Enumeration
Enumeration is to gain additional information on the target, such as account name, shares, eventually misconfigured service protocols and so on..
Web Server Enumeration
Web Server is a software that serves website data on the web.
It is a software that hosts the directories of your website and grants the access to them.
Common web servers are Apache, Nginx, etc.
They use HTTP (HyperText Transfer Protocol) to facilitate the communication between clients and the web server.
HTTP is a protocol that uses TCP on port 80, while HTTPS works on port 443.
When you open your browser and search an HTTP or HTTPS website, the browser will perform a DNS lookup to resolve that domain to the web server ip address.
It will send an HTTP request to the web server and it will receive a HTTP response from the web server.
We can enumerate the web server discovering what version its running, what web server, gain information on http headers, programming languages, or discovering hidden files, etc.
Enumeration and Port Scanning with Nmap
You can use Nmap for enumeration, such as discover the operating system and the version of the target ports.
You can export the results into a format readable by the Metasploit framework
for further operations.
You can start by doing a regular host, port and version scan with Nmap.
Standard scanning:
nmap target-ip
Avoid host scanning to not being blocked (by Windows firewall) and just detect ports:
nmap -Pn target-ip
Get the version of the services and operating systems of the ports:
nmap -Pn -sV -O target-ip
Save the results in a .xml file that will be used by Metasploit framework:
nmap -Pn -sV -O target-ip -oX output.xml