{"id":13701887,"url":"https://github.com/samanL33T/Awesome-Mainframe-Hacking","last_synced_at":"2025-05-05T04:30:32.913Z","repository":{"id":41443577,"uuid":"196160743","full_name":"samanL33T/Awesome-Mainframe-Hacking","owner":"samanL33T","description":null,"archived":false,"fork":false,"pushed_at":"2025-01-29T18:38:50.000Z","size":54,"stargazers_count":443,"open_issues_count":0,"forks_count":69,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-04-25T07:02:05.075Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/samanL33T.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-10T08:03:49.000Z","updated_at":"2025-04-18T15:28:01.000Z","dependencies_parsed_at":"2023-01-18T12:46:25.175Z","dependency_job_id":null,"html_url":"https://github.com/samanL33T/Awesome-Mainframe-Hacking","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samanL33T%2FAwesome-Mainframe-Hacking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samanL33T%2FAwesome-Mainframe-Hacking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samanL33T%2FAwesome-Mainframe-Hacking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samanL33T%2FAwesome-Mainframe-Hacking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/samanL33T","download_url":"https://codeload.github.com/samanL33T/Awesome-Mainframe-Hacking/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252439351,"owners_count":21747991,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T21:00:26.539Z","updated_at":"2025-05-05T04:30:32.907Z","avatar_url":"https://github.com/samanL33T.png","language":null,"funding_links":[],"categories":["Awesome Repositories","📘 Valuable Repositories","Here is a collection of hackers, pentesters, security researchers, scripts and more:"],"sub_categories":[],"readme":"# Awesome Mainframe Hacking \r\n![Awesome Mainframe Hacking](https://img.shields.io/badge/mainframe-hacking-lightgrey.svg) ![Awesome Hacking](https://img.shields.io/badge/awesome-hacking-red.svg) ![Awesome community](https://img.shields.io/badge/awesome-community-green.svg) \u003ca rel=\"license\" href=\"http://creativecommons.org/licenses/by-sa/4.0/\"\u003e\u003cimg alt=\"Creative Commons License\" style=\"border-width:0\" src=\"https://i.creativecommons.org/l/by-sa/4.0/80x15.png\" /\u003e\u003c/a\u003e\r\n\r\n\r\nList of Awesome Mainframe Hacking/Pentesting Resources.\r\nThis list is a collection of resources available online to learn Mainframe Penetration Testing \u0026 Security.\r\n\r\nSpecial thanks to [@mainframed767](https://twitter.com/mainframed767), [@bigendiansmalls](https://twitter.com/bigendiansmalls), [@ayoul3__](https://twitter.com/ayoul3__) and many other researchers for all their work in this field. \r\n\r\n[Contributions](contributing.md) are welcome !\r\n\r\nTable of Contents\r\n=================\r\n\r\n* [IBM zSeries](#-IBM-zSeries)\r\n \t* [Books](#-Books)\r\n \t* [Tutorials](#-Tutorials)\r\n \t* [Scripts \u0026 Tools](#-Scripts-and-Tools)\r\n \t* [Presentations \u0026 Talks](#-Presentations-and-Talks)\r\n \t* [ACF2 Specific references](#-ACF2-Specific-references)\r\n\t* [Vulnerable Environments/Labs](#-labs)\r\n \t* [Misc](#-misc)\r\n* [IBM iSeries](#-IBM-iSeries)\r\n \t* [iSeries Books](#-iSeries-Books)\r\n \t* [Tutorials \u0026 Checklists](#-Tutorials-and-Checklists)\r\n \t* [Tools](#-Tools)\r\n \t* [iSeries