Network vulnerability testing methods, systems, devices, appliances and software products generate stateful and stateless network representative of network threats. The traffic is applied to a network or device under test, thereby to test the vulnerability of the network or device to threats. A graphical user interface, which does not require a programming or scripting language can be used to generate an intermediate descriptive format that can in turn be used to generate stateful or stateless threat signatures. By using the intermediate descriptive form, threats can be generated under the control of the graphical user interface and in accordance with stored threat signatures, without the need for a programming or scripting language.