# Look at page with just text
curl 10.11.1.111 -s -L | html2text -width '99' | uniq
# Get everything
curl -i -L 10.11.1.111
curl -i -H "User-Agent:Mozilla/4.0" http://10.11.1.111:8080
# Port 443
openssl s_client -connect <hostname>:443
# Port 80
telnet <IP> 80
nikto -h http://<url>
nikto -h $ip -p 80,8080,1234
gobuster dir -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt -u http://192.168.3.104 -x php,txt,bak
sh,txt,php,html,htm,asp,aspx,js,xml,log,json,jpg,jpeg,png,gif,doc,pdf,mpg,mp3,zip,tar.gz,tar
ffuf -u http://example.com/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -c --recursion
wpscan --update
wpscan --url <ip>
wpscan --url [url] --enumerate [p/vp/ap/t/vt/at] --plugins-detection aggressive
# To scan for all plugins
wpscan --url [url] --enumerate ap --plugins-detection aggressive
# Enumerating wordpress users
wpscan --url [target URL] --enumerate u
# Password Attack
wpscan --url http://internal.thm/blog/ --passwords /opt/wordlists/rockyou.txt
uniscan -u http://192.168.1.202/ -qd
cms-explorer -url http://10.11.1.111 -type [Drupal, WordPress, Joomla, Mambo]