Vulnerability Scanning and Enumeration for Pen Testing

By Yugansh Kumar       July 16, 2020

By Yugansh Kumar

July 16, 2020

The second phase of ethical hacking and penetration testing involves two terms that are port scanning and enumeration. We will discuss these two steps separately if you do not know about the first phase of Penetration Testing the click here.

Phases of Penetration Testing, Scanning and Enumeration


So the first question that pops in mind is what scanning is and how to do it?

Scanning involves taking the knowledge discovered during reconnaissance and using it to look at the network. Once the attacker has enough information to know how the business works and what information useful could be available, he or she begins the method of scanning perimeter and internal network devices looking for weaknesses.

The key aspects to look in scanning are-

The most commonly used tool used for port scanning is Nmap. It is a pre-installed tool in Kali Linux with many options regarding what type of scan a hacker wants to perform. For example-

There is another tool called Zenmap that is a GUI version of Nmap, where there is no need to enter any command select which type of scan you want.


The enumeration in information security is the process of extracting user names, machine names, network resources, and other services from a system. All the gathered information is employed to spot the vulnerabilities or weak points in system security then tries to take advantage of it. The key aspects to follow while doing enumeration-

Techniques for Enumeration

There are some ways to gather data, like network users, routing tables, and Network Management Protocol (SNMP) information. Let us see how to get this valuable information.

So this covers the scanning and enumeration part included in the second phase of penetration testing. Now the question remains how to know if a hacker performs scanning on your machine, Let’s find out

A utility like IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) can come handy in these type of situations as Nmap usually gets detected if it is not using IDS bypassing methods. However, still, you can generally track down these activities by looking at the log files that come to the target machine.

But the veteran black hat hackers know all the tricks and typically go undetected. But the knowledge for that level can only come with experience. So be sure to keep practising and give your best without looking for any payouts.

Get the latest tech news and updatesethical hacking tutorials and cybersecurity tips and tricks. Check out MeuSec for more.


You Might Also Like

Subscribe to our Newsletter