Enumeration actively queries systems to gather detailed information — usernames, shares, services, open ports, OS versions — going beyond simple port scanning.
Enumeration follows scanning in the pen test methodology. Tools: Enum4linux (Samba), NBTScan (NetBIOS), SNMPwalk (SNMP), Ldapdomaindump (AD). Each service type has specific enumeration techniques.