Enumeration

  • Nmap

  • GoBuster - Directory/File, DNS and VHost busting tool written in Go

  • Ffuf - Fast web fuzzer written in Go

    • Ffufw - wrapper around ffuf to make directory brute forcing easier

  • Nikto - Nikto web server scanner

  • Amass - In-depth attack surface mapping and asset discovery

  • Dirb/Dirbuster - Busting Tool for Web Directories

  • Enum4Linux - Enumerating information from Windows and Samba systems

  • OneDrive UserEnum - Enumerates valid OneDrive accounts

  • Bloodhound - Active Directory Attacks

    • Cypheroth - Runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

  • Ldeep - ldap enumeration utility

  • SUCC - Queries Microsoft for a list of domains associated with an Office 365 tenant

  • Certipy - Tool for Active Directory Certificate Services enumeration and abuse

  • Legba - A multiprotocol credentials bruteforcer / password sprayer and enumerator.

  • SNMP-check - enumerate the SNMP device

  • snmpwalk - retrieve a subtree of management values using SNMP GETNEXT requests

  • ldapsearch - Process one or more searches in an LDAP directory server

  • ldapenum - An LDAP based Active Directory user and group enumeration tool

  • nbtstat - Displays NetBIOS over TCP/IP (NetBT) protocol statistics

  • net view - Displays a list of domains, computers, or resources that are being shared by the specified computer

  • certSniff - Certificate transparency log keyword sniffer

  • DNSRecon - Enumerate DNS records

Last updated