Enumeration

Definition: The most critical phase. The goal is not immediate access, but identifying all possible attack vectors.

Core Mindset

• Knowledge > Tools: Tools are only as good as the user. You must understand the underlying services, protocols, and syntax to interact with them effectively.

• Quantity Matters: The more information you collect, the easier it is to find a way in.

• Analogy: It is easier to find lost keys if you are told "Third drawer, white shelf, living room" rather than just "In the living room."

What We Look For

We narrow our search to two main points, usually exposed by misconfigurations or neglect:

• Functions/Resources: Things that allow us to interact with the target.

• Information Leakage: Data that helps us bypass security.

Why People Get Stuck

Testers often fail not because they missed a tool, but because they lack deep knowledge of the service. Investing time to learn how a specific service works often saves hours of aimless scanning.

Manual vs. Automated

Manual enumeration is mandatory.

• Tool Limitations: Scanners (like Nmap) rely on timeouts. If a service is slow to respond, the tool may mark a port as "Closed" when it is actually open.

• The Risk: Relying 100% on automation can cause you to miss the one open door you needed.