What is your opinion on using dirbuster/gobuster for a vulnerability scan? it is technically a brute forcer but it would be interesting to see what hidden directories can be found.
Can that fall under a vulnerability assessment? (I did already get permission to use it as well, I’m just unsure if I should because I want to err on the safe safe)