This thread is pure gold!
For what it’s worth, here are my thoughts on the subject.
I put -v for nmap so that it prints out it’s findings during the scan before it is finished, but otherwise the same as others here. If necessary, split the port range to run several nmap scans.
Something like this script for gobustering the host. Not the most pretty or the most efficient possible, but I find this wordlist scanning quite boring. Luckily not all the machines require that.
After the initial scan there is usually something to work with. HTTP proxy is usually quite handy and it seems that on HTB you must be very careful to notice all sorts of delicate tips at this point. More than once I have missed something essential on my initial enumeration and spent hours looking elsewhere without finding anything useful.
As there are intentional rabbit holes that lead to nowhere, I often have more than one lead on a machine that could potentially lead to somewhere. I keep notes.txt file for each machine about what I find and what I have tried out to keep track of progress. I wouldn’t remember otherwise, but I should put more effort into this. Writing clear notes helps my brains to think more logically since they have to rearrange the stuff.