HTTP

during port 80 enum

once you are done with these things

go to webpage and Explore

view source code ctrl + u

nikto

robots.txt

visit port 80 and 443 both

run dirb on both

dirb + gobust + feroxbuster + dirsearch

nmap http vuln

open burp and start intercepting the reqst and response you will be getting something interesting in response

nikto -h ip

nikto -h ip:443