Download
PowerUpSQL is a PowerShell toolkit focused on auditing, discovering, and post-exploitation activities for Microsoft SQL Server environments. It bundles a wide range of functions that help enumerate SQL Server instances, configuration settings, and potentially risky features so operators and testers can quickly understand an instance's security posture. The project is aimed at internal penetration testers and red-teamers but is also useful for database administrators and defenders who want to inventory SQL Server attack surface and hunt for misconfigurations. PowerUpSQL can surface things like weak configuration flags, dangerous surface (for example, features that may enable code execution from SQL), credential material exposed in configuration, and cross-instance trust relationships such as linked servers. The codebase is implemented primarily in PowerShell, organized as a module with many discrete functions, and includes helper scripts and documentation for usage scenarios. Because th
Features
- Automated SQL Server discovery and inventory across domains and hosts
- Config and surface auditing that highlights risky settings and attack vectors
- Enumeration of credentials, Agent jobs, linked servers, and CLR/extended features
- Post-compromise helpers for lateral discovery and situational awareness (read-only descriptions)
- Modular PowerShell functions that can be run individually or composed into workflows
- Defensive/administrative utilities for defenders to replicate attacker-style checks
Project Samples
