RACFSNOW is a highly optimised PC program for performing a dictionary attack against a RACF database, with the option of using a database unload (IRRDBU00) to validate the User IDs to attack.
It uses an ini file to control various parameters to enable focusing the attack on certain user IDs and or passwords.
This program is very original since the community is lacking such free utilities to perform security assessment on IBM Mainframe (zOS and other subsystems). I hope the author could add more features to extend it to do more tests such as : checking for the system version, checking for the datasets, elevating privileges using ISPF, gathering information using RACF TSO commands. Pentesting RACF systems is not an easier task since one’s has to fully understand the zOS architecture.
Check here full documentation >> http://www.racfsnow.co.uk/racfsnow.pdf
[button size=medium style=round color=red align=none url=http://www.racfsnow.co.uk/ ]Download [/button]
This tool has been submitted by Nigel Pentland