Overview of Penetration Testing Tools: Comparison of Functionality and Ease of Use
https://doi.org/10.26794/3030-7097-2026-2-1-35-44
Abstract
This study provides a detailed analysis of penetration testing tools such as Metasploit, Core Impact, Immunity Canvas, and Security Forest. It compares their functionality, usability, and role in identifying vulnerabilities in information systems. The main focus is on the features of each tool, their strengths and weaknesses, and their areas of application. Penetration testing is an important element of a comprehensive approach to cybersecurity, allowing vulnerabilities to be identified at all stages of the information system lifecycle. The paper examines the stages of penetration testing, including information gathering, vulnerability identification, attack planning, and results analysis. Particular attention is paid to automated tools, which greatly simplify the testing process but require competent use. The article also discusses the ethical and legal aspects of penetration testing, emphasizing the need to comply with legislation and professional ethics. The article will be useful for information security specialists, as well as anyone interested in modern data protection methods. The paper emphasizes that the choice of tool depends on specific tasks and context, and that successful pentesting requires not only technical skills, but also a deep understanding of information protection processes.
About the Authors
A. I. LyubimovRussian Federation
Artem I. Lyubimov — student of the Faculty of Information Technology and Big Data Analysis
Moscow
S. A. Reznichenko
Russian Federation
Sergey A. Reznichenko — Cand. Sci. (Tech), Assoc. Prof., Department of Information Security, Faculty of Information Technology and Big Data Analysis
Moscow
References
1. Chub V. S. Information system security audit using penetration tests. A young researcher of the Don. 2018;6(15):88-90. URL: https://www.elibrary.ru/ywbgdj (In Russ.).
2. Dvoryankin O.A. Osint, Pentest and netstalking — information technologies of the Internet. National Association of Scientists. 2022;84(2):6-13. URL: https://www.elibrary.ru/lqlpwz (In Russ.).
3. Kazykhanov A.A., Bayrushin F.T. Pentest as a basis for ensuring security in medium and large enterprises. A symbol of Science. 2016;10-2(22):50-51. URL: https://www.elibrary.ru/wxdfbp (In Russ.).
4. Averyanov V.S., Kartsan I.N. On the issue of identifying vulnerabilities in IPS/IDS systems. Actual Problems of Aviation and Cosmonautics. 2020;2:191-197. URL: https://www.elibrary.ru/rhmmin (In Russ.).
5. Alieva E.M.K., Shirinova S.Z.K. The relevance of attacks using SQL injections. In The World Of Science and Education. 2025;3:163-167. (In Russ.). DOI: 10.24412/3007-8946-2025-152-163-167
6. Shkradyuk A.D. Information system security assessment using penetration testing. Smart Digital Economy. 2022:4(2):18-30. URL: https://www.elibrary.ru/tshjtt (In Russ.).
7. Simbirtsev D.V., Zhukov V.G. Development of an automated system for analyzing the security of web resources. Actual Problems of Aviation and Cosmonautics. 2011;7:430. URL: https://www.elibrary.ru/taozxn (In Russ.).
8. Konev A.A., Payusova T.I. Large language models in information security and penetration testing: a systematic review of application possibilities. Scientific and Technical Journal of Information Technologies, Mechanics and Optics. 2025;1:41-52. (In Russ.). DOI: 10.17586/2226-1494-2025-25-1-42-52
9. Mordvinova A.Yu., Nuriev S.A. Investigation of vulnerabilities and security threats of the IEEE 802.11 standard. Modern Innovations, Systems and Technologies. 2023;3:117-131. (In Russ.). DOI: 10.47813/2782-2818-2023-3-3-0117-0131
10. Gylydzhova A., Pirliev K., Khodjamberdiev S., Khudaiberenov R. ALT LINUX security analysis using LYNIS as a reference model for security verification. A Symbol of Science. 2024;4-2-2:71-74. URL: https://www.elibrary.ru/bywpju (In Russ.).
11. Serov S.A., Serov S.S., Petrova I.V. Metasploit Framework as a means of exploiting vulnerable servers. Forum of Young Scientists. 2021;5:1307-1313. URL: https://www.elibrary.ru/honvex (In Russ.).
12. Dedov D.O. SSH port protection using imitation of Honeypot vulnerabilities. A Young Researcher of the Don. 2023;8-6(45):16-21. URL: https://www.elibrary.ru/hhlcno (In Russ.).
13. Chemerkin Yu.S. Security of public cloud computing environments in conditions of functional uncertainty. TComm: Telecommunications and Transport. 2014;6:56-60. URL: https://media-publisher.ru/en/content6-2014/ (In Russ.).
14. Hakhanova I.V. Method of Pentest Synthesis and Vulnerability Detection. Radio Electronics and Computer Science. 2012;4:68-73.
15. Samarov Kh.Q., Salimov Z.I.O., Kasimov I.S. The relevance of creating a platform for performing laboratory training in cybersecurity-related disciplines. In the World of Science and Education. 2025;15. URL: https://ircels.com/docs/СБОРНИК%20МНЖ%2015%20ФЕВРАЛЯ%202025%20ТЕХНИЧЕСКИЕ%20НАУКИ.pdf (in Kz.).
Review
For citations:
Lyubimov A.I., Reznichenko S.A. Overview of Penetration Testing Tools: Comparison of Functionality and Ease of Use. Digital Solutions and Artificial Intelligence Technologies. 2026;2(1):35-44. (In Russ.) https://doi.org/10.26794/3030-7097-2026-2-1-35-44
JATS XML
