Nikto is an automated vulnerability scanning tool useful for whenever you have already used all the aforementioned tools, read the source code, played with the web application, and you still have no idea where to start looking.
This tool is really easy to use, so I won't really go into details.
nikto -host http://localhost:8080- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 8080
+ Start Time: 2021-12-21 18:36:24 (GMT1)
---------------------------------------------------------------------------
+ Server: No banner retrieved
+ Uncommon header 'content-disposition' found, with contents: inline;filename=f.txt
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Uncommon header 'accept-patch' found, with contents:
+ Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ OSVDB-3092: /home/: This might be interesting...
+ OSVDB-3092: /users/: This might be interesting...
+ 7375 requests: 0 error(s) and 7 item(s) reported on remote host
+ End Time: 2021-12-21 18:36:40 (GMT1) (16 seconds)