With in-scope targets identified and validated, the auditor can proceed to exploitation. This will vary greatly depending on the goal of the attack. If it is to capture network traffic for analysis, the tcpdump module may be most appropriate. If it is to harvest credentials from a captive portal using social engineering techniques, the Evil Portal module may be your best bet. In any case, exploitation comes down to setting up the attack, testing the attack, then finally executing it on the given targets.