Affiliation:
1. Department of Computing and Games, Teesside University, Middlesbrough TS1 3BX, UK
Abstract
The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.
Reference171 articles.
1. Duque Anton, S.D., Fraunholz, D., and Schneider, D. (2020). Investigating the Ecosystem of Offensive Information Security Tools. arXiv.
2. Backwards from zero: How the U.S. public evaluates the use of zero-day vulnerabilities in cybersecurity;Leal;Contemp. Secur. Policy,2023
3. Valenza, A., Costa, G., and Armando, A. (2020, January 14–16). Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners. Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Online.
4. Denis, M., Zena, C., and Hayajneh, T. (2016, January 29). Penetration testing: Concepts, attack methods, and defense strategies. Proceedings of the 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT), Farmingdale, NY, USA.
5. Ethical hacking for IoT: Security issues, challenges, solutions and recommendations;Yaacoub;Internet Things -Cyber-Phys. Syst.,2023