Metasploit: The Penetration Tester's Guide

Rate this book

Clear rating

1 of 5 stars 2 of 5 stars 3 of 5 stars 4 of 5 stars 5 of 5 stars

Metasploit: The Penetration Tester's Guide

by David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni

4.18 of 5 stars 4.18 · rating details · 87 ratings · 7 reviews

"The best guide to the Metasploit Framework." —HD Moore, Founder of the Metasploit ProjectThe Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills th...more

Paperback, 328 pages

Published July 22nd 2011 by No Starch Press (first published May 15th 2011)

more details... edit details

Get a copy:

More…

Friend Reviews

To see what your friends thought of this book, please sign up.

Lists with This Book

This book is not yet featured on Listopia. Add this book to your favorite list »

Community Reviews

(showing 1-30 of 268)

filter | sort: default (?) | rating details

Aug 23, 2011 Michael rated it 4 of 5 stars

Shelves: security

Where to start? The Metasploit Framework (MSF) is a very popular penetration testing tool used by security professionals the world over. It was previously written in Perl but underwent a complete rewrite for version 3, where the developers switched the project to Ruby. The tool unifies the various stages of penetration testing in convenient interfaces (“msfconsole” for interactive use and “msfcli” for scripting purposes): information gathering and storage, exploit and payload configuration, IDS...more Where to start? The Metasploit Framework (MSF) is a very popular penetration testing tool used by security professionals the world over. It was previously written in Perl but underwent a complete rewrite for version 3, where the developers switched the project to Ruby. The tool unifies the various stages of penetration testing in convenient interfaces (“msfconsole” for interactive use and “msfcli” for scripting purposes): information gathering and storage, exploit and payload configuration, IDS and antivirus evasion and actually exploiting the system.

From this you probably can gather that Metasploit is quite big and complex, as well as in a state of constant flux. This makes it rather hard to write a definitive book on it, which is illustrated by the fact that shortly after this volume got published, the Metasploit team released version 4 of the framework. Considering these difficulties, I’m tempted to say that the authors have done a tremendous job describing MSF as it was at the time of writing.

Now for the actual content: after a foreword by Metasploit’s main developer HD Moore, there’s a little introduction section on penetration testing and the history of the framework. This is followed by the first chapter, which covers some penetration testing basics. After this the authors give a first introduction to the MSF, before dedicating a chapter each to various phases of pen testing, namely information gathering, vulnerability scanning and the actual exploitation. After this you’ll find a whole chapter on Meterpreter, covering various aspects of post-exploitation techniques. Once you get to this point, you should have a good idea about how Metasploit works in principle and how capable it is. The authors don’t stop here though, but use the following chapters to try to teach you about avoiding detection, client-side exploits and Metasploit’s auxiliary modules. By this point in the book it felt like I already had learned a lot, but then I realized that I’m only halfway through the book! There still were chapters on various topics, including the social-engineering toolkit which is built in the MSF and wireless exploitation with Karmetasploit. As a Ruby developer/dev ops guy I was really interested in the next couple of chapters, which deal with building your own modules and exploits as well as porting existing exploits to Metasploit and Meterpreter scripting. Wow, the authors definitely covered a lot of ground until here, but we are still not done, since there’s on more chapter on how to simulate your pen tests.

While the above shows what the book covered, it doesn’t say much on how it was covered. In my opinion the authors did a very good job, the text is easy to follow and to the point and helped by screenshots and transcripts of “msfconsole” sessions. Sure, most of this material is also available on the Metasploit Unleashed web site, but I like having it all in the form of one compact book. I noticed 2-3 places where the textual description and the content of the screenshot/transcript didn’t exactly match, which can lead to brief moments of confusion, but nothing dramatic.

If you are new to Metasploit and want to get up to speed quickly, it’s hard to imagine that you’ll find a better book at the moment. More experienced users of the framework should flip through it in a book store to decide how much they’ll really get from it, but it’s probably still a good book to have around, even if it’s just for the cheat sheet in Appendix B.(less)

like · see review

Jan 20, 2012 Timo rated it 3 of 5 stars

A good introductory to the different ways of using Metasploit. Since I had already some previous experience using Metasploit my favorite chapters were the one covering usage of Meterpreter and how to create your own module or how to port your own exploits to Metasploit framework. In the end of the book there was also a nice chapter how to set up a small and vulnerable network for testing different attacks which I also found a good addition to the book.

like · see review

Nov 16, 2012 عَبدُالكَرِيمْ الهاشمي rated it 5 of 5 stars

Shelves: penttest, hacking

Probably one of the best penetration testing books I have ever read. You will need basic linux knowledge and a backtrack distro to be able to get most of this book. It first teaches you the basics of Metasploit then you go deeper and deeper.

some of the commands are outdated however I am pretty sure a hacker like you can manage to get him/herself updated.

