3-1: Enumeration Research

There'll be times when I think I've gotten everything, but am simply missing something, or it's a unique service that comes up and we need to learn more about how to understand the application first before considering potential attack paths. In that case you might simply not know how to find the right piece of information for a specific service.

In those cases researching if there are any specific tools needed to interact with the service for information gathering can be necessary. A few good places to consider checking, in rough order:

1. HackTricks the number of times I thought it was an obscure service, but Hacktricks had a guide on it...
2. Documentation. If you can ID the service, check the documentation and it will likely be the best guide to how to interact with and gain more info on the service.
3. Search. Mentioned last as technically we might search sites to find #1 and #2, but if those fail, searching the service name (if known), port, or some other relevant fragment obtained via curl, netcat, or otherwise might point to useful info.