Mail servers often store very sensitive information. It is critical that organizations use strong password policies, so penetration testers need to perform brute force password auditing against them to check for weak passwords.
This recipe will show you how to launch dictionary attacks against IMAP servers with Nmap.
To perform brute force password auditing against IMAP, use the following command:
$ nmap -p143 --script imap-brute <target>
All the valid accounts found will be listed under the script output section:
PORT STATE SERVICE REASON
143/tcp open imap syn-ack
| imap-brute:
| Accounts
| acc1:test - Valid credentials
| webmaster:webmaster - Valid credentials
| Statistics
|_ Performed 112 guesses in 112 seconds, average tps: 1