According to geeksforgeeks.org, "Enumeration is fundamentally checking. An attacker sets up a functioning associated with the objective host. The weaknesses are then tallied and evaluated. It is done mostly to look for assaults and dangers to the objective framework. Enumeration is utilized to gather usernames, hostname, IP addresses, passwords, arrangements, and so on. At the point when a functioning connection with the objective host is set up, hackers oversee the objective framework.". There are several tools to consider when employing in Web enumeration and compromise. Some examples of tools to consider could include;
Nmap:
"According to nmap.org, Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing." Nmap is very well known however is more commonly used for Web enumeration.
Metasploit:
Metasploit is a penetration testing framework and be used to probe networks.
Wget:
According to gnu.org, "GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS, the most widely used Internet protocols.". Wget would primarily be used for enumeration.
GoogleBot:
According to developers.google.com, "Googlebot is the generic name for Google's web crawler.". To use something like this you would have to emulate Googlebot from something like Chrome OS on your machine.
Nikto2:
According to cirt.net, "Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.". Nikto can be used for web enumeration and compromise and would be a good tool to consider. Some benefits include Nikto2 being Open Source (GPL) which means the code can be publicly accessed and edited. However a potential negative is stated on cirt.net; "Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
To conclude there are several Web tools to consider employing in Web enumeration and compromise.
Resources:
https://www.gnu.org/software/wget/
https://developers.google.com/search/docs/crawling-indexing/googlebot
https://github.com/sullo/nikto
https://www.geeksforgeeks.org/cyber-security-types-of-enumeration/