Home

Awesome

TPX Brute - The z/OS TPX logon panel brute forcer

TPX (Terminal Productivity Executive) is a multiple session manager for IBM mainframes. The TPX logon panel tells you if you have a valid user account. Consequently, you can enumerate users allowed to authenticate on the z/OS system. With valid users, you can do a dictionnary attack on passwords.

Features

Thanks to TPX_brute tool, you can (from a TPX logon panel):

As TSO_Brute tool, TPX_Brute makes use of x3270 and s3270 to perform much of the heavy lifting, using py3270 which has been modified for TPX interface (included with this tool).

The tool comes 2 modes:

SETTINGS FOR YOUR TARGET

The ADPAPT section in the TPX_Brute.py script is used to get to the TPX logon panel with an invalid/valid credentials. You will have to change this section of the script before being able to use it.

Screens are saved to an HTML file (tso_screen.html file). See the following line in source code:

em.exec_command('PrintText(html,tso_screen.html)')).

Examples

python TPX_Brute.py -t target:23 -u users.txt -e
python TPX_Brute.py -t target:23 -u users.txt -p passwords.txt -m -s 2

Installation

Install 3270/x3270 to /usr/bin.

sudo apt-get install s3270 x3270

Install missing python packages with pip.

Known Issues: