enumeraite: AI Assisted Web Attack Surface Enumeration
Özgün Kültekin
Recon Village @ DEF CON 33 · Day 1 · Recon Village
In the rapidly evolving landscape of web security, effectively mapping an organization's attack surface remains a formidable challenge. Özgün Kültekin, an Offensive Security Engineer at Trendial Group, presented his latest research on `enumeraite`, an **AI-assisted web attack surface enumeration tool**, at Recon Village. This talk addresses the critical problem of **shadow IT** and the exponential growth of web assets, which often leaves organizations vulnerable to undiscovered attack vectors. Kültekin’s work highlights how traditional reconnaissance methods are increasingly insufficient and proposes a novel approach leveraging **Large Language Models (LLMs)** to intelligently discover hidden subdomains and API endpoints.
AI review
Genuine practitioner research with a real problem statement and working tooling — fine-tuning open-source LLMs on tens of millions of subdomains and paths to learn target-specific naming conventions is a legitimate approach that goes beyond slapping an API call onto a wordlist generator. The agentic structural enumeration angle (pattern extraction → slot inference → combination generation) is the most interesting piece here. But this lands at Recon Village level, not main stage: the core insight is incremental, the model comparison methodology is shallow, and the benchmark data is…