If you are testing a Windows environment, the easiest way to collect information about that environment is by using the Server Message Block (SMB) enumeration tool such as nbtscan.

The nbtscan tool can be used to scan the IP addresses for the NetBIOS name information. It will produce a report that contains the IP address, NetBIOS computer name, services available, logged in username, and MAC addresses of the corresponding machines.

This information will be useful in the penetration testing steps. The difference between nbtstat and nbtscan of Windows is that nbtscan can operate on a range of IP addresses. You should be aware that using this tool will generate a lot of traffic, and it may be logged by the target machines.