It takes effort. You have to search based off of the results of your enumeration and experience. As an example if you come across a windows XP box. You might have a few ideas based on your knowledge of XP vulnerabilities. But if you see some version of vsftpd running, you’ll probably need to look and see if there are any vulns, not to mention exploits.