Enumerating resources with feroxbuster and ffuf
Looking for Cracks

© Photo by Linda Robert on Unsplash
A cyberattack unfolds in stages. The enumeration phase is when the attacker looks for holes in the target system. Tools like feroxbuster and ffuf bring the power of automation to the search.
If you have ever looked at how cyberattacks unfold in detail, you know that a typical cyberattack has a few distinct phases. The sequential list of phases is commonly referred to as the cyber kill chain, which is a framework developed by Lockheed Martin over a decade ago, apparently using a military model.
Over the years, the cyber kill chain has evolved and been adopted in a number of different forms. The chain originally had seven phases, but these days an eighth monetization phase is often mentioned. Although a variety of popular frameworks and methodologies define these phases in subtly different ways, I like to think of the different phases of an attack as this boiled-down list:
- Information gathering
- Enumeration
- Exploitation
- Post exploitation
[...]
Buy this article as PDF
(incl. VAT)