Brute forcing IMAP passwords
E-mail accounts store very sensitive information and penetration testers auditing a mail server must detect weak passwords that could compromise e-mail accounts and the information accessible through them.
In this recipe we will brute force IMAP passwords by using Nmap.
How to do it...
To perform brute force password auditing against IMAP, use the following command:
$ nmap -p143 --script imap-brute <target>
All of the valid accounts found will be listed under the script output section:
PORT STATE SERVICE REASON 143/tcp open imap syn-ack | imap-brute: | Accounts | acc1:test - Valid credentials | webmaster:webmaster - Valid credentials | Statistics |_ Performed 112 guesses in 112 seconds, average tps: 1