The process of counting off or listing what services, applications, and protocols are present on each identified computer.

Methodology / How they use it

Enumeration is part of the information gathering phase and without it, hackers wouldn’t know how or what to exploit. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further. Simple scanning tools are in use to gather services running such as OS detection, SMB, SNMP, DNS etc.

Top - Tools used by Hackers


Responder an LLMNR, NBT-NS and MDNS poisoner. By default, the tool will only answer to File Server Service request, which is for SMB.


Nmap is a free and open source utility for network discovery and security auditing.


A Collection of tools for network auditing and penetration testing


Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them.


tgcd is a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.