Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is just having the knowledge that they exist and finding quick way to check for them. Here are a few quick hit, low hanging vulnerabilities that could provide the biggest kickoff point when doing an investigation.
Swagger Wont StopNot that kind of swagger, swagger pages exist on API’s to help assist the development team with things like form, design, deployments and testing new functionalities. With that being said, a swagger page provides a lot of quick hit information for anyone malicious looking to exploit your website. Any modern application scanner should be able to detect an unprotected swagger page and even if you do not have an scanning solution at your helm, by simply typing “swagger.io” alongside the website name in google to search if there is an open swagger page associated with a particular site.
Another quick hit that should be incorporated into every pentesting catalog is a check for open ports. Why make it harder than it is to get in to a network, when you could simply check for ports left open. A good example of these would be port 22, if left open it could allow you direct access into the server itself. Get a good comprehensive list of known open ports and a quick way to scan for them. a very useful automated tool that can be used to accomplish port identification is NMAP. It is a linux command line tool that enumerates available open ports and prints back the results to you in a easy to read format. There is also GUI interface version as well called Zenmap.
Misconfigurations or outdated OS patches
Lastly, being able to identify the underlying operating system will give you a starting point for investigating known exploitable vulnerabilities for that OS patch level. In the long term, you will start to get the feel for different OS patches to where it will come second nature to test for an apache struts vulnerability or a memory corruption vulnerability on windows XP server.
Overall, these are 3 quick points that should also be covered in any pentesting engagement; whether you are performing the test or paying someone to do one on your infrastructure/application. Any experience pentester will be able to list some of these examples of the top of the head.