Brute-forcing IMAP passwords
Password auditing checks have the purpose of discovering weak passwords on critical systems such as mail servers. Organizations must prevent users from using weak passwords that could be targeted with brute-force password attacks.
This recipe will show you how to launch dictionary attacks against IMAP servers 
with Nmap.
How to do it...
To perform brute-force password auditing against IMAP, use the following command:
$ nmap -p143 --script imap-brute <target>
All the valid accounts found will be listed in the script output section:
PORT STATE SERVICE REASON 143/tcp open    imap syn-ack | imap-brute: |    Accounts |    acc1:test - Valid credentials |    webmaster:webmaster - Valid credentials |    Statistics |_   Performed 112 guesses in 112 seconds, average tps: 1
How it works...
The imap-brute
script was...