A method can include obtaining access card data from an access card. The access card can include accessibility data. The access card can be configured to electronically permit access to one or more systems by transmitting the accessibility data. The access card data can include at least a portion of the accessibility data. The method can further include storing the access card data. The method can further include transmitting the access card data to a penetration test system that is configured to test the one or more systems for at least one system vulnerability based, at least in part, on the access card data.