If you are new to development, or coding in general, you also keep hearing the word "enumeration". "Enumerate over this list" or "enumeration is key" or occasionally "just enumerate it". I don't know about you, but to me this doesn't make sense. Part of my coding bootcamp used the words too but lacked in any real explanation of it. I discerned that it was the process of doing something to each item in a list.
So What is enumeration?
By definition "an enumeration is a complete, ordered listing of all the items in a collection." (3)
Soo... Its a list.. that's... not helpful... How can it be a list when it is used like a action??
What is Enumeration Used For?
Well, in mathematics and computer science the term is commonly used to refer to a listing of all of the elements of a set.
In InfoSec it is used to refer to gather information from lists, such as usernames or group names, hostnames, network shares and services, IPtables and routing tables, service settings and audit configurations, application and banners, and SNMP and DNS details. (4)
Oh, that actually makes more sense.
Enumeration is used for listing details in a list or a process of mentioning items in a list one by one.
Where Do You Need to Enumerate?
In many languages you enumerate over a list to map the items in a list, group items in a list together, or perform a task, such as math, on each item in a list.
listnumbers = [1, 2, 3]
listnumbers.each { |n| n * 2 }
=> [2, 4, 6]
In Info Sec you hear a lot about enumeration and how important it is.
Two examples of how it's used is to try and brute force a login with a list of usernames and well known passwords or finding what services are running, versions, open shares, account details, or possible points of entry by port scanning or passive fingerprinting.
References
- Security+ cert book
- Web Application Hackers Handbook
- https://en.wikipedia.org/wiki/Enumeration
- https://resources.infosecinstitute.com/what-is-enumeration/#gref
- https://resources.infosecinstitute.com/process-scanning-and-enumeration/#gref
- http://www.knowthetrade.com/scanning.html
Top comments (1)
Great post π