CIP Cyber

Scanning and Enumeration- Second Step Of Ethical Hacking

Table of Contents

The second step of ethical hacking and penetration testing involve two terms that is scanning or port scanning and enumeration, we will discuss the these two steps separately. Before reading this article you must have an idea about first step, if you have not read our previous article on it than read footprinting step by step.

 Port Scanning
  • Port scanning is a common technique used by a penetration tester to find out the open doors, In technical terminology port scanning is used to find out the vulnerabilities in the services listing on a port. During this process you have to find out the alive host, operating systems involved, firewalls, intrusion detection systems, servers/services, perimeter devices, routing and general network topology (physical layout of network), that are part of the target organisation. 
  • Port scanning involve connecting with TCP and UDP ports on a system, once you have found the IP addresses of a target organisation by footprinting technique you have to map the network of this organisation.

  • There are so many automatic port scanner available on the Internet, but the most common and popular tool is nmap, Nmap is a network mapper and a power full, flexible, freely available and easy to use tool. It is available for both linux and windows based operating system.

  • Nmap is not only a single player in the field of port scanning there are different tools like netscantools, Superscan, Unicornscan, Scanrand and Portscan 2000 or more.

Enumeration
  • Enumeration is the first attack on target network, enumeration is the process to gather the information about a target machine by actively connecting to it.
  • Enumeration means to identify the user account, system account and admin account. Enumerating windows active directory to find out these stuffs. 
  • Discovering NetBIOS name enumeration with NBTscan.
  • Establishing null sessions and connections. Null sessions tools like Dumpsec, Winfo and Sid2User or more, may used to perform this attack.


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings