Recon
- Normal Nmap and Nikto scan maybe do a UDP scan if needed?
- AUTORECON
- Scan all ports maybe udp scan too?
- Scan multiple times TCP otherwise you could miss a port
- Try accessing all services with DEFAULT PASSWORDS
- Maybe Bruteforce in the background
- Google version numbers of EVERYTHING
- if you find strings, check for base64 and cyberchef magic
- SNMP
- snmpwalk
- download the MIBs to translate the OIDs
- SMB
- Enum4linux
- SMBClient