Types of enumeration
Enumeration can take many forms but a typical enumeration phase will collect the following information:
- IP Addresses and network resources
- Subdomain enumeration
- Site locations
- Machine names
- Operating systems in use
- Leaked passwords
- Corporate services exposed to the internet
Enumeration tactics are varied and can take the form of extracting data from social media, collecting company documentation online and extracting leaked information from the headers of files. Operating system information can be disclosed unintentionally by the configuration of web services. Additionally, corporate web applications can reveal detailed information about the company and its resources.
What is an enumeration attack?
The term “Enumeration Attack” is the first phase process followed by a malicious attacker used to gain knowledge and understanding of the target and therefore establish potential avenues of attack.
If you like this blog post, find more content in our Glossary.