For this week, I learned about enumeration, as well as doing a task on it, which I will demonstrate on today’s blog post.
Enumeration is a process which extracts information about a certain website, such as its resources and shares of the network, usernames or groups assigned to the network, the last time the user was logged on, as well as the user’s password. There is also Port scanning and footprinting, which is also used to find out the operating system used by the user.
Here are some tools that we can use to enumerate our target:
- wpscan
- jooscan
- TheHarvester
- Nmap
Now I will demonstrate some of the tools used for enumeration:
The first tool I will use is wpscan.
When wpscan is opened, it will show a list of commands that can be used with wpscan. Since what we wanted to find out is the enumerate users of the website, the command that we use is
wpscan --url [your url here] --enumerate u
After we enter the command, the results should be somewhat like this
I tried using this website, but I was unable to figure out any usernames.
I also tried to perform wpscan on another WordPress site, which is jo1.pentest.id. First, I tried to enumerate usernames using this command:
wpscan –random-agent –url https://jo1.pentest.id –enumerate u
the –random-agent command means that we will use a random User-Agent. The results come out like this:
This time, I am able to find the users listed on the website.
Now, to get the e-mail addresses on the website, I will now use a different tool. The tool I will use now is called TheHarvester, which known to be used to gather e-mail addresses and the like from different sources.
Just like wpscan, I can run the tool from the terminal, like so
As you can see here, it shows a list of commands that can be used in TheHarvester.
Since we want to search e-mail addresses in the website from different data sources, we will use this command
theharvester -d [your url here] -b all
The results is shown here
But it seems that we can’t find any e-mail addresses listed on the website. To make sure, I tried using another website to check out if I can fetch any e-mail addresses from it.
I used another website and it found an e-mail address, the results are shown here
Now as you can see here, it shows the list of e-mail addresses that are in the website. In this example, it only shows one e-mail address, meaning that one e-mail is assigned in this website.