So what does a pentester actually do? In short: Research. A pentest mainly consists of doing enough research to find outdated software, misconfigurations and other risks.
Research consists of all kinds of steps that are usually very simple: checking which ports are open with nmap and shodan, seeing which subdomains belong to a certain domain with fierce and online tools, viewing web applications in a browser, and the list goes on.
Fierce is a reconnaissance tool.https://tools.kali.org/information-gathering/fierce
The difficulty of a pentest is determined by a number of aspects: being able to recognize possible vulnerabilities based on your research results, verifying these vulnerabilities with a proof of concept (which can amount to an attack) and making good use of the limited investigation time.
In addition, it is important to understand the implications of all kinds of vulnerabilities or configurations and how you can sometimes combine them to achieve something as an attacker.
Finally, after thorough research, you must clearly report all this to the customer.