Enumeration



Description

This is the process of gathering information about a target system or network. This information can be used to identify vulnerabilities, plan the attack, and assess the impact of the attack. If there are pages that can be found that shouldn’t be found by the user by crawling should also indicate weakness.


Examples/Methods/Results

Sublist3r

This is an automated tool that that can be used to enumerate subdomains of a target domain. Subdomains are often used by organizations to host applications with unpatched, critical vulnerabilities. A meticulous subdomain scan can help you get to these valuable findings much faster. Subdomain enumeration can give you insights into how an organization is structured, what services they offer, and so on

No image found

It will list subdomains as shown below.

No image found

Crt.sh

crt.sh is a valuable tool for penetration testers and security analysts. It can be used to identify potential security vulnerabilities and to track the history of certificates for a particular domain. This information can be used to improve the security of websites and to protect users from malicious attacks. It shows service that may be running on the organization by the subdomains.

No image found

The subdomains and certificates will be listed as below.

No image found

Checklist

Things to consider:

No image found

Further Readings

Sublist3r tutorial
Web Enumeration Methodology