Comparison of Port Scanning, Vulnerability Scanning, and Penetration Testing Combinations for Network Vulnerability Detection in GNS3 Testbed

Rusdianto Rusdianto; Raka  Yusuf

doi:10.52436/1.jutif.2025.6.5.4917

Authors

Rusdianto Computer Science, Mercu Buana University, Indonesia
Raka Yusuf Computer Science, Mercu Buana University, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.5.4917

Keywords:

GNS3, Network Security, Penetration Testing, Port Scanning, Vulnerability Scanning

Abstract

Network security faces significant challenges due to the increasing number and complexity of system vulnerabilities. This study aims to develop and evaluate a full combination method (ABC) integrating port scanning (Nmap), vulnerability scanning (OpenVAS), and penetration testing (Metasploit), and compare it with partial combinations (AB, BC, AC) for more effective vulnerability detection. Using a quantitative experimental approach within a controlled GNS3 TestBed, three key indicators were analyzed: number of vulnerabilities detected, detection time, and exploit validity. Experimental results show that the ABC method detected 62 potential vulnerabilities, including 11 high and medium severity CVEs, matching the AB method but significantly outperforming AC, which detected none. In terms of detection time, the ABC method achieved a balanced performance at 91 minutes, which is 31.5% faster than AB (133 minutes), while maintaining full exploit validation. Notably, the ABC method successfully validated 100% of critical vulnerabilities using Metasploit, confirming the practical applicability and reliability of the integrated approach compared to dual combinations. Overall, the findings demonstrate that the full combination method (ABC) offers superior accuracy and comprehensiveness in detecting and validating network vulnerabilities. This research contributes to cybersecurity practices by proposing an integrated detection workflow that effectively balances speed and depth of analysis, setting a practical benchmark for vulnerability detection systems applicable to both simulated and real-world network environments.

Downloads

Download data is not yet available.

References

S. Raza and F. Jaison, “A Comparative Study between Vulnerability Assessment and Penetration Testing,” International Journal of Trend in Scientific Research and Development (IJTSRD), vol. 5, no. 3, pp. 1208–1211, Apr. 2021, doi: 10.46293/4N6/2021.03.02.08.

H. S. Guruprasad, “Evaluation and Analysis of Vulnerability Scanners: Nessus and OpenVAS,” International Research Journal of Engineering and Technology, vol. 7, no. 5, pp. 2068–2073, Apr. 2020.

“Vulnerability and Threat Trends Report 2024,” 2024. Accessed: Jun. 15, 2025. [Online]. Available: https://www.skyboxsecurity.com/resources/report/vulnerability-threat-trends-report-2024/

Fortra, “2024 Penetration Testing Report,” 2024. Accessed: Jun. 18, 2025. [Online]. Available: https://static.fortra.com/core-security/pdfs/guides/fta-cs-2024-pen-testing-report-gd.pdf

D. K. Adamsyach Prana Walidin, Fahra Pebiana Putri, “KALI LINUX SEBAGAI ALAT ANALISIS KEAMANAN JARINGAN MELALUI PENGGUNAAN NMAP, WIRESHARK, DAN METASPLOIT,” JATI (Jurnal Mahasiswa Teknik Informatika), vol. 9, no. 1, pp. 1188–1196, 2025, doi: https://doi.org/10.36040/jati.v9i1.12661.

Hanafi, Dasar Cyber Security dan Forensic, 1st ed. Yogyakarta: Deepublish Publisher, 2022. Accessed: Jun. 04, 2025. [Online]. Available: https://eprints.amikom.ac.id/id/eprint/10688/

D. Septian Firdaus and A. Hendri Hendrawan, “Analisis Keamanan Vulnerability pada Server Cloud Open Media Vault di Fakultas Teknik Universitas Ibn Khaldun Bogor,” Prosiding Semnastek, vol. 16, Oct. 2019, Accessed: Jun. 12, 2025. [Online]. Available: jurnal.umj.ac.id/index.php/semnastek

D. Bayu Rendro and W. Nugroho Aji, “ANALISIS MONITORING SISTEM KEAMANAN JARINGAN KOMPUTER MENGGUNAKAN SOFTWARE NMAP (STUDI KASUS DI SMK NEGERI 1 KOTA SERANG),” PROSISKO: Jurnal Pengembangan Riset Dan Observasi Sistem Komputer, vol. 7, no. 2, pp. 108–115, Sep. 2020, doi: https://doi.org/10.30656/prosisko.v7i2.2522.

J. M. Pittman, “A Comparative Analysis of Port Scanning Tool Efficacy,” arXiv preprint, Mar. 2023, doi: https://doi.org/10.48550/arXiv.2303.11282.

A. Riad, Imam, Kurniawan, Forensik Jaringan dan Cloud, 2nd ed. Yogyakarta: Diandra Kreatif, 2020. Accessed: Jun. 20, 2025. [Online]. Available: www.diandracreative.com

F. Holik, J. Horalek, O. Marik, S. Neradova, and S. Zitta, “Effective penetration testing with Metasploit framework and methodologies,” in 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), 2014, pp. 237–242. doi: 10.1109/CINTI.2014.7028682.

R. Azani Akbar and H. Bayu Seta, “Pengujian Celah Keamanan Untuk Mengetahui Kerentanan Keamanan Jaringan Wireless Dengan Metode Penetration Testing Execution Standard (PTES) Pada PT. QWE,” in Seminar Nasional Mahasiswa Ilmu Komputer dan Aplikasinya (SENAMIKA), Seminar Nasional Mahasiswa Ilmu Komputer dan Aplikasinya (SENAMIKA), Aug. 2022, pp. 991–1000.

