1. Asset Discovery
    1. Dns Brute Forcing and Resolving
      1. str-replace
      2. puredns
      3. massdns
    2. Subdomain Discovery
      1. Amass
      2. subfinder
      3. findomain
      4. github-domains
  2. Fingerprint
    1. HTTP Discovery
      1. httprpobe
      2. httpx
      3. SSame
    2. Technology fingerprint
      1. httpx
      2. webanalyze-mod
    3. Screenshot
      1. aquatone
      2. goverview
    4. Spider Links
      1. gospider
  3. OSINT
    1. Finding more links
      1. ourl
      2. github-endpoints
    2. IP Discovery
      1. metabigor
      2. cdnstrip
  4. Vulnerability Scan
    1. Nuclei
      1. Subdomain takeover
      2. Scanning with all templates
    2. Jaeles
      1. Scanning with all signatures
      2. Looking for interesting endpoints
  5. Content Discovery
    1. Filtering and Beautify the output format
    2. Special Wordlists
    3. ffuf-mod
      1. Looping for each domain and run ffuf-mod on it
      2. ffuf-mod is a custom version of ffuf which add a way to filtering only interesting result
  6. Port Scan
    1. Full port scan
      1. rustscan
    2. Service Fingerprint
      1. metabigor
    3. Vulnerability Scan
    4. Content Discovery
    5. Scanning based on open ports