80 / 443 - HTTP(S)

nmap -sV -sC -p 80,443 TARGET

curl -I http://TARGET
curl -Ik https://TARGET

whatweb http://TARGET

curl -I http://TARGET | grep -i "server\|x-powered-by\|x-aspnet"

gobuster dir -u http://TARGET -w /usr/share/wordlists/dirb/common.txt
gobuster dir -u http://TARGET -w /usr/share/seclists/Discovery/Web-Content/raft-large-words.txt -x php,html,txt,bak

feroxbuster -u http://TARGET -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt -x php,html,txt

ffuf -u http://TARGET/FUZZ -w /usr/share/seclists/Discovery/Web-Content/common.txt -mc 200,301,302

dirsearch -u http://TARGET -e php,html,txt

ffuf -u http://TARGET -H "Host: FUZZ.target.com" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -fs <default_size>

gobuster vhost -u http://TARGET -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt

ffuf -u "http://TARGET/page?FUZZ=test" -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt -mc 200

curl http://TARGET/robots.txt
curl http://TARGET/sitemap.xml

curl http://TARGET | grep -i "comment\|password\|api\|key\|secret\|token"

curl http://TARGET/.git/HEAD
# If 200 → dump with git-dumper
pip3 install git-dumper
git-dumper http://TARGET/.git/ output/

curl http://TARGET/.env
curl http://TARGET/config.php.bak
curl http://TARGET/web.config

wpscan --url http://TARGET --enumerate u,p,t
wpscan --url http://TARGET -U admin -P /usr/share/wordlists/rockyou.txt

joomscan -u http://TARGET

droopescan scan drupal -u http://TARGET

nmap -p 80 --script http-enum TARGET
nmap -p 80 --script http-title TARGET
nmap -p 80 --script http-methods TARGET
nmap -p 80 --script http-vuln* TARGET
nmap -p 80 --script http-robots.txt TARGET
nmap -p 443 --script ssl-enum-ciphers TARGET