Type your comment> @ohfuck said:
thank you @WiseGuy ! I didn’t know zap.
And as a ‘attack list’, what do you usually do after? I mean, what should I look for? I know it depends case by case, but what do you usually do in order to find vulnerabilities?
Unfortunately, what he said is accurate. I like to start with nmap to get an idea of what ports are open. Then move to other programs as appropriate. Sparta is another program that runs some of these basic scans for you.