Find Multiple IPs of the company from Shodan or any resource and try nmap scans for potential vulnerabilities.

CLI Tools