M. Anis, A. Hilmi, and E. Khujaemah, “Network Security Monitoring With Intrusion Detection System,” Jurnal Teknik Informatika (JUTIF), vol. 3, no. 2, pp. 249–253, 2022, doi: https://doi.org/10.20884/1.jutif.2022.3.2.117.

F. H. Roslan, “A Comparative Performance of Port Scanning Techniques,” Journal of Soft Computing and Data Mining, vol. 4, no. 2, pp. 43–51, Oct. 2023, doi: 10.30880/jscdm.2023.04.02.004.

D. Sudirman and A. N. Yaqin, “Network Penetration dan Security Audit Menggunakan Nmap,” SATIN - Sains dan Teknologi Informasi, vol. 7, no. 1, pp. 32–44, Jun. 2021, doi: 10.33372/stn.v7i1.702.

M. Alhamed and M. M. H. Rahman, “A Systematic Literature Review on Penetration Testing in Networks: Future Research Directions,” Applied Sciences (Switzerland), vol. 13, no. 12, Jun. 2023, doi: 10.3390/app13126986.

S. Sunny and A. G. Christy, “COMPARISON OF TCP SCANNING TECHNIQUES USING NMAP,” J Pharm Negat Results, vol. 13, no. 10, pp. 919–925, 2022, doi: 10.47750/pnr.2022.13.S10.104.

W. A. binti W. M. T. Rukhiyah binti Adnan, “Implementing Penetration Testing in Simulation Environment,” vol. 4, no. 2, pp. 1–8, 2023, doi: https://doi.org/10.61688/jev.v4i2.137.

A. Agustinus and I. Sembiring, “WEBSITE VULNERABILITY TESTING USING THE PENETRATION TESTING METHOD REFERRING TO NIST SP 800 –155 (CASE STUDY (Astonprinter.com Domain)),” Jurnal Teknik Informatika (JUTIF), vol. 5, no. 6, pp. 1651–1662, 2024, doi: https://doi.org/10.52436/1.jutif.2024.5.6.3859.

K. Božić, N. Penevski, and S. Adamović, “Penetration Testing and Vulnerability Assessment: Introduction, Phases, Tools and Methods,” in International Scientific Conference on Information Technology and Data Related Research-SINTEZA 2019, Belgrade, Serbia: SINTEZA 2019, 2019, pp. 229–234. doi: 10.15308/sinteza-2019-229-234.

A. Kejiou and G. Bekaroo, “A Review and Comparative Analysis of Vulnerability Scanning Tools for Wireless LANs,” International Conference on Next Generation Computing Applications (NextComp), p. 1, Oct. 2022, doi: 10.1109/NextComp55567.2022.9932245.

R. Abu Bakar and B. Kijsirikul, “Enhancing Network Visibility and Security with Advanced Port Scanning Techniques,” Sensors, vol. 23, no. 17, pp. 1–27, Aug. 2023, doi: https://doi.org/10.3390/s23177541.

K. N. Isnaini, ; Muhammad, H. Asyari, ; Sigit, F. Amrillah, and ; Didit Suhartono, “Vulnerability Assessment and Penetration Testing on Student Service Center System,” ILKOM Jurnal Ilmiah, vol. 16, no. 2, pp. 161–171, Aug. 2024, doi: https://doi.org/10.33096/ilkom.v16i2.1969.161-171.

M. Ayyas, A. Fauzi, and S. Widodo, “Studi Komparatif Teknik Analisis Keamanan Sistem Informasi e-Government: Penetration Testing VS Vulnerability Assessment,” SATIN - Sains dan Teknologi Informasi, vol. 10, no. 1, pp. 25–34, Jun. 2024, doi: 10.33372/stn.v9i2.1000.

I. G. P. K. Juliharta, I. K. Suwidiana, and I. P. C. Taruna, “VULNERABILITY ASSESSMENT SISTEM MANAJEMEN KEAMANAN INFORMASI STUDI KASUS SISTEM SIDARLING DAN JAGABAYA KOTA DENPASAR,” Jurnal Teknologi Informasi dan Komputer, vol. 8, no. 4, pp. 354–358, 2022, doi: https://doi.org/10.36002/jutik.v8i4.2089.

R. R and Y. Muin, “MikroTik Router Vulnerability Testing for Network Vulnerability Evaluation using Penetration Testing Method,” Int J Comput Appl, vol. 183, no. 47, pp. 33–37, Jan. 2022, doi: 10.5120/ijca2022921878.

S. Abdulaziz Alkhathlan, L. Hasan Alzahrani, S. Hamad Alfulayj, and S. Kamel Hussein, “A Comparative Study on Network Exploration and Performance Evaluation Techniques for Vulnerability Assessment Tools in Security Systems,” IOSR Journal of Computer Engineering (IOSR-JCE), vol. 26, no. 3, pp. 5–20, May 2024, doi: 10.9790/0661-2603020520.

M. Ahsan and D. A. Rochmah, “Analisa Kerentanan Sistem Dengan Menerapkan Open Vulnerability Assessment System Menggunakan Greenbone Vulnerability Management (GVM),” INFORMATIKA DAN TEKNOLOGI (INTECH), vol. 3, no. 2, pp. 23–29, Nov. 2022, doi: 10.54895/intech.v3i2.1509.

P. Lachkov, L. Tawalbeh, and S. Bhatt, “Vulnerability Assessment for Applications Security Through Penetration Simulation and Testing,” Journal of Web Engineering, vol. 21, no. 7, pp. 2187–2208, Dec. 2022, doi: 10.13052/jwe1540-9589.2178