Scanning for vulnerabilities with nmap
Enumerate directories on a web server
Try to exploit file uploads by changing the content type, embedding payload in the meta-data
nmap --script http-fileupload-exploiter
Attempt a pasword brute-forcing against an http form-based authentication
nmap --script http-form-brute
Try zone transfer against a DNS server
nmap --script dns-zone-transfer
Enumerate DNS hostnames by brute-force guessing of common subdomains
Enumerate usernames using the finger service
Check for FTP anonymous login
Launch a brute-force attack against FTP servers
Check if server allows port scanning using FTP bounce method
Check for the presence of vsFTPD 2.3.4 backdoor (CVE-2011-2523)
nmap --script ftp-vsftpd-backdoor
Spider the web to find HTTP and/or form based authentication requiring pages
nmap --script http-auth-finder
Test the server for Cross-Origin-Resource-Sharing
Test the server for CSRF vulnerabilities
Test for default credentials used by multiple web applications
nmap --script http-default-accounts
Test for DOM-based XSS vulnerabilities
nmap --script http-dombased-xss