detailed info you should gather about the target

[ ] understand how application is built?
[ ] What application is built for?
[ ] understand how application process data?
[ ] find all possible entry points and company assets
[ ] find as many files, folders and endpoints
[ ] what it’s really meant to do?
[ ] what kind of user roles exist?
[ ] what is user have access to?
[ ] how did it intract with each other?
[ ] what can i do as a low-level user to elevate my access to may be out of some of those API endpoints that are built for an admin?
[ ] what info is truely meant to be public vs the ones that are supposed to be private?
[ ] can you access the info without being logged in?
[ ] may be it meant to be for an admin and can you access as a user without admin privileges?
[ ] look at js files to find endpoints that are hidden or may be user does not have access to
[ ] found 401/403/404/apache default pages the fuzz fuzz fuzz
[ ] understand endpoints
[ ] look for default envaroments like .dev, .corp, .stage, vat etc....
[ ] look for custom written webapps or blank web servers. because there are no webserverswithout anything there.
[ ] here you start content discovery
[ ] test vulns like xss, injections, misconfigs, bypasses.