Here are some guidelines you can follow to enumerate targets.

  • Remember that you can enumerate information from network devices as well as computers.
  • Banner grab to obtain quick information from a network service.
  • Use different tools such as Nmap, Netcat, or telnet for flexibility and different results when banner grabbing.
  • If possible, obtain a credential (preferably administrator) that you can use during enumeration.
  • For maximum flexibility, log on to the host you want to enumerate, then run native commands or a tool such as rpcclient or Metasploit.
  • If you must enumerate remotely, conduct a port scan to discover targets.
  • When enumerating Windows hosts, use tools such as the command prompt (cmd.exe) to access a wide range of commands. You can also use PowerShell, rpcclient, and Metasploit.
  • When enumerating Linux hosts, use the Bash prompt to access a wide range of tools. You can also use Metasploit.
  • When enumerating different services, select a tool that is designed for the ports and protocols you are targeting.
  • Scan the network for both SMB and NFS shares.
  • Try creating a null session to older hosts that provide SMB shares.
  • Choose an enumeration tool that is configured to use the protocol.
  • Start website enumeration by attempting to open a browser to well-known website directories.
  • Use tools such as Nmap scripts or Dirbuster to help enumerate directories on websites.
  • Use a variety of tools, as not all tools or scripts work with all targets.