Map the attack surface — nmap, NSE, and content discovery
Before you exploit, you enumerate. Master the recon toolkit: host discovery and port scanning, service/version fingerprinting, the Nmap Scripting Engine for vuln detection, and web content discovery — the phase that decides every engagement.