Script cics-user-brute

Script types: portrule
Categories: intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/cics-user-brute.nse

Script Summary

CICS User ID brute forcing script for the CESL login screen.

Script Arguments

cics-user-brute.commands

Commands in a semi-colon separated list needed to access CICS. Defaults to CICS.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

creds.[service], creds.global

See the documentation for the creds library.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

Example Usage

nmap --script=cics-user-brute -p 23 <targets>

nmap --script=cics-user-brute --script-args userdb=users.txt,
cics-user-brute.commands="exit;logon applid(cics42)" -p 23 <targets>

Script Output

PORT   STATE SERVICE
23/tcp open  tn3270
| cics-user-brute:
|   Accounts:
|     PLAGUE: Valid - CICS User ID
|_  Statistics: Performed 31 guesses in 114 seconds, average tps: 0

Requires

• nmap
• string
• stringaux
• stdnse
• shortport
• tn3270
• brute
• creds
• unpwdb

---

Author:

• Philip Young aka Soldier of Fortran

License: Same as Nmap--See https://nmap.org/book/man-legal.html