Presentations \u0026 Talks](#-iSeries-Presentations-and-Talks)\r\n \t* [Miscellaneous](#-miscellaneous)\r\n\r\n \r\n \r\n# [↑](#table-of-contents) IBM zSeries\r\n\r\n## [↑](#table-of-contents) Books\r\n* Amazon - [Mainframe Basics for Security Professionals_ Getting Started with RACF - Ori Pomerantz, Barbara Vander Weele, Mark E. Nelson, Tim Hahn (2008, IBM Press)](https://www.amazon.com/Mainframe-Basics-Security-Professionals-paperback/dp/0133763048)\r\n* Amazon - [IBM Redbooks - Introduction to the New Mainframe: z/OS Basics](https://www.amazon.com/Introduction-New-Mainframe-OS-Basics/dp/0738435341)\r\n* PDF - [PoCorGTFO#12 - Page 32 - A JCL Adventure with Network Job Entry](https://www.exploit-db.com/download/40624)\r\n\r\n\r\n## [↑](#table-of-contents) Tutorials\r\n* [Emulating a MVS/zOS with Hercules](https://famicoman.com/2018/06/28/emulating-a-z-os-mainframe-with-hercules/)\r\n* [bigiron - Wiki/Collection of materials related to IBM z/OS security](https://github.com/v-p-b/bigiron)\r\n* [TSO Tutorial](http://www.jaymoseley.com/hercules/tso_tutor/tsotutor.htm)\r\n* [Z/OS Introduction- An IBM Redbooks video course](https://www.redbooks.ibm.com/redbooks.nsf/redbookabstracts/crse0304.html?Open)\r\n* [Multiple Mainframe Security guides from Chicago Classic Computing](http://chiclassiccomp.org/docs/content/computing/IBM/Mainframe/MainframeSecurity/)\r\n* [Using UNIX System Services to escalate your privileges on z/OS](https://www.bigendiansmalls.com/all-aboard-the-uss-exploits/)\r\n* [The crash course to z/OS pentesting](https://github.com/hacksomeheavymetal/zOS/blob/master/pentesting.md) by [@hacksomeheavymetal](https://github.com/hacksomeheavymetal)\r\n\r\n## [↑](#table-of-contents) Scripts and Tools\r\n* [TN3270 Clients - X3270](http://x3270.bgp.nu/)\r\n* [Multipurpose Nmap Scripts](https://github.com/nmap/nmap/tree/master/scripts)\r\n\t* [tn3270-screen.nse](https://nmap.org/nsedoc/scripts/tn3270-screen.html)\r\n\t* [tso-enum.nse](https://nmap.org/nsedoc/scripts/tso-enum.html)\r\n\t* [tso-brute.nse](https://nmap.org/nsedoc/scripts/tso-brute.html)\r\n\t* [vtam-enum.nse](https://nmap.org/nsedoc/scripts/vtam-enum.html)\r\n\t* [lu-enum.nse](https://nmap.org/nsedoc/scripts/lu-enum.html)\r\n\t* [cics-enum.nse](https://nmap.org/nsedoc/scripts/cics-enum.html)\r\n\t* [cics-info.nse](https://nmap.org/nsedoc/scripts/cics-info.html)\r\n\t* [cics-user-brute.nse](https://nmap.org/nsedoc/scripts/cics-user-brute.html)\r\n\t* [cics-user-enum.nse](https://nmap.org/nsedoc/scripts/cics-user-enum.html)\r\n* [TPX Brute - The z/OS TPX logon panel brute forcer](https://github.com/quentinhardy/TPX-Brute)\r\n* [RACF Database Parser](https://github.com/bigendiansmalls/racfdbparse)\r\n* Mainframe Application pentesting (CICS etc.)\r\n\t* [CICSPwn](https://github.com/ayoul3/cicspwn)\r\n\t* [BIRP](https://github.com/sensepost/birp)\r\n\t* [CICSshot - Take screenshots of CICS](https://github.com/ayoul3/cicsshot)\r\n\t* [Hacked wc3270 emulator](https://github.com/ayoul3/wc3270_hacked)\t\r\n* zOS Enumeration Scripts\r\n\t* [All in one Enumeration of information like VERSION, APF Libraries, SVCs, USERS etc. on Z/OS ](https://github.com/mainframed/Enumeration)\r\n\t* [Collection of REXX Scripts by @ayoul3__](https://github.com/ayoul3/Rexx_scripts)\r\n\t* [SETRRCVT by @jaytay79](https://github.com/jaytay79/zos/blob/master/SETRRCVT.rexx)\r\n* [FTP - JCL commmand execution - Metasploit Modules by @bigendiansmalls](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/mainframe/ftp/ftp_jcl_creds.md)\r\n* [Metasploit Payloads for z/OS](https://github.com/rapid7/metasploit-framework/tree/12198a088132f047e0a86724bc5ebba92a73ac66/modules/payloads/singles/cmd/mainframe)\r\n* [NC110-OMVS Netcat for z/OS OMVS](https://github.com/mainframed/NC110-OMVS)\r\n* [TShOcker - Mini command interpreter for TSO \u0026 UNIX accessible by NetCat](https://github.com/mainframed/TShOcker)\t\t\r\n* [zOS Privilege Escalation scripts by ayoul3__](https://github.com/ayoul3/Privesc)\r\n* [Note on TESTAUTH command for running a program in elevated state](https://github.com/zBit31/testauth)\r\n* [zOSFTPlib - python ftplib-like library specifically for Z/OS](https://pypi.org/project/zosftplib/)\r\n  \r\n \r\n## [↑](#table-of-contents) Presentations and Talks\r\n* [Video - All the talks by Soldier of FORTRAN (@mainframed767)](https://www.youtube.com/playlist?list=PLBVy6TfEpKmEL56fb5AnZCM8pXXFfJS0n)\r\n* [How to Break into z/OS Systems - Staurt Henderson](http://www.stuhenderson.com/XBRKZTXT.PDF)\r\n* [How to Break Into z/OS Systems Through USS, TCP/IP, and the Internet](http://www.stuhenderson.com/STUuss01.pdf)\r\n* [Video - Mainframe [z/OS] Reverse Engineering \u0026 Exploit Development by @bigendiansmalls](https://www.bigendiansmalls.com/files/us-18-Rikansrud-Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development_Publish.mp4)\r\n* [Video - Security Necromancy : Further Adventures in Mainframe Hacking by Soldier of FORTRAN (@mainframed767) \u0026 @bigendiansmalls](https://www.youtube.com/watch?v=LgmqiugpVyU)\r\n* [Top 10 Security Vulnerabilities in z/OS by John Hillman (Vanguard)](https://chapters.theiia.org/fort-worth/ChapterDocuments/zOS%20Security%20Audit%20Top%20Ten%20-%20ISACA.pdf)\r\n* [The current state of Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/philip-young-current-state-of-mainframe-hacking-vanguard-101016)\r\n* [Advanced Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/advanced-mainframe-hacking)\r\n* [Defcon 22 From ROOT to SPECIAL - Soldier of FORTRAN (@mainframed767)](https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20presentations/DEF%20CON%2022%20-%20Philip-Young-From-root-to-SPECIAL-Hacking-IBM-Mainframes.pdf)\r\n* [Mainframes: What the F$#K is That About? - Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/zl7suai6g1558yl/April%202013%20-%20ThotCon%202013%20-%20Mainframes-%20What%20the%20fuck%20is%20that%20about-.pdf)\r\n* [BSidesAustin Mainframes: Everybody has one but nobody knows how to hack them - Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/8vdrhepojde9wah/March%202013%20-%20BSidesAustin%20-%20Mainframes-%20Everyones%20got%20one%2C%20no%20one%20knows%20how%20to%20hack%20them.pdf)\r\n* [BSidesLV 2013 - Legacy 0-Day How hackers breached the Logica Mainframe - Soldier of FORTRAN (@mainframed767)](https://www.dropbox.com/s/w8c9e4yfsmx56tw/BSidesLV%202013%20-%20Logica%20Breach%20.pdf)\r\n* [Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)](https://www.slideshare.net/PhilipYoung14/ca-world-mft1755-gaps-in-your-defense-hacking-the-mainframe-philip-young)\r\n* [Video - Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)](https://www.youtube.com/watch?v=1G5Q2sduexs)\r\n* [Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)](https://www.slideshare.net/sensepost/vulnerabilities-in-tn3270-based-application)\r\n* [Video - Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)](http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white)\r\n* [Video - Ransomware on the Mainframe: Checkmate by @bigendiansmalls](https://www.youtube.com/watch?v=i-DbTy3bEj8)\r\n* [Video - Learning Mainframe Hacking: Where the hell did all my free time go? by @bigendiansmalls](http://www.irongeek.com/i.php?page=videos/derbycon5/stable31-learning-mainframe-hacking-where-the-hell-did-all-my-free-time-go-chad-rikansrud)\r\n* [Post exploit goodness on a Mainframe SPECIAL is the new root by (@ayoul3__)](https://cansecwest.com/slides/2018/Post%20exploit%20goodness%20on%20a%20Mainframe%20SPECIAL%20is%20the%20new%20root%20-%20Ayoub%20Elaassal,%20PwC%20France.pdf)\r\n* [Video - Hacking Customer Information Control System (CICS) by Ayoub Elaassal (@ayoul3__)](https://www.youtube.com/watch?v=KnY0Gg_WSLU)\r\n* [Video - IBM Networking Attacks-Or The Easiest Way To Own A Mainframe by Martyn Ruks](https://www.youtube.com/watch?v=r9hOiXtrumM)\r\n* [Video - Cracking Mainframe Passwords by Nigel Pentland](https://www.youtube.com/watch?v=scVojIRxv-M)\r\n* [Video - Exploiting the Mainframe - Z/OS integrity 101 by Mark Wilson \u0026 Ray Overby](https://www.youtube.com/watch?v=7UVrF8skbHU)\r\n* [Video - A Gentle Introduction to Hacking Mainframes by Dan Helton](https://www.youtube.com/watch?v=ZfUBv2Ac29Q)\r\n* [PDF- Talk - Gibson 101 - Quick Introduction to Hacking Mainframes in 2020](https://null.co.in/event_sessions/2993-gibson-101-quick-introduction-to-hacking-mainframes-in-2020)\r\n* [Video - Buffer overflow on the mainframe, presented by Jake Labelle](https://www.youtube.com/watch?v=q8mFhDmBEIc)\r\n* [PDF- Talk - How I Found Mainframe Buffer Overflows by Jake Labelle](https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Jake%20Labelle%20-%20Doing%20the%20Impossible%20How%20I%20Found%20Mainframe%20Buffer%20Overflows.pdf)\r\n* [Video - Choose Your Own Adventure by Soldier of FORTRAN (@mainframed767)](https://www.youtube.com/watch?v=Loy9TpFg0bk)\r\n\r\n   \r\n## [↑](#table-of-contents) ACF2 Specific references\r\n* [CA ACF2 for z/OS - 16.0 Documentation](https://docops.ca.com/ca-acf2-for-z-os/16-0/en)\r\n* [GIAC - ACF2 Mainframe Security](https://www.giac.org/paper/gsec/2812/acf2-mainframe-security/104768)\r\n\r\n## [↑](#table-of-contents) Labs\r\n* [Mainframe Hacking - Choose Your own Adventure Game](https://archive.org/details/MainframeHackingCYOA)\r\n* [DVCA - Damn Vulnerable CICS Application](https://github.com/mainframed/DVCA)\r\n* [DC30 - Mainframe Buffer Overflows Workshop Container ](https://github.com/mainframed/DC30_Workshop)\r\n\r\n## [↑](#table-of-contents) Misc\r\n* [Evil Mainframe Hacking Training/Course](https://evilmainframe.com/)\r\n* [CBT Tape - Collection of Freeware \u0026 Open Source distribution of IBM mainframe MVS \u0026 OS/360 Environments](http://www.cbttape.org/)\r\n* [z/OS Internet Library by IBM - Collection of manuals,guides \u0026 books about z/OS ](https://www-01.ibm.com/servers/resourcelink/svc00100.nsf/pages/zosInternetLibrary)\r\n* [DoD Security