADS domain.
Important Note: PowerUpSQL is used for direct attacks against SQL Server. Currently it does not support SQL Injection. For information on attacking SQL Server through SQL injection check out the NetSPI SQL Injection Wiki .