With the increasing number of internet-based resources and applications, the amount of attacks faced by companies has increased significantly in the past years. Likewise, the techniques to test security and emulate attacks need to be constantly improved and, as a consequence, help to mitigate attacks. Among these techniques, penetration test (Pentest) provides methods to assess the security posture of assets, using different tools and methodologies applied in specific scenarios. Therefore, this study aims to present current methodologies, tools, and potential challenges applied to Pentest from an updated systematic literature review. As a result, this work provides a new perspective on the scenarios where penetration tests are performed. Also, it presents new challenges such as automation of techniques, management of costs associated with offensive security, and the difficulty in hiring qualified professionals to perform Pentest.

翻译：随着基于互联网的资源与应用日益增多，企业所面临的攻击在过去数年间显著增加。同样地，用于安全测试与模拟攻击的技术需要持续改进，从而帮助缓解攻击。在这些技术中，渗透测试（Pentest）提供了评估资产安全态势的方法，其针对特定场景应用了多种工具和方法论。因此，本研究旨在通过一项最新的系统性文献综述，呈现当前应用于渗透测试的方法论、工具及潜在挑战。作为结果，本文为渗透测试执行的场景提供了新的视角。同时，它还提出了新的挑战，例如技术自动化、与攻击性安全相关的成本管理，以及难以聘请合格的专业人员来执行渗透测试。