Script pcanywhere-brute

Script types: portrule
Categories: intrusive, brute

Script Summary

Performs brute force password auditing against the pcAnywhere remote access protocol.

Due to certain limitations of the protocol, bruteforcing is limited to single thread at a time. After a valid login pair is guessed the script waits some time until server becomes available again.

Script Arguments


socket timeout for connecting to PCAnywhere (default 10s)

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.


See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

nmap --script=pcanywhere-brute <target>

Script Output

5631/tcp open  pcanywheredata syn-ack
| pcanywhere-brute:
|   Accounts
|     administrator:administrator - Valid credentials
|   Statistics
|_    Performed 2 guesses in 55 seconds, average tps: 0



  • Aleksandar Nikolic

License: Same as Nmap--See