Categories
Tags
210 words
1 minutes
Enumeration Principles
Enumeration Principles
Overview
- Enumeration is the process of actively or passively gathering detailed information about a target system.
- It’s a critical phase in penetration testing and comes after reconnaissance.
- Involves data collection from domains, IPs, services, protocols, etc.
Difference Between OSINT and Enumeration
| OSINT | Enumeration |
|---|---|
| Purely passive | Active + passive |
| Uses public sources (e.g., WHOIS, social media) | Involves direct interaction with systems |
| Separate from enumeration | Builds upon discovered info, often iterative |
Goal of Enumeration
- Understand how a company functions before attempting exploits.
- Avoid brute-force attacks early on—they’re noisy and may lead to blacklisting.
- Focus on understanding infrastructure and how services communicate (e.g., with clients, admins, employees).
Smart Approach vs. Wrong Approach
| Smart Approach | Wrong Approach |
|---|---|
| Understand infrastructure | Jump into brute-forcing |
| Identify services and usage | Target systems without planning |
| Think like a treasure hunter (plan, research, gather tools) | Randomly dig without context |
Core Questions During Enumeration
Ask these to guide your investigation:
- What can we see?
- Why can we see it?
- What picture does it create?
- What do we gain from it?
- How can we use it?
- What can we not see?
- Why can’t we see it?
- What does that imply?
Enumeration Principles
| No. | Principle |
|---|---|
| 1 | There is more than meets the eye. Consider all angles. |
| 2 | Distinguish between what is visible and what is not. |
| 3 | There are always ways to gain more info. Understand your target deeply. |
Key Takeaways
- Enumeration is not about breaking in—it’s about understanding how to.
- Avoid premature brute-force tactics.
- Map out the infrastructure thoroughly before planning attacks.
- Think like an investigator, not just a hacker.