> For the complete documentation index, see [llms.txt](https://ghoulsec.gitbook.io/ghoulsec-vault/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ghoulsec.gitbook.io/ghoulsec-vault/exam-prep-notes/ceh-v13-master-edition/module-04-enumeration.md). # Module 04: Enumeration ## Lab 1: Perform NetBIOS Enumeration ### Task 1: Perform NetBIOS Enumeration using Windows Command-Line Utilities ``` ## Commands used : 1. Netbios name table: nbtstat -a [IP address of the remote machine] 2. Netbios cache : nbtstat -c 3. File Shares enumeration : net use ``` ## Lab 2: Perform SNMP Enumeration ### Task 1: Perform SNMP Enumeration using SnmpWalk ``` ## Commands used : 1. SNMP V1 : snmpwalk -v1 -c public [target IP] 2. SNMP V2c : snmpwalk -v2c -c public [Target IP Address] ``` ## Lab 3: Perform LDAP Enumeration ### Task 1: Perform LDAP Enumeration using Active Directory Explorer (AD Explorer) {% hint style="info" %} Tools used in this section : 1. **Active Directory Explorer** 2. **Softerra LDAP Administrator** 3. **LDAP Admin Tool** 4. **LDAP Account Manager** 5. **LDAP Search** {% endhint %} ## Lab 4: Perform NFS Enumeration ``` ## Commands used : 1. Nmap Port Scan : nmap -p 2049 [Target IP Address] ``` {% hint style="info" %} Tools used in this section : 1. SuperEnum : 1. **echo "10.10.1.19" >> Target.txt** 2. **chmod +x superenum** 3. **./superenum** 2. **RPCScan :** 1. **python3 rpc-scan.py \[Target IP address] --rpc** {% endhint %} ## Lab 5: Perform DNS Enumeration ### Task 1: Perform DNS Enumeration using Zone Transfer ``` ## DNS Zone transfer using Dig dig ns [Target Domain] dig @[NameServer] [Target Domain] axfr ``` ``` ## DNS Zone transfer using Nslookup nslookup set querytype=soa ls -d [Name Server] ``` ## Lab 6: Perform SMTP Enumeration ### Task 1: Perform SMTP Enumeration using Nmap ``` ## Commands used in this section : 1. NMAP nmap -p 25 --script=smtp-enum-users [Target IP Address] nmap -p 25 --script=smtp-open-relay [Target IP Address] nmap -p 25 --script=smtp-commands [Target IP Address] ``` ## Lab 7: Perform Enumeration using Various Enumeration Tools ### Task 1: Enumerate Information using Global Network Inventory {% hint style="info" %} Tools used in this section : 1. **Global Network Inventory** {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ghoulsec.gitbook.io/ghoulsec-vault/exam-prep-notes/ceh-v13-master-edition/module-04-enumeration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.