HTTP and HTTPS are HyperText Transfer Protocol and HyperText Transfer Protocol Secure.
Web servers are hosted on these ports.
Web pages served by these web servers are a common attack vector; HTTP being less secure as any information sent over the network will be in the clear, whereas HTTPS utilises SSL Certificates to ensure that data sent back and forth is not visible to anyone monitoring the network traffic.
This monitoring of the traffic by an attacker is known as a Man in the Middle attack, and allows said man to inspect, understand and alter requests sent to a web server by a user before they actually reach the server.
<aside> 💡 We can know at a glance whether a page is HTTPS by the padlock symbol next to the URL.
</aside>
Note: Once again, worth bearing in mind, HTTPS is used for secure communications encrypted by Transport Layer Security.
HTTP is port 80 and HTTPS is port 443.
There are several approaches we can take when enumerating a web server.
We can attempt to search for subdomains of the host by using tools such as Sublist3r or web sites such as crt.sh
We can search for directories using tools such as DirBusteror GoBuster (as well as I'm sure several good online tools).
We can scan it with Nikto , a CLI vulnerability scanner that attempts to fingerprint out of date server software (such as Apache being out of date), dangerous configurations, poor cookie management and many other things. This has been noted as being slow, but is still a useful arrow in the quiver.
And let's not forget, we can actually go and look at whatever is being hosted on the server. Sometimes you can't beat just manually looking through a site, taking the 'happy path' and understanding what is there. We can use BurpSuite to aid us here, as if configured correctly, it will build a sitemap for us too, and potentially point out a LOT that we would have missed by eye.