Inspect

Cookies

Burp Suite

robot.txt

hidden files

nmap -sV -vv -sC TARGET_IP

https://nmap.org/book/nse-usage.html

NOTES:

https://portswigger.net/web-security/access-control/idor