Trust in Protection, Trust in Us .
Guardians of Cyber Space .
Safeguarding Your Digital Identity .
Ensuring Security in the Digital Age .
Fortifying Your Cyber Defenses.
Securing Your Digital Frontier.
Documentation
Explore our comprehensive documentation to find technical guides, setup instructions, and troubleshooting resources.
Sap Integration

Introduction

This document provides instructions on creating the SAP function module ZRFC_DOCEXPLOIT_CODE_EXPORTER, setting up the necessary structure, assigning permissions, and running script to export ABAP program code.

Step 1: Creating the Function Module ZRFC_DOCEXPLOIT_CODE_EXPORTER

1.1 Access the Function Builder

  1. Log in to the SAP GUI.
  2. Navigate to Transaction Code SE37.

1.2 Create a New Function Module

  1. Enter the name ZRFC_DOCEXPLOIT_CODE_EXPORTER and click Create.
  2. Provide the following details:
    • Function Group: (Create a new one or use an existing group)
    • Short Text: “Export ABAP Program Source Code”
  3. Click Save and assign it to a transport request.

1.3 Define Import Parameters

  1. Go to the Import tab.
  2. Add the following parameter:
    • Parameter NamePROGRAM_NAME
    • TypeTYPE CHAR
    • Length40

1.4 Define Export Parameters

  1. Go to the Export tab.
  2. Add the following parameter:
    • Parameter NameSOURCE_CODE
    • Type: Custom table type for CHAR255 (see next section).

1.5 Create Custom Table Type for CHAR255

  1. Navigate to Transaction Code SE11.
  2. Choose “Data Type” and click Create.
  3. Enter a name, e.g., Z_DOCEXPLOIT_TABLE_TYPE.
  4. Select “Table Type” and click Continue.
  5. Define the following details:
    • Line TypeCHAR
    • Length255
    • Access Mode: “Standard Table”
    • Key Fields: Leave empty.
  6. Save and activate the table type.

1.6 Implement the Code

  1. Go to the Source Code tab.
  2. Add the following code:
FUNCTION ZRFC_DOCEXPLOIT_CODE_EXPORTER.

  READ REPORT program_name INTO source_code.

ENDFUNCTION.
  1. Save and activate the function module.

Step 2: Setting Up Permissions

2.1 Required Authorizations

Ensure the user executing the Python script has the following permissions:

  1. Authorization to Read Tables:
    • Table: TRDIR
    • Table: REPOSRC
  2. RFC Authorization:
    • Assign authorization object S_RFC.
    • Ensure the function module ZRFC_DOCEXPLOIT_CODE_EXPORTER is accessible.

Contact your SAP Basis team to verify and assign these permissions.

Step 3: Running the Extractor

3.1 Download the Executable

Obtain the precompiled executable file, e.g., export_sap_programs_windows.exe (Windows) or export_sap_programs_linux (Linux).

Netweaver RFC SDK is needed in Linux machines. You can download it from SAP page: SAP NetWeaver Remote Function Call (RFC) Software Development Kit (SDK).

In the case of Windows, is needed to install the Business Client included in the SAPGUI installer.

3.2 Command-Line Usage

Run the executable with the following syntax:

export_sap_programs -u USER -p PASSWORD -a HOST -s SYSNR -c CLIENT -l EN

Replace the placeholders with your SAP system details:

  • USER: SAP username
  • PASSWORD: SAP password
  • HOST: Application server hostname
  • SYSNR: System number
  • CLIENT: SAP client
  • EN: Language (default: EN)

Example:

./export_sap_programs_linux -u DEVELOPER -p ABAPtr2022#01 -host localhost -s 00 -c 001 -l EN

You can try it by connecting to official trial image: sapse/abap-cloud-developer-trial – Docker Image | Docker Hub

3.3 Output

The program will:

  1. Connect to the SAP system and retrieve a list of custom programs (Z* and Y*).
  2. Export the source code of each program to text files.
  3. Save the files in the ./sap_programs directory (relative to where the executable is run).

Step 4: Running the DocExploitCli

The last step is to run the cli client of DocExploit in a normal way, using sap as the language.

Example: ./docexploit-cli docspot analyze $PROJECTID sap $PATH $APIKEY

Audit mode

Troubleshooting

Common Issues

  1. Missing Permissions:
    • Verify that the required table and RFC authorizations are assigned.
  2. Connection Errors:
    • Ensure the SAP NW RFC Library is correctly configured.
  3. Function Module Errors:
    • Double-check the implementation of ZRFC_DOCEXPLOIT_CODE_EXPORTER.

Debugging

Check the script logs and the SAP system’s logs (e.g., Transaction Code ST22) for more details.

Join Our Newsletter To Get The Latest Guides
Discover the new range of specialized and disruptive tools on the market, specialized in virtualized cloud and on-premise environments.
Gran Via, 18. 26001 Logrono, La Rioja
© DocExploit
Alcance para las actividades desarrolladas en su sede de Logroño
DOCEXPLOIT SL, con CIF B67868513, ha recibido financiación por parte de la Agencia de Desarrollo Económico de La Rioja. Esta financiación ha sido solicitada a través de la convocatoria 2025 de las ayudas destinadas al fomento de Nuevas Empresas de Base Tecnológica –Programa 1: Empresas de Base Tecnológica -en el marco del Programa de Redes Territoriales de Especialización Tecnológica (RETECH)-Proyecto TechFabLab, por valor de 320.394,76 € a través del expediente 2025-I-EBT-00001, y por valor de 257.317,75 € a través del expediente 2025-I-EBT-00009.
© 2024, All Rights Reserved