Enumeration is the method that a penetration tester uses to identify information about in-scope assets. A pen tester will use an automated process to identify all active IP addresses within the scope and some limited information about those devices, such as type and operating system version. This information is then used for further automated and manual testing. Enumeration can happen several times within a single pen test on different parts of a network. A bad actor will also use enumeration to identify systems to compromise.