Technical implementation Guides(STIGS) - Search for ACF2, Z/OS, RACF etc.](https://public.cyber.mil/stigs/downloads/)\r\n* [Default Accounts](https://github.com/hacksomeheavymetal/zOS/blob/master/default_accounts.txt)\r\n\r\n\r\n# [↑](#table-of-contents) IBM iSeries\r\n\r\n## [↑](#table-of-contents) iSeries Books\r\n* Amazon - [Hacking iSeries by Shalom Carmel](https://www.amazon.com/Hacking-iSeries-Shalom-Carmel/dp/1419625012)\r\n* Amazon - [Mastering IBM i: The Complete Resource for Today's IBM i System by Jim Buck \u0026 Jerry Fottral](https://www.amazon.com/Mastering-IBM-Complete-Resource-Todays/dp/1583473564)\r\n* Amazon - [Experts' Guide to OS/400 \u0026 i5/OS Security by Carol Woodbury \u0026 Patrick Botz](https://www.amazon.com/gp/offer-listing/158304096X)\r\n* PDF - [The IBM AS400 A technical introduction](https://www.ibm.com/developerworks/community/files/basic/anonymous/api/library/7cd1e29f-0699-4929-a741-516ce47295a8/document/745425bf-c00a-4a8d-bd8f-1f8e14ef9e65/media)\r\n\r\n\r\n\r\n## [↑](#table-of-contents) Tutorials and Checklists\r\n* [AS/400 Security Assessment Mindmap](http://www.toolswatch.org/wp-content/uploads/2013/02/AS400.jpg)\r\n* [Simple IBM i (AS/400) hacking](https://blog.silentsignal.eu/2022/09/05/simple-ibm-i-as-400-hacking/)\r\n* [Security Audit of IBM AS/400 and System i : Part 1](https://blog.securitybrigade.com/security-audit-of-ibm-as-400-system-i-part-1/)\r\n* [Security Audit of IBM AS/400 and System i : Part 2](https://blog.securitybrigade.com/security-audit-ibm-as-400-system-i-2/)\r\n* [Security Assessment of the IBM i (AS 400) System : Part 1](https://iisecurity.in/blog/security-assessment-ibm-400-system-part-1/)\r\n* [Seclists Mailing list thread on Pentesting AS/400](https://seclists.org/pen-test/2000/Dec/205)\r\n* [Resources from Shalom Carmel's talk at BH Europe - 2006](http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-carmel-resources.zip)\r\n\r\n## [↑](#table-of-contents) Tools\r\n* [hack400tool - security handling tools for IBM Power Systems (formerly known as AS/400)](https://github.com/hackthelegacy/hack400tool)\r\n* [Hash generator for IBM System i hashes (DES, SHA-1)](http://hackthelegacy.org/index.php?p=/discussion/10/hash-generator-for-ibm-system-i-hashes-des-sha-1-updated)\r\n* [AS/400 SHA-1 hash format plugin for John the Ripper](http://hackthelegacy.org/index.php?p=/discussion/9/our-as-400-sha-1-hash-format-plugin-for-john-the-ripper-now-included-in-the-bleeding-jumbo-build)\r\n\r\n\r\n## [↑](#table-of-contents) iSeries Presentations and Talks\r\n* [Hack the Legacy: IBM I aka AS400 Revealed by Bart Kulach ](https://www.youtube.com/watch?v=JsqUZ3xGdLc)\r\n* [AS/400 for pentesters by Shalom Carmel](https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Carmel/bh-eu-06-Carmel.pdf)\r\n* [AS/400: Lifting the Veil of Obscurity](https://www.youtube.com/watch?v=MWcifBsA8BI)\r\n\r\n## [↑](#table-of-contents) Miscellaneous\r\n* [AS400i.com](http://as400i.com/)\r\n* [Hack The Legacy Website](http://hackthelegacy.org/)\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FsamanL33T%2FAwesome-Mainframe-Hacking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FsamanL33T%2FAwesome-Mainframe-Hacking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FsamanL33T%2FAwesome-Mainframe-Hacking/lists"}