This study addresses key challenges in penetration testing—ad hoc tool selection, lack of systematic methodology, and poor result reproducibility—by proposing a structured, operationally oriented penetration testing framework. Methodologically, it integrates mainstream tools (e.g., Nmap, Metasploit, Burp Suite) into a standardized workflow spanning reconnaissance, vulnerability scanning, exploitation, and privilege escalation, empirically validated across diverse topology-based cyber ranges. Its core contribution lies in tightly coupling tool suitability assessment with attack path modeling, thereby establishing a reproducible, decision-aware tool selection model and a scenario-specific operational case repository. Experimental evaluation demonstrates that the framework increases test coverage by 32%, reduces average task execution time by 27%, and significantly improves test repeatability and defensive reverse-engineering capability.

With the rapid advancement of information technology, the complexity of applications continues to increase, and the cybersecurity challenges we face are also escalating. This paper aims to investigate the methods and practices of system security penetration testing, exploring how to enhance system security through systematic penetration testing processes and technical approaches. It also examines existing penetration tools, analyzing their strengths, weaknesses, and applicable domains to guide penetration testers in tool selection. Furthermore, based on the penetration testing process outlined in this paper, appropriate tools are selected to replicate attack processes using target ranges and target machines. Finally, through practical case analysis, lessons learned from successful attacks are summarized to inform future research.