The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you've built your foundation for penetration testing, you’ll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Learn how to:
–Find and exploit unmaintained, misconfigured, and unpatched systems
–Perform reconnaissance and find valuable information about your target
–Bypass anti-virus technologies and circumvent security controls
–Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
–Use the Meterpreter shell to launch further attacks from inside the network
–Harness standalone Metasploit utilities, third-party tools, and plug-ins
–Learn how to write your own Meterpreter post exploitation modules and scripts
You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
|Publisher:||No Starch Press|
|Product dimensions:||6.90(w) x 9.20(h) x 1.20(d)|
About the Author
David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.
Jim O'Gorman (Elwood) is a professional penetration tester, an instructor at Offensive Security, and manages Offensive Security’s consulting services. Jim has lived online from the times of BBS’s, to FidoNet, to when SLIP connections were the new hotness. Jim spends time on network intrusion simulation, digital investigations, and malware analysis. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.
Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.
Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.
Table of Contents
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Basics
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Scanning
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Exploitation Using Client-side Attacks
Chapter 9: Metasploit Auxiliary Modules
Chapter 10: The Social-Engineer Toolkit
Chapter 11: Fast-Track
Chapter 13: Building Your Own Module
Chapter 14: Creating Your Own Exploits
Chapter 15: Porting Exploits to the Metasploit Framework
Chapter 16: Meterpreter Scripting
Chapter 17: Simulated Penetration Test
Appendix A: Configuring Your Target Machines
Appendix B: Cheat Sheet
Most Helpful Customer Reviews
I've always been interested in penetration testing but oddly enough, I had never used metasploit. So a few weeks ago I bought this book and another one about Metasploit by Syngress. I started with the Syngress one, and it was OK but it was terribly outdated so I literally had to throw it away. This one from NoStarch is a completely different story. For starters, I did a background check on the authors. I was glad to find that some of them are key members of the BackTrack Linux distro, which I'm particularly fond of. The others are well respected professionals of the information security community and have spoken at cons like Blackhat or Defcon. So considering the experience of the authors I had high expectations and I have to say that they were surpassed. The book starts off with a nice introduction to Penetration Testing where it explains the different phases of the process and the types of pentests. Then goes on to introduce the actual metasploit framework, covering the basic terminology, the available interfaces and the most important companion tools (msfpayload, msfencode, and so on). However, the fun begins after the introduction, where the authors show how to use metasploit to conduct a penetration test. They divide the process into three phases: intelligence gathering, vulnerability scanning and exploitation. They guide the reader through several step-by-step examples, each one demonstrating different techniques and components. The chapter on the meterpreter is specially detailed and interesting. Apart from the basic find-a-vuln-and-exploit-it, the book also covers advanced topics such as detection avoidance, client-side attacks or social engineering. It even shows how to hack the framework and build your own modules and exploits. Summing up... I really liked the book, I think it's worth every dollar. I wanted to learn how to use metasploit and I did it. Of course, the book does not cover every single exploit and module available but it does a great job at at teaching you how to use metasploit to conduct a penetration test and compromise the security of your systems.
This book is truly something else. I've read this book in full and with out a doubt I highly recommend this book to advance, and thoughs that are new to metasploit. Im not new to metasploit. I've been playing with it for 3 years off and on and this book is PACKED with information, Alot (not going to lie) that I didn't know. If your looking to learn right from the source, you're in the right place. The authors are truly talented on explotation testing.
Metasploit: The Penetration Tester’s Guide by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni (O’Reilly Media) is very detailed and extremely valuable in demonstrating how penetration testing can be done using Metasploit along with having the great side-benefit of being able to learn about general methods and processes a pentester will go through during the testing cycle (PTES methodology). The initial chapters deal with introducing the reader to the PTES methodology and Metasploit as a testing product. As the chapters progress the authors pushes the reader deeper and deeper into the Metasploit product’s features along with how to use those features to complete the penetration test processes. In the appendix, the authors have provided instructions on how to configure test environments that can support your exploits without sending the Feds to your front door. Overall, this book is an good resource for those people that have good technical skills in Ruby and are comfortable in a Linux environment that want to understand penetration testing and the Metasploit product.
Read this fully and use it as a quick recourse! Great book! Would definately reccomend it to all penetration testers, new or old!
This book is a great source for learning how to use metasploit. It has everything on metasploit withgreat explanation and very clear examples.