Security Testing - Enumeration



Enumeration is the next step after scanning. The goal of enumeration is to get a complete picture of the target. In this phase, a penetration tester tries to identify valid user accounts or poorly-protected shared resources using active connections to systems.

Techniques Used in Enumeration

Following are the common set of procedures used in Enumeration −

  • Identifying vulnerable user accounts
  • Obtaining Active Directory information
  • Using snmputil for Simple Network Management Protocol enumeration
  • Employing Windows DNS queries
  • Establishing null sessions and connections

Flow Diagram