Gsec

Passive Scan:
- Find assets with shodan
- RapidDNS to get subdomains
- Certsh to enumerate subdomains
- DNS enumeration
- Waybackurls to fetch old links
- Find domains belonging to your target

Normal / Agressive Scan:
- Domain http code
- Web port scanning
- Server information
- HTTP security header scanner
- CMS security identifier / misconfiguration scanner
- Technology scanner
- Programming Language check
- Path Traversal scan
- Web Crawler
- OS detection
- Nuclei vulnerability scanning
- SSRF, XSS, Host header injection and Cors Misconfiguration Scanners.