Begin day with mitm6 or Responder.

Run scans to generate Traffic.

If scans are taking too long, Look for websites in scope(http_version (Metasploit module)

Look for default credentials on web logins → Printers, Jenkins, Etc.

Think outside the box. Cause sometimes you wont get some ports like LMNR or SMB or anything like that.

We should try to look for all possible outcomes in a pen test for a company because we want them to know about all the possible ways someone can come in and infiltrate their systems.