Methodology
Enumeration is not really a step or phase. We continue to enumerate throughout every step of testing an application. Even during exploitation, especially when our exploits fail, we continue to enumerate. So with that, one could argue that this is the most critical skill to develop.
At the start of our engagement, we need to orient ourselves and carry out enough enumeration so that we understand the target enough to:
Uncover the full attack surface
Begin our attacks
Overcome weak defenses
Ensure we don’t miss things
The below checklist is a good starting point if you want to carry out thorough enumeration but not entirely sure where to begin. Work through them, take good notes, and you’ll be setting yourself up to work efficiently and for success.
Checklist
Other things we may consider:
Last updated