autorecon -t ips.txt --only-scans-dir
First grab all ports open
nmap -p- --min-rate 5000 -T5 10.11.1.116
Then perform script scan on them
nmap -sC -sV -p 21,22,80,110,143 10.11.1.16
Just use extensions according to server
feroxbuster -u <http://10.11.1.116> -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -x txt,php -n -q -t 200
If tunneling via proxychains use the following option :
--proxy socks5h://127.0.0.1:9050
Very useful to run when stuck in a webserver.
Sometimes is able to find dirs that bruteforcing does not
Usually try to run nc to random ports bc sometimes they disclose vuln software