To put it in the simplest of terms, enumeration is an act in which a person tries to gain information about the system that they are trying to exploit or penetrate. The best and the most straightforward real-world analogy that I can come up with for enumeration is when thieves try to break into a home. In order to carry out this stealing operation, the thieves must know their target’s behaviors, habits, and routines. And because most break-ins occur before daybreak during nighttime, the thieves must find a way to learn the various occupants’  bed schedules and keep track of it for a couple of days to establish it as a regular routine. So if we circle back, this, quite frankly, is the first part of the definition of enumeration, which is trying to find out as much as possible about the victim host machines. The second part of the enumeration definition revolves around finding a workable exploit that works to gain root access or a shell on the machine. Similar to the idea of finding a key or an unlocked door to access the target home. When done correctly, by gaining access to the shell, the penetrator will have an elevated system privilege, similar to that of system administrators. With that, the intruder will be able to implant backdoors and rootkits so that they can open up new listening ports for themselves for the convenience of later access.

Now, in terms of what enumeration tools should be used, this would heavily depend on each individual situation and the ports in which you were able to exploit successfully. Port scanning is really available to almost every operating system, and once you gain knowledge of which port you would like to exploit, that is when you will need to decide what tools you would need to use. However, using tools is not always recommended because of the simple reasoning of trying to remain anonymous when carrying out hacking operations. Suppose you are using an outdated tool and you are using an already patched exploit within this tool, you can easily expose yourself to that host machine, and your anonymity could very well be compromised. However, it is needless to say that tools do make penetration testing a lot easier with their intuitive and easy-to-use interfaces.  With that said, DNS Recon is a very well-established tool within the Kali Linux operating system. Combined with the popularity and reliability of Kali Linux among cyber security experts, it further reinforces its demand to keep it up to date. This tool is handy in quickly pulling DNS records of any given domain, but most importantly of all, it will also provide cached records, which can, in some cases, reveal extraordinarily surprising and valuable information. Another very useful tool is OpUtils by ManageEngine; this software allows you to block IPSec filtering and specific ports that are unsafe to use or keep open, preventing certain types of SNMP enumeration attacks. This software works on both Windows and Linux-based operating systems, but there is a fee associated with some of its advanced functions and services.