Exam

autorecon -t ips.txt --only-scans-dir

Nmap

First grab all ports open

nmap -p- --min-rate 5000 -T5 10.11.1.116

Then perform script scan on them

nmap -sC -sV -p 21,22,80,110,143 10.11.1.16

Directory bruteforcing

Just use extensions according to server

feroxbuster -u <http://10.11.1.116> -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -x txt,php -n -q -t 200

If tunneling via proxychains use the following option :

 --proxy socks5h://127.0.0.1:9050

Nikto

Very useful to run when stuck in a webserver.

Sometimes is able to find dirs that bruteforcing does not

Netcat Banner Grabbing

Usually try to run nc to random ports bc sometimes they disclose vuln software