The vulnerability of buffer overflow is a serious threat for computer security. Therefore, it is necessary to test whether the target program has this kind of vulnerability and find the entry point for breaking as the penetration testing process being carried out. Finally, the tester also needs to understand the attacking effects when exploiting the vulnerability. However, if the penetration testing script can be automatically generated by a program tool, it can reduce the cost of development of the exploits by the tester. This article introduces an implementation of the system that can automatically generate the penetration testing script by using Windows SHE (Structured Exception Handling) mechanism. The system can be executed through GUI interface and the tester even needs not to investigate details of attacking skills. Thus, the proposed system not only can reduce the development time of generating testing script but also can help the tester understand whether the generated scripts can successfully reach the purposes.