Did you know that Nmap has a scripting language and can do things such as enumerating details on WordPress sites like usernames and installed plugins, check for vulnerabilities or do brute forcing? On the Security Weekly podcast episode 457 they brought up Nmap scripting and the fact that a ton of scripts come included with Nmap. I had no clue. On OSX the scripts directory for Nmap is located here /usr/local/share/nmap/scripts If you use another OS just do a search for *.nse and you will find the scripts directory.
Nmap script usage:
nmap --script <script name> <target>
Example of a script that enumerates visible folders and files on a web server:
nmap --script http-enum google.com