Metasploit
The Penetration Tester's Guide
Publisher: No Starch Press
Final Release Date: July 2011
Pages: 328
"The best guide to the Metasploit Framework."—HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
No Starch PressMetasploit
 
4.5

(based on 4 reviews)

Ratings Distribution

  • 5 Stars

     

    (2)

  • 4 Stars

     

    (2)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

100%

of respondents would recommend this to a friend.

Pros

  • Easy to understand (4)
  • Accurate (3)
  • Helpful examples (3)
  • Well-written (3)

Cons

    Best Uses

    • Intermediate (3)
    • Novice (3)

    Reviewed by 4 customers

    Sort by

    Displaying reviews 1-4

    Back to top

     
    5.0

    METASPLOIT, Penetration Tester's Guide

    By HiSeCu (C Fenijn)

    from Netherlands

    About Me Cert Member

    Pros

    • Easy Low Treshold
    • Easy to understand
    • Helpful examples
    • Well-written

    Cons

      Best Uses

      • Intermediate
      • Novice

      Comments about No Starch Press Metasploit:

      The following is a review of the book METASPLOIT, The Penetration Tester's Guide, by David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni, no starch press, San Francisco, 2011. In a nutshell: This book is a must have for penetration testers. It is an excellent introduction to the Metasploit Framework, that is useful for both beginners and people who would like to leverage their own exploits, using the framework. One thing that stands out in this book from my own point of view is, that one can use Metasploit for the automation of Social Engineering purposes as well. It is not a thing I intend to use myself, but it is absolutely useful to learn about it, first hand from the person who implemented the Social-Engineer Toolkit (SET), himself, David Kennedy. The other authors of the book are also productive people in the field of security. To those who want to write code themselves and use that with metasploit, this book offers a very low threshold introduction.

       
      4.0

      ultimate guide for a beginner

      By Fab

      from Tokyo, Japan

      About Me Engineer, Manager

      Verified Reviewer

      Pros

      • Accurate
      • Easy to understand
      • Helpful examples

      Cons

      • Too basic

      Best Uses

      • Novice
      • Student

      Comments about No Starch Press Metasploit:

      Metasploit framework is clearly beyond comprehension for a beginner in penetration testing. So many panels, windows, shell capabilities, objectives you want to accomplish and targets to test, to not know what to do and where to start. The books explains step by step how to perform successful attacks, covering the reasons for each step, the part of the framework used, vulnerabilities targeted and what to write in consequence in penetration reports.

      As well as diving into Metaploit, the book goes into details about penetration testing philosophy, setting up and using a social engineering toolkit (which was my favorite part), faking Wireless access point, and in the last part of the book, the authors explain how to create or research exploit in a chosen application and then contribute to Metasploit framework by porting the discovered exploit into it.

      This book opened my eyes on how easy it is to find a way into a machine by experimenting it and also how to prevent it. The social engineering toolkit is great, but maybe lacks of delicacy for some parts (cloning a website for instance).

       
      5.0

      Really good book

      By Fabio Alessandro Locati

      from Milano, IT

      About Me Sys Admin

      Verified Reviewer

      Pros

      • Accurate
      • Concise
      • Easy to understand
      • Well-written

      Cons

        Best Uses

        • Expert
        • Intermediate
        • Novice
        • Student

        Comments about No Starch Press Metasploit:

        Metasploit is the most common and complete framework for testing security. Metasploit is an entire suite of tools and methodologies designed for testing the security of computers and networks.

        The book is written for both experienced penetration tester and people new to the security field. For the first group, one of the most interesting thing is the explanation of the rules and ideas that formed the Penetration Test Execution Standard, while for users new to the field, is really interesting what can be done and how.One thing that make this book so unique is the fact that is written by four people with really different backgrounds and this help the read to understand different ways to see the security.

        An aspect that really shaped this book as we can see it now, is the development speed of Metasploit that did not allow a "standard" manual. In this way, I think, the authors have created a book of way higher value.

        Overall, I think the book is really good for both the people that are new to the security field and to the people with years in the field. I would suggest the book to both category.

        Disclaimer: I received a free electronic copy of this book as part of the O'Reilly Blogger Program

        (5 of 5 customers found this review helpful)

         
        4.0

        Very interesting book - well recommended

        By Nick

        from Devon, United Kingdom

        About Me Sys Admin

        Verified Reviewer

        Pros

        • Accurate
        • Easy to understand
        • Helpful examples
        • Well-written

        Cons

          Best Uses

          • Expert
          • Intermediate

          Comments about No Starch Press Metasploit:

          "Metasploit: The Penetration Tester's Guide" was written by Mati Aharoni, Devon Kearns, Jim O'Gorman, and David Kennedy as the ultimate guide to the Metasploit Framework. The Metasploit Framework - or MSF - is an entire suite of tools and methodologies designed for testing the security of computer networks. The goal here was to nail down a guide to a system that is continually evolving while making it as relevant to a rookie as it is to an Information Security veteran.

          When I signed up for the O'Reilly Blogger Review Program I deliberately picked an e-book on a subject that I knew very little about. I've always been interested in Information Security and this was the perfect opportunity to indulge. Since most of what I knew about computer hacking came from Hollywood and crime fiction I started reading with a lot of misconceptions. These guys educated me.

          Subjects don't get much more technical than this. I've worked with computers for over twelve years now and if there's one thing that computer engineers love it's creating a web of mysticism around everything we do. Not these guys. The authors of this book have done an amazing job of turning a potentially very dry subject in to something dare I say a lot of fun. Whereas a lot of technology books make you feel like you're back in the class room, this one made me feel like I was down at my local coffee shop having a chat with four very good friends.

          As you might expect, there is a fair amount of tech-talk in this book. It always starts with a brief explanation of what's going on and how you can follow by using the MSF yourself. Yes, the entire up-to-date Metasploit Framework can be downloaded for free - though two additional paid versions also exist - so you can jump in and learn while you read.

          Most of the book delivered on its promise of being a guide suitable for first-time penetration testers. I only say most because the closer to the end of the book you get, the more you need experience in programming languages. So it's not really a criticism per se - it's just a given with the nature of the subject matter.

          This book has really got me thinking. I now subscribe to an Internet Security podcast and have signed up to a couple of Internet Communities that focus on the material laid down in this guide. If you are even just a little bit curious I would definitely recommend this book. If nothing else it will provide valuable insight in to what you need to be aware of in order to keep yourself a little more safe on-line - but it really has far more going for it than that.

          Thanks for reading.

          Displaying reviews 1-4

          Back to top

           
          Buy 2 Get 1 Free Free Shipping Guarantee
          Buying Options
          Immediate Access - Go Digital what's this?
          Ebook: $39.95
          Formats:  ePub, Mobi, PDF
          Print & Ebook: $54.95
          Print: $49.95