Low hanging fruit scans can be very useful when performing a penetration test. Especially when performing a internal penetration test a low hanging fruit scan can be very effective. Usually when performing a internal penetration test I am using among other things the Metasploit auxiliary modules to quickly enumerate the network. The modules can give some interesting findings very quickly, such as:
- open SMB/NFS shares;
- End-of-life systems, such as Windows XP & Windows 2003 server;
- MS17-010 vulnerable systems.
Those findings are quick wins and can give you an entry point to the network in order to escalate privileges (e.g. MS17-010 -> DA creds) pretty fast. This helps to tell your customer that you were able to obtain high network permissions within a few hours (if you are able, a malicious attacker is able as well).