There are tools out there will allow you to scan for possible vulnerabilities rather than having to put in countless hours into a hack that you may find it to be secure from. The first tool we'll use is called nikto; it will scan any website for vulnerabilities and reports back to you on what it finds. You'll find it very simple and efficient but not stealthy so any website/web server with an IDS/IPS is likely to detect it. You'll find this tool in Kali under Vulnerability Analysis | Misc Scanner | nikto. Once you launch it, you can input the IP or hostname to begin:

nikto -h 192.168.2.11

nikto -h TargetWebsite.com  

For a Windows-based OS, you can download a similar GUI tool called Wikto. It works much like nikto, running through thousands of scripts to scout for any vulnerability flaws, but it also has HTTP fingerprinting, a identifying server type based on its behavior. What's even more unique is its capability to query backend files and directories. This tool stays updated with the Google Hacking Database (GHDB), covering over 1,000 vulnerabilities.