Current automated penetration testing (AutoPT) research is hindered by the absence of a unified simulation and modeling framework, manifesting in insufficient multi-scale/multi-level modeling capabilities, weak support for dynamic environments, and scarcity of high-quality public datasets. To address these challenges, we propose AutoPT-Sim—the first unified, dynamic simulation modeling framework specifically designed for AutoPT. It introduces a novel Multi-Dimensional, Cross-Level Dynamic Simulation Paradigm (MDCPM), integrating strategy automation to enable co-modeling of adversarial and defensive agents and cross-scale network evolution simulation. The framework incorporates a configurable network topology generator, a multi-layered scenario feedback mechanism, and standardized simulation datasets. We publicly release the first AutoPT-specific benchmark dataset and the Network Generator source code, significantly enhancing simulation fidelity and reproducibility. AutoPT-Sim establishes a foundational infrastructure for strategy-driven penetration testing research.

The integration of artificial intelligence into automated penetration testing (AutoPT) has highlighted the necessity of simulation modeling for the training of intelligent agents, due to its cost-efficiency and swift feedback capabilities. Despite the proliferation of AutoPT research, there is a recognized gap in the availability of a unified framework for simulation modeling methods. This paper presents a systematic review and synthesis of existing techniques, introducing MDCPM to categorize studies based on literature objectives, network simulation complexity, dependency of technical and tactical operations, and scenario feedback and variation. To bridge the gap in unified method for multi-dimensional and multi-level simulation modeling, dynamic environment modeling, and the scarcity of public datasets, we introduce AutoPT-Sim, a novel modeling framework that based on policy automation and encompasses the combination of all sub dimensions. AutoPT-Sim offers a comprehensive approach to modeling network environments, attackers, and defenders, transcending the constraints of static modeling and accommodating networks of diverse scales. We publicly release a generated standard network environment dataset and the code of Network Generator. By integrating publicly available datasets flexibly, support is offered for various simulation modeling levels focused on policy automation in MDCPM and the network generator help researchers output customized target network data by adjusting parameters or fine-tuning the network generator.