Assessing a SAProuter’s Security with Onapsis Bizploit
part 1: http://blog.onapsis.com/assessing-a-saprouters-security-with-onapsis-bizploit-part-i/
and part 2: http://www.onapsis.com/blog/assessing-a-saprouters-security-with-onapsis-bizploit-part-ii/

For more information about vulnerabilities affecting the SAProuter, attacks and countermeasures, you should have a look at our SAP Security In Depth publication “Securing the Gate to the Kingdom: Auditing the SAProuter”.
... registration required to get the file Onapsis_SAP_Security_In-Depth_Volume_6.pdf

Testing SAProuter Basic Functions
http://help.sap.com/saphelp_nw70/helpdata/en/4f/992dd7446d11d189700000e8322d00/content.htm

Piercing SAProuter with Metasploit
https://community.rapid7.com/community/metasploit/blog/2014/01/09/piercing-saprouter-with-metasploit