Probabilistic Pentesting

Pentesting tools like Metasploit, Burp, ExploitPack, BeEF, etc. are used by security practitioners to identify possible vulnerability points and to assess compliance with security policies. Pentesting tools come with a library of known exploits that have to be configured or customized for your particular environment. This configuration typically takes the form of a DSL or a set of fairly complex UIs to configure individual attacks. There are two major shortcomings with this approach (1) scanning doesn't yield perfect knowledge (2) scanning generates significant network traffic and can run for a very long time on a large network (Sarraute). It is perhaps due to these shortcomings (and maybe 0day exploits) that "most testing tools, provide no guarantee of soundness.