Several studies regarding security testing for corporate environments, networks, and systems were developed in the past years. Therefore, to understand how methodologies and tools for security testing have evolved is an important task. One of the reasons for this evolution is due to penetration test, also known as Pentest. The main objective of this work is to provide an overview on Pentest, showing its application scenarios, models, methodologies, and tools from published papers. Thereby, this work may help researchers and people that work with security to understand the aspects and existing solutions related to Pentest. A systematic mapping study was conducted, with an initial gathering of 1145 papers, represented by 1090 distinct papers that have been evaluated. At the end, 54 primary studies were selected to be analyzed in a quantitative and qualitative way. As a result, we classified the tools and models that are used on Pentest. We also show the main scenarios in which these tools and methodologies are applied to. Finally, we present some open issues and research opportunities on Pentest.

中文翻译：

---

渗透测试概述和未解决的问题

在过去几年中，针对企业环境、网络和系统的安全测试开展了多项研究。因此，了解安全测试的方法和工具如何演变是一项重要的任务。这种演变的原因之一是渗透测试，也称为 Pentest。这项工作的主要目的是提供 Pentest 的概述，展示其应用场景、模型、方法和来自已发表论文的工具。因此，这项工作可以帮助研究人员和从事安全工作的人了解与 Pentest 相关的方面和现有解决方案。进行了系统的映射研究，最初收集了 1145 篇论文，其中有 1090 篇经过评估的不同论文。在最后，选择了 54 项主要研究进行定量和定性分析。因此，我们对 Pentest 上使用的工具和模型进行了分类。我们还展示了应用这些工具和方法的主要场景。最后，我们提出了一些关于 Pentest 的开放问题和研究机会。