Home page logo
/
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

File tso-enum

Script types: portrule
Categories: intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/tso-enum.nse

User Summary

TSO User ID enumerator for IBM mainframes (z/OS). The TSO logon panel tells you when a user ID is valid or invalid with the message: IKJ56420I Userid <user ID> not authorized to use TSO.

The TSO logon process can work in two ways: 1) You get prompted with IKJ56700A ENTER USERID - to which you reply with the user you want to use. If the user ID is valid it will give you a normal TSO logon screen. Otherwise it will give you the screen logon error above. 2) You're given the TSO logon panel and enter your user ID at the Userid ===> prompt. If you give it an invalid user ID you receive the error message above.

This script relies on the NSE TN3270 library which emulates a TN3270 screen for NMAP.

TSO user IDs have the following rules: - it cannot begin with a number - only contains alpha-numeric characters and @, #, $. - it cannot be longer than 7 chars

Script Arguments

tso-enum.commands

Commands in a semi-colon seperated list needed to access TSO. Defaults to tso.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

creds.[service], creds.global

See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

  • nmap --script=tso-enum -p 23 <targets>
    
  • nmap -sV -p 9923 10.32.70.10 --script tso-enum --script-args userdb=tso_users.txt,tso-enum.commands="logon applid(tso)"
    

Script Output

PORT   STATE SERVICE VERSION
23/tcp open  tn3270  IBM Telnet TN3270
| tso-enum:
|   TSO User ID:
|     TSO User:RAZOR -  Valid User ID
|     TSO User:BLADE -  Valid User ID
|     TSO User:PLAGUE -  Valid User ID
|_  Statistics: Performed 6 guesses in 3 seconds, average tps: 2

Requires


Author:

  • Philip Young aka Soldier of Fortran

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]