I saw a post recently where someone was concerned about where xp_cmdshell was in use inside their system. They felt it was a security risk, and decided to get rid of it. I don’t agree with that, and I think xp_cmdshell can be safely used, by restricting who can run it.
That being said, I was happy to help. I saw someone say search in sys.modules, but that’s not enough. This post looks at what I thought was a better solution.
Read on for Steve’s solution. There are also other places where you might find these calls: SSISCatalog if you use Integration Services, specific company metadata tables if you use those to build T-SQL statements, etc. But this does give you a good start.