ping

Port Scan

nmap -sCV -T4 <IP> -oN box.initial

rustscan -g -a <IP>

nmap —script=vuln

nmap —script=vuln -p<ports> <IP>

nikto

nikto -h <http://IP> | tee nikto.txt

directory busting

feroxbuster --url <http://IP> -r

gobuster dir -fr -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u <http:///IP> -x txt,php,html -U admin -P admin

subdomain enumeration

gobuster vhost -u <http://box.url> -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -r

gobuster dns -d box.url -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-20000.txt