Scanning and enumeration

Without a doubt, almost every security professional wants to jump straight into exploiting boxes, but without understanding the basics, the exploits, and most importantly, the environment they are in. This can lead to mistakes or worse, such as breaking things in a live environment.

Scanning and enumeration allows a pen tester to understand their environment. The result one gets from these scans gives the red team a starting point to leverage vulnerabilities in different systems. Scanning is finding all available network services (TCP and UDP) running on the targeted hosts. This can help a red teamer discover whether SSH/Telnet is open to try a brute-force login and discover file shares to download data from, websites that may have vulnerabilities, or printers that may hold usernames and passwords. Enumeration is the discovery of services on the network to have a greater sense of information provided by the network services.