What is it about?
Ethical hacking is used to find weaknesses in computer systems before criminals can exploit them. Many tools used by penetration testers are created in industry or practitioner communities, but academic researchers also develop useful security tools. However, these research-informed tools are not always easy for practitioners to find, understand, or reuse. This publication reviews 100 ethical hacking tools developed through academic research. It examines what the tools do, whether their source code is available, how they are licensed, how actively they are maintained, and whether they have been peer reviewed. The paper also classifies the tools using recognised cybersecurity frameworks, including PTES, MITRE ATT&CK, CyBOK, and ACM CCS. This helps researchers, students, and practitioners see where each tool fits within the wider cybersecurity landscape and how academic work can support practical security testing.
Featured Image
Why is it important?
This work is unique because it focuses specifically on research-informed ethical hacking tools, rather than only reviewing widely used industry tools. It provides a structured overview of tools developed through academic research and connects them to recognised cybersecurity frameworks. The work is timely because cyber threats are becoming more complex, and ethical hackers need tools that can keep pace with new vulnerabilities, attack methods, and technologies. At the same time, there is often a gap between academic innovation and industry adoption. Useful research tools may remain underused if practitioners are unaware of them or if the tools are difficult to access, maintain, or apply. The difference this work could make is that it helps bridge the gap between research and practice. By making academic tool development more visible and better classified, the paper can support collaboration between universities, cybersecurity professionals, students, and tool developers. It also encourages researchers to make tools more open, better documented, and easier for the wider community to use.
Perspectives
For me, this publication is important because it highlights a practical challenge in cybersecurity research: good ideas do not always reach the people who could use them. Academic researchers often develop valuable tools, but without visibility, documentation, licensing clarity, and continued maintenance, those tools may have limited impact beyond the paper itself. What I find especially meaningful about this work is its focus on connection. Ethical hacking is a hands-on field, but it also benefits from rigorous research, peer review, and theoretical grounding. This paper reflects my wider interest in making cybersecurity research more useful, accessible, and relevant to real-world security practice.
Dr Chidimma Opara
Teesside University
Read the Original
This page is a summary of: Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools, Journal of Cybersecurity and Privacy, July 2024, MDPI AG,
DOI: 10.3390/jcp4030021.
You can read the full text:
Contributors
The following have contributed to this page
