TY - JOUR
T1 - Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools
AU - Modesti, Paolo
AU - Golightly, Lewis
AU - Holmes, Louis
AU - Opara, Chidimma
AU - Moscini, Marco
PY - 2024/7/16
Y1 - 2024/7/16
N2 - The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.
AB - The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.
U2 - 10.3390/jcp4030021
DO - 10.3390/jcp4030021
M3 - Article
SN - 2624-800X
VL - 4
SP - 410
EP - 448
JO - Journal of Cybersecurity and Privacy
JF - Journal of Cybersecurity and Privacy
IS - 3
ER -