Another thing you could try to help you understand the layout of the site is gather as much info as you possibly can to figure out what services it’s running…
Look at the html source, read the /robots.txt file, /sitemap.xml where are the site’s images coming from? Another subdirectory of the local site? or an external content delivery system(e.g. static.wixstatic.com/media, tells you that this site was likely made with Wix)
The more you understand the website the more likely you will be at finding a potential attack vector!