During a vulnerability scan, an open port on a web server may be discovered. This indicates that the server is running a service or application on that port, and it may be possible to interact with it. However, just because a port is open does not necessarily mean that it is vulnerable to attack. 

Further investigation and testing may be required to determine if the service or application running on the open port has any known vulnerabilities that can be exploited. This information can be used by a penetration tester to plan and execute an attack on the web server.

Nikto
```
nikto -h http://www.example.com
```