Nmap is an opensource software that apparently scans IPs and TCP/UDP ports. But it can do more! In association with scripts, it can able to analyze targets at layer 7.
# Little example ** http-enum script can list folders on a web server
nmap -sV -p 80 test.glitchlist.com --script=http-enum
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-14 16:30 CEST
Nmap scan report for test.glitchlist.com (192.0.78.233)
Host is up (0.0030s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-enum:
| /.gitignore: Revision control ignore file
| /db/: BlogWorx Database
| /README: Interesting, a readme.
| /app/: Potentially interesting directory w/ listing on 'apache/2.4.18 (ubuntu)'
| /css/: Potentially interesting directory w/ listing on 'apache/2.4.18 (ubuntu)'
| /db/: Potentially interesting directory w/ listing on 'apache/2.4.18 (ubuntu)'
| /functions/: Potentially interesting directory w/ listing on 'apache/2.4.18 (ubuntu)'
| /install/: Potentially interesting folder
| /js/: Potentially interesting directory w/ listing on 'apache/2.4.18 (ubuntu)'
|_ /misc/: Potentially interesting directory w/ listing on 'apache/2.4.18 (ubuntu)'
|_http-server-header: Apache/2.4.18 (Ubuntu)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.91 seconds
In fact Nmap is loaded with a scripting engine aka NSE (Nmap Scripting Engine) that transform this tool in a vulnerability scanner.
For a complete list of scripts look here!
bye
.glitchlist crew