And remember: Hugs are always better than handshakes !!;-)

like · see review

Oct 17, 2012 Wolfgang Barthel rated it 5 of 5 stars

One of the best Metasploit books out there. It covers the basics but also some more advanced stuff very useful in my daily pentesting live out there :)

like · see review

Oct 13, 2012 Stephen Linderman rated it 5 of 5 stars

Its david kennedy you really can't say any thing else. Your going to get the best from the best.

like · see review

Sep 18, 2011 William rated it 4 of 5 stars

Covers everything you need to know about the Metasploit framework. No more no less. I liked it.

like · see review

Oct 08, 2012 Billy rated it 5 of 5 stars

This book is great for anyone trying to pick up advanced metasploit methodology. Great as a reference and for first timers that want a complete walk through.

like · see review

Jun 19, 2013 Abner is currently reading it

Jun 18, 2013 Michael Feng rated it 5 of 5 stars

Jun 18, 2013 Thedude rated it 4 of 5 stars

Jun 13, 2013 Ebenezer Sam marked it as to-read

Jun 11, 2013 Vladimir Korichkov rated it 5 of 5 stars

Jun 11, 2013 Rodr rated it 2 of 5 stars

Jun 08, 2013 Mohammed is currently reading it

Jun 08, 2013 Therese marked it as to-read

Shelves: cs

Jun 06, 2013 David is currently reading it

Jun 06, 2013 Olle is currently reading it

Shelves: computer-security

Jun 06, 2013 Chris rated it 5 of 5 stars

Jun 05, 2013 Nader Nabil added it

Jun 04, 2013 Sefvel rated it 4 of 5 stars

Shelves: computer

Jun 04, 2013 Jakub Zarzycki marked it as to-read

Jun 04, 2013 Ben Wilson rated it 4 of 5 stars

Jun 04, 2013 George marked it as to-read

Jun 03, 2013 Josephus Willis marked it as to-read

Jun 03, 2013 Hassan marked it as to-read

Jun 01, 2013 Adam marked it as to-read

Shelves: security

May 31, 2013 Prem Mishra is currently reading it

May 28, 2013 Samir added it

May 28, 2013 Ben is currently reading it

May 28, 2013 Jason marked it as to-read

« previous 1 2 3 4 5 6 7 8 9 next »

new topic
Discuss This Book

There are no discussion topics on this book yet. Be the first to start one »

Recommend it | Stats | Recent status updates

Goodreads is hiring!

If you like books and love to build cool products, we may be looking for you.
Learn more »

Genres

Computer Science > Technical

5 users

Computer Science > Computers

3 users

Science > Technology

2 users

Science > Computer Science

2 users

See top shelves...

Books by David Kennedy

The Dark Sides of Virtue: Reassessing International Humanitarianism

The Waldorf Book of Poetry: Discover the Power of Imagination

More…

Share This Book

Facebook Twitter Your website

Trivia About Metasploit: The P...

No trivia or quizzes yet. Add some now »

title link	preview: Metasploit: The Penetration Tester's Guide
avg rating	preview: Metasploit: The Penetration Tester's Guide Goodreads rating: 4.18 (87 ratings)
small image	preview: click here [close]
med image	preview: click here [close]
BBCode	[url=http://www.goodreads.com/book/show/10545174-metasploit?utm_medium=api&utm_source=blog_book][img]http://d.gr-assets.com/books/1328753509l/10545174.jpg[/img][/url] [url=http://www.goodreads.com/book/show/10545174-metasploit?utm_medium=api&utm_source=blog_book]Metasploit: The Penetration Tester's Guide by David Kennedy[/url]

Metasploit: The Penetration Tester's Guide

Friend Reviews

Lists with This Book

Community Reviews

new topicDiscuss This Book

Goodreads is hiring!

Genres

Books by David Kennedy

Share This Book

Share This Book on Your Website

Trivia About Metasploit: The P...

new topic
Discuss This Book