Enumeration is part of Reconnaissance phase done after the scanning. During Enumeration phase, attacker creates active session with the live target host and gathers more detailed data than that was obtained during Scanning Phase. Please note that Enumeration is different from scanning. In scanning phase, the information like IP address, Ports, OS and vulnerabilities from the target infrastructure and systems will be gathered. In enumeration phase, additional in-depth information about the target apart from what was gathered in scanning will be obtained as following:
- Email Address
- Username
- User Groups
- Default Password
- DNS Zone Transfer
The types of enumeration are as following:
- Service Enumeration
- Network Enumeration
- OS Enumeration
- NetBIOS Enumeration
- SNMP Enumeration
- NTP Enumeration
- SMTP Enumeration
- DNS Enumeration
- LDAP Enumeration
- SMB Enumeration
- IPsec Enumeration
- VoIP Enumeration
- RPC Enumeration
- Unix/Linux User Enumeration