enumeraite: AI assisted web attack surface enumeration

Remember that soul-crushing moment when you opened an 8.9 GB of burp suite file? Yeah, fun times. But here’s something even more annoying: reading a random blog post where someone casually mentions a $5,000 bug—an unauthenticated admin panel hidden on some obscure, unpredictable URL of a well known target.

I feel you, it’s hard to deal with huge attack surfaces, endless URLs and thousands of subdomains. And it’s even harder to expand your attack surface to find pages that no one ever looked at it before. Don’t get me wrong—I still think AI sucks at pentesting (sue me). It won’t chain exploits, think creatively, or outsmart a well-configured WAF. But here we are. It’s really good at generating path/subdomains, and picking out the most important targets from a massive list. And lastly, AI can be a smart assistant that is specifically configured for the target app’s test. It handles the boring stuff, so you can focus on breaking things.

In this talk, we’re not glorifying AI—we’re putting it to work. Smart, sharp, and right where it counts.