SAP Penetration Testing is a unique skill that takes some time to acquire. Fortunately, there are tools like Bizploit that make it easier to get started. Here are a few quick commands to get started from a Blackbox Penetration Testing perspective:

Setting up the Target:
bizploit> targets
bizploit/targets> addTarget
bizploit/targets/config:target> set host <ip address>
bizploit/targets/config:target> set desc <description>
bizploit/targets/config:target> back
bizploit/targets> discoverConnectors <target_id>
bizploit/targets> back

Enabling the Vulnerability Plugins:
bizploit> plugins
bizploit/plugins> vulnassess all
bizploit/plugins> output all
bizploit/plugins> discovery all
bizploit/plugins> back

Starting the Vulnerability Analysis:
bizploit> start

Reviewing the Vulnerabilities:
bizploit> vulnerabilities
bizploit/vulnerabilities> show
bizploit/vulnerabilities> viewDetails <vulnerability_id>
bizploit/vulnerabilities> back

Exploiting the Vulnerabilities:
bizploit> exploit
bizploit/exploit> list
bizploit/exploit> exploit <plugin_name> <vulnerability_id>
bizploit/exploit> start
bizploit/exploit> back

Managing Remote Shells:
bizploit> shells
bizploit/shells> show
bizploit/shells>  start <shell_id>
bizploit/shells> stop <shell_id>
bizploit/shells> back

Managing Remote Agents:
bizploit> agents
bizploit/agents> show
bizploit/agents> start <agent_id>
bizploit/agents> stop <agent_id>
bizploit/agents> back

There is much more to SAP Penetration Testing than just running bizploit. Ensure that you follow a solid SAP Penetration Testing Methodology to ensure efficacy and full coverage of vulnerability analysis within the SAP Application. Bizploit is a great tool for finding SAP Information Disclosure and Unprotected RFC Connection vulnerabilities, but barely scratches the surface when it comes to SAP Penetration Testing.  Happy bizploiting!