So now with all the following information we have that we got by ennumerating like version numbers of protcols open and technolgies on the server we can search for exploits and also for exploits of stuff that was listed to us by the nikto scan.

So we can just google the thing we require like thingtoexploit exploit and mostly we get links for this site called exploitdb which is one of the most trusted websites for exploits and stuff so thats very nice.

There is another site called cvedetails.com/vulnerability-list/

In which we can see what levels,types and what the vulnerabilities are basically.

Red means the vulnerability is critical and it will work a lot of times and then its yellow greenish green etc.

Another great and very trusted resource for researching exploits is this site called Rapid7 (Creaters of MetaSploit) and they give you options for modules in Metasploit that can be used to exploit the target.

We can also look up for exploits without internet by using a exploitdb local database that we have in our Kali Linux Machine but this is not the best way will only recommend you to do this when you are in certain weird situation where you dont have internet access or something

searchsploit ssl 2

But again its not the best its not a good searching engine so the more specific you are the worse it will be .