Metasploit: The Penetration Tester's Guide

Metasploit: The Penetration Tester's Guide

4.6 9
by David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni
     
 

View All Available Formats & Editions

"The best guide to the Metasploit Framework."—HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users.

Overview

"The best guide to the Metasploit Framework."—HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

Product Details

ISBN-13:
9781593272883
Publisher:
No Starch Press San Francisco, CA
Publication date:
07/21/2011
Pages:
328
Sales rank:
239,726
Product dimensions:
6.90(w) x 9.20(h) x 1.20(d)

Meet the Author

David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.

Jim O'Gorman is a professional penetration tester with CSC's StrikeForce, a co-founder of Social-Engineer.org, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.

Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.

Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >

Metasploit 4.7 out of 5 based on 0 ratings. 9 reviews.
Anonymous More than 1 year ago
I've always been interested in penetration testing but oddly enough, I had never used metasploit. So a few weeks ago I bought this book and another one about Metasploit by Syngress. I started with the Syngress one, and it was OK but it was terribly outdated so I literally had to throw it away. This one from NoStarch is a completely different story. For starters, I did a background check on the authors. I was glad to find that some of them are key members of the BackTrack Linux distro, which I'm particularly fond of. The others are well respected professionals of the information security community and have spoken at cons like Blackhat or Defcon. So considering the experience of the authors I had high expectations and I have to say that they were surpassed. The book starts off with a nice introduction to Penetration Testing where it explains the different phases of the process and the types of pentests. Then goes on to introduce the actual metasploit framework, covering the basic terminology, the available interfaces and the most important companion tools (msfpayload, msfencode, and so on). However, the fun begins after the introduction, where the authors show how to use metasploit to conduct a penetration test. They divide the process into three phases: intelligence gathering, vulnerability scanning and exploitation. They guide the reader through several step-by-step examples, each one demonstrating different techniques and components. The chapter on the meterpreter is specially detailed and interesting. Apart from the basic find-a-vuln-and-exploit-it, the book also covers advanced topics such as detection avoidance, client-side attacks or social engineering. It even shows how to hack the framework and build your own modules and exploits. Summing up... I really liked the book, I think it's worth every dollar. I wanted to learn how to use metasploit and I did it. Of course, the book does not cover every single exploit and module available but it does a great job at at teaching you how to use metasploit to conduct a penetration test and compromise the security of your systems.
Anonymous More than 1 year ago
This book is truly something else. I've read this book in full and with out a doubt I highly recommend this book to advance, and thoughs that are new to metasploit. Im not new to metasploit. I've been playing with it for 3 years off and on and this book is PACKED with information, Alot (not going to lie) that I didn't know. If your looking to learn right from the source, you're in the right place. The authors are truly talented on explotation testing.
Anonymous More than 1 year ago
FantasyRider More than 1 year ago
Metasploit: The Penetration Tester’s Guide by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni (O’Reilly Media) is very detailed and extremely valuable in demonstrating how penetration testing can be done using Metasploit along with having the great side-benefit of being able to learn about general methods and processes a pentester will go through during the testing cycle (PTES methodology). The initial chapters deal with introducing the reader to the PTES methodology and Metasploit as a testing product. As the chapters progress the authors pushes the reader deeper and deeper into the Metasploit product’s features along with how to use those features to complete the penetration test processes. In the appendix, the authors have provided instructions on how to configure test environments that can support your exploits without sending the Feds to your front door. Overall, this book is an good resource for those people that have good technical skills in Ruby and are comfortable in a Linux environment that want to understand penetration testing and the Metasploit product.
Anonymous More than 1 year ago
Read this fully and use it as a quick recourse! Great book! Would definately reccomend it to all penetration testers, new or old!
Anonymous More than 1 year ago
This book is a great source for learning how to use metasploit. It has everything on metasploit withgreat explanation and very clear examples.
Anonymous More than 1 year ago
Anonymous More than 1 year ago
Anonymous More than 1 year ago