After you have gained access to a network either by doing the MITM attack, or perhaps using Brute Force or social engineering, there are a number of different things you can do to go from there. Like looking at the network traffic with Wireshark or you can force users to send data unencrypted. But if you want to engage in any direct attacks on certain devices, like using Armitage to scan for vulnerability, you need to get an overview of the network and what is on it.
One of the tools I use when I scan a network, is Nmap. It is a great tool for not only pentesting, but also a tool for any network administrator to keep an eye on the network. But in this scenario, I am using it to find victims on the network and gathering information about them. In an attack, the more information you have – the better the chances to succeed.
In this journal entry I will not go into details about how I perform the scans, because on the tests I have made – I do not want to disclose the results. Also, every attack will be different depending on the network and what you aim to do. But one of the best approaches I can recommend, is using SANS Pen Test Cheat Sheet for Nmap.