To check open ports on the server use Nmap program. To install Nmap use command:
sudo apt install nmap
This command check server IP for open ports:
sudo nmap -sC -sV -v IP_ADDRESS
For fast scan all ports with Nmap use command:
sudo nmap -sS -v IP_ADDRESS -p-
Scan directories on host:
ffuf -w ~/SecLists/Discovery/Web-Content/directory-lists-lowercase-2.3-small.txt:FUZZ -u "http://IP_ADDRESS/FUZZ" -ic -c -e .php
Scan Subdomains:
ffuf -w ~/SecLists/Discovery/Web-Content/directory-lists-lowercase-2.3-small.txt:FUZZ -u "http://DOMAIN.COM/" -H 'Host: FUZZ.DOMAIN.COM' -fw SIZE
-fw – filter words 522
-fs – filter size SIZE