It depends on the scope of Pentesting, For example if you wanna do web Pentesting there are some full-featured web scanners( http://sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html), if you wanna do network pentest, again you can use Nessus, Nexpose and so on.

It all depends that what types of pen testing you wanna conduct.

Penetration testing involves manual verification of false positive which are observed in vulnerability assessments. There are few tools which does this PT Automation like Metasploit, Core Impact and Saint Exploit. But all are operated on heuristic scans (If port 135 open it tries are exploit which are on 135) which generated lots of traffic and very limited success rate. For better results before starting PT automated tool should having complete idea on Infrastructure\ Inventory including patch levels to reduce high rate of FP. And one more was keep tracking of all security issues such as zero days through CVE, Mitra DB and should push for patches.

What kind of attacks must simulate? I think one of the tests could be automated penetration ports and false hits.

I think rather than penetrating, we can have robust agent based security monitoring.

You should consider Langsec workshop (http://spw14.langsec.org/) as well. I believe similar discussions are going on there.

IBM AppScan or HP Fortify are all pentest (white-box or black-box) tools and have nothing to do with formal verification.

Penetration testing tools are used to automate several tasks in order to improve testing performance and identify those security issues, which are harder to discover with manual testing analysis approaches. There are two general types of penetration testing tools: static and dynamic analysis. These both kind of tools are used with veracode to determine security susceptibilities. In addition, veracode’s binary scanning methodology is more accurate and result oriented that controls the false positive. The veracode can help small to large types of organization for handling the security risk. The penetration testing should be set in such a way to control the weak and vulnerable points of environment within the organization. The goal of incorporating penetration testing is the only way to secure the cyber-attacks and hacking.

So, the appropriate option is to make suitable change with Firewall and incorporate the penetration test features that can automate the testing process for security enhancement. The second option for automation of penetration testing is to employ with intrusion detection system (IDS) for handling the false positive. But I think Veracode-Platform does this function automatically.

Each pentest task has it's own variables - so there's no "one size fits all" that will accomplish the required testing, each case has to be tailored to fit. There also has to be a degree of intelligence built into applications to determine between false positives and potentially realistic vulnerabilities, so links to the likes of CVE and NIST to verify possibles would be helpful. Personally, i've used backtrack 5 extensively, and latterly Kali Linux - I'm not a Professional pentester - just an educated hobbyist - so various tasks can be combined in a simple shell script, or other scripting languages to enable semi-automation.

Conduct a study. Based on the results, design and develop your own penetration testing tool or automated penetration test system.

If you want to automate Penetration Testing. You should consider looking Nmap Scripting Engine. Nmap will scan each time it scan a host, script will run. In your nmap script, you can do additional tasks with programming script. Nmap will scan hosts. NSE will do tasks such as exploiting, reporting, parsing info to database etc.

There is a lot of tools to automate pen tests , but the first step is define the kind of pen test , blind or not , what you looking for , and how this tests impact your network.

You can use Cali Linux Distribution with associate your personal script

you can use kali linux, strongly agree with Lorenzo, also your can go to link.

http://www.cisco.com/c/en/us/products/collateral/routers/1900-series-integrated-services-routers-isr/data_sheet_c78-556151.html

Your algorithms and models may not be evaluated for your own parameters but as predefined. Researchers need today a unified testing solution which should be more than "reporting" of a particular attack. The important is "time to penetrate", 'time to report", "recovery from attack", etc. The same is given in the following link.

See for a work on developing a "choice matrix" to evaluate any or every kind of security testing in a discrete format.

http://citeseerx.ist.psu.edu/viewdoc/summary;jsessionid=7C8D5267FED3D3268B8046110A4CF6E8?doi=10.1.1.154.9937

Most pen test tools worth anything offer two features. 

1. Reporting via XML

2. Console mode to support scriping

With thes two features you can do pen testing and get data you can merge for generating meaningful and consistent reports. I always transform the XML into a common schema and place into a database where customreports can be generated on demand by the user via query

Automated penetration testing for compliance purposes is the bane of the industry.

Tools like Nessus will never find you an 0-day.

If you are going to invest in a pentest tool IBM or HP, it could get very expensive. If this research has a restricted budget, I would build an API for automating. I Use OWASP Zap since we build web portals. I have an API built that automates my attacks as I need it and generatates report. and on occasions test with IONCANNON for simulated denial service attack for testing my load balancers. kali is great for manual testing,Samuri in conjunction with OWASP ZAP. Hope that helps

use tools like Acunetix, Aircrack-ng, Ettercap to test penetration

Alexander Frolov, Alexander Vinnikov. FSM Simulation of Cryptographic Protocols Using Algebraic Pr0cessor. In Proceedings of the Ninth International Conference on Dependability and Complex systems DepCoS-RELCOMEX, June 30-Juy 4,2014. P.189-198.

Abstract

We study FSM model of cryptographic protocols that reflects both the system functionality and strategy of attacks and explored the fact that all data are divided into two classes: public transactions available to all parties and private data available to only party that inputted or originated them. In terms of this model the protocols FSM composition property and operation of composition of protocols FSM models are determined. This approach is supported by created software called algebraic processor that allows computer experiments to identify and demonstrate the leaks. We describe the structure and functionality of algebraic processor and some examples of attacked cryptographic protocols simulations.