Those parts are typically automated. Also even if you're a .net shop, you might have your stuff placed in front a linux/bsd based router which responds to certain requests (it does happen).
A pen tester can't know what infrastructure changes you've made, and should work from scratch each time, IMO. It might not have even been your company which made the change, hoster might have made change to the environment etc etc.
If it doesn't cost you any more to have them to try and scan /usr, ../../../../../../etc/passwd and so on, why not?
When I did pentests, we encountered a customer who, via a misconfigured puppet manifest, installed WordPress on a public facing server with a known-vulnerable plugin, which we found by always scanning /wp-admin/ even though the customer was a strictly RoR shop.
A pen tester can't know what infrastructure changes you've made, and should work from scratch each time, IMO. It might not have even been your company which made the change, hoster might have made change to the environment etc etc.
If it doesn't cost you any more to have them to try and scan /usr, ../../../../../../etc/passwd and so on, why not?
When I did pentests, we encountered a customer who, via a misconfigured puppet manifest, installed WordPress on a public facing server with a known-vulnerable plugin, which we found by always scanning /wp-admin/ even though the customer was a strictly RoR shop.