List of Awesome Mainframe Hacking/Pentesting Resources. This list is a collection of resources available online to learn Mainframe Penetration Testing & Security.

Special thanks to @mainframed767, @bigendiansmalls, @ayoul3__ and many other researchers for all their work in this field.

Contributions are welcome !

• IBM zSeries
  • Books
  • Tutorials
  • Scripts & Tools
  • Presentations & Talks
  • ACF2 Specific references
  • Vulnerable Environments/Labs
  • Misc
• IBM iSeries
  • iSeries Books
  • Tutorials & Checklists
  • Tools
  • iSeries Presentations & Talks
  • Miscellaneous

• Amazon - Mainframe Basics for Security Professionals_ Getting Started with RACF - Ori Pomerantz, Barbara Vander Weele, Mark E. Nelson, Tim Hahn (2008, IBM Press)
• Amazon - IBM Redbooks - Introduction to the New Mainframe: z/OS Basics
• PDF - PoCorGTFO#12 - Page 32 - A JCL Adventure with Network Job Entry

• Emulating a MVS/zOS with Hercules
• bigiron - Wiki/Collection of materials related to IBM z/OS security
• TSO Tutorial
• Z/OS Introduction- An IBM Redbooks video course
• Multiple Mainframe Security guides from Chicago Classic Computing
• Using UNIX System Services to escalate your privileges on z/OS
• The crash course to z/OS pentesting by @hacksomeheavymetal

• TN3270 Clients - X3270
• Multipurpose Nmap Scripts
  • tn3270-screen.nse
  • tso-enum.nse
  • tso-brute.nse
  • vtam-enum.nse
  • lu-enum.nse
  • cics-enum.nse
  • cics-info.nse
  • cics-user-brute.nse
  • cics-user-enum.nse
• TPX Brute - The z/OS TPX logon panel brute forcer
• RACF Database Parser
• Mainframe Application pentesting (CICS etc.)
  • CICSPwn
  • BIRP
  • CICSshot - Take screenshots of CICS
  • Hacked wc3270 emulator
• zOS Enumeration Scripts
  • All in one Enumeration of information like VERSION, APF Libraries, SVCs, USERS etc. on Z/OS
  • Collection of REXX Scripts by @ayoul3__
  • SETRRCVT by @jaytay79
• FTP - JCL commmand execution - Metasploit Modules by @bigendiansmalls
• Metasploit Payloads for z/OS
• NC110-OMVS Netcat for z/OS OMVS
• TShOcker - Mini command interpreter for TSO & UNIX accessible by NetCat
• zOS Privilege Escalation scripts by ayoul3__
• Note on TESTAUTH command for running a program in elevated state
• zOSFTPlib - python ftplib-like library specifically for Z/OS

• Video - All the talks by Soldier of FORTRAN (@mainframed767)
• How to Break into z/OS Systems - Staurt Henderson
• How to Break Into z/OS Systems Through USS, TCP/IP, and the Internet
• Video - Mainframe [z/OS] Reverse Engineering & Exploit Development by @bigendiansmalls
• Video - Security Necromancy : Further Adventures in Mainframe Hacking by Soldier of FORTRAN (@mainframed767) & @bigendiansmalls
• Top 10 Security Vulnerabilities in z/OS by John Hillman (Vanguard)
• The current state of Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)
• Advanced Mainframe Hacking by Phil Young - Soldier of FORTRAN (@mainframed767)
• Defcon 22 From ROOT to SPECIAL - Soldier of FORTRAN (@mainframed767)
• Mainframes: What the F$#K is That About? - Soldier of FORTRAN (@mainframed767)
• BSidesAustin Mainframes: Everybody has one but nobody knows how to hack them - Soldier of FORTRAN (@mainframed767)
• BSidesLV 2013 - Legacy 0-Day How hackers breached the Logica Mainframe - Soldier of FORTRAN (@mainframed767)
• Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)
• Video - Gaps in your Defense: Hacking the Mainframe by Soldier of FORTRAN (@mainframed767)
• Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)
• Video - Hacking Mainframes; Vulnerabilities in applications exposed over TN3270 by Dominic White (Sensepost)
• Video - Ransomware on the Mainframe: Checkmate by @bigendiansmalls
• Video - Learning Mainframe Hacking: Where the hell did all my free time go? by @bigendiansmalls
• Post exploit goodness on a Mainframe SPECIAL is the new root by (@ayoul3__)
• Video - Hacking Customer Information Control System (CICS) by Ayoub Elaassal (@ayoul3__)
• Video - IBM Networking Attacks-Or The Easiest Way To Own A Mainframe by Martyn Ruks
• Video - Cracking Mainframe Passwords by Nigel Pentland
• Video - Exploiting the Mainframe - Z/OS integrity 101 by Mark Wilson & Ray Overby
• Video - A Gentle Introduction to Hacking Mainframes by Dan Helton
• PDF- Talk - Gibson 101 - Quick Introduction to Hacking Mainframes in 2020
• Video - Buffer overflow on the mainframe, presented by Jake Labelle
• PDF- Talk - How I Found Mainframe Buffer Overflows by Jake Labelle

• CA ACF2 for z/OS - 16.0 Documentation
• GIAC - ACF2 Mainframe Security

• Mainframe Hacking - Choose Your own Adventure Game
• DVCA - Damn Vulnerable CICS Application
• DC30 - Mainframe Buffer Overflows Workshop Container

• Evil Mainframe Hacking Training/Course
• CBT Tape - Collection of Freeware & Open Source distribution of IBM mainframe MVS & OS/360 Environments
• z/OS Internet Library by IBM - Collection of manuals,guides & books about z/OS
• DoD Security Technical implementation Guides(STIGS) - Search for ACF2, Z/OS, RACF etc.
• Default Accounts

• Amazon - Hacking iSeries by Shalom Carmel
• Amazon - Mastering IBM i: The Complete Resource for Today's IBM i System by Jim Buck & Jerry Fottral
• Amazon - Experts' Guide to OS/400 & i5/OS Security by Carol Woodbury & Patrick Botz
• PDF - The IBM AS400 A technical introduction

• AS/400 Security Assessment Mindmap
• iSeries Penetration Testing
• Security Audit of IBM AS/400 and System i : Part 1
• Security Audit of IBM AS/400 and System i : Part 2
• Security Assessment of the IBM i (AS 400) System : Part 1
• Seclists Mailing list thread on Pentesting AS/400
• Resources from Shalom Carmel's talk at BH Europe - 2006

• hack400tool - security handling tools for IBM Power Systems (formerly known as AS/400)
• Hash generator for IBM System i hashes (DES, SHA-1)
• AS/400 SHA-1 hash format plugin for John the Ripper

• Hack the Legacy: IBM I aka AS400 Revealed by Bart Kulach
• AS/400 for pentesters by Shalom Carmel
• AS/400: Lifting the Veil of Obscurity

• AS400i.com
• Hack The Legacy Website