What do you think?
Rate this book
Metasploit Penetration Testing Cookbook
Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.
Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.
Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.
The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.
This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.
What you will learn from this book
Set up a complete penetration testing environment using Metasploit and virtual machines
Discover how to penetration test popular operating systems such as Windows 8
Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
Build and analyze meterpreter scripts in Ruby
Learn penetration testing in VOIP, WLAN, and the cloud from start to finish including information gathering, vulnerability assessment, exploitation, and privilege escalation
Make the most of the exclusive coverage of antivirus bypassing techniques using Metasploit
Work with BBQSQL to analyze the stored results of the database
Approach
This book follows a Cookbook style with recipes explaining the steps for penetration testing with WLAN, VOIP, and even cloud computing. There is plenty of code and commands used to make your learning curve easy and quick.
Metasploit Penetration Testing Cookbook, Second Edition contains chapters that are logically arranged with an increasing level of complexity and thoroughly covers some aspects of Metasploit, ranging from pre-exploitation to the post-exploitation phase. This book is an update from version 4.0 to version 4.5. It covers the detailed penetration testing techniques for different specializations like wireless networks, VOIP systems, and the cloud.
Metasploit Penetration Testing Cookbook, Second Edition covers a number of topics which were not part of the first edition. You will learn how to penetrate an operating system (Windows 8 penetration testing) to the penetration of a wireless network, VoIP network, and then to cloud.
The book starts with the basics, such as gathering information about your target, and then develops to cover advanced topics like building your own framework scripts and modules. The book goes deep into operating-systems-based penetration testing techniques and moves ahead with client-based exploitation methodologies. In the post-exploitation phase, it covers meterpreter, antivirus bypass, ruby wonders, exploit building, porting exploits to the framework, and penetration testing, while dealing with VOIP, wireless networks, and cloud computing.
This book will help readers to think from a hacker's perspective to dig out the flaws in target networks and also to leverage the powers of Metasploit to compromise them. It will take your penetration skills to the next level.
What you will learn from this book
Set up a complete penetration testing environment using Metasploit and virtual machines
Discover how to penetration test popular operating systems such as Windows 8
Get familiar with penetration testing based on client side exploitation techniques with detailed analysis of vulnerabilities and codes
Build and analyze meterpreter scripts in Ruby
Learn penetration testing in VOIP, WLAN, and the cloud from start to finish including information gathering, vulnerability assessment, exploitation, and privilege escalation
Make the most of the exclusive coverage of antivirus bypassing techniques using Metasploit
Work with BBQSQL to analyze the stored results of the database
Approach
This book follows a Cookbook style with recipes explaining the steps for penetration testing with WLAN, VOIP, and even cloud computing. There is plenty of code and commands used to make your learning curve easy and quick.
320 pages, Paperback
First published January 1, 2012
6 people are currently reading
119 people want to read
About the author
Abhinav Singh
46 books6 followersAbhinav singh is a young information security specialist from India. He has a keen interest in the field of Information security and has adopted it as his full time profession. His core work areas include Malware analysis, Network security, System and Enterprise security. He is also the author or “Metasploit Penetration testing Cookbook” and “Instant Wireshark” published by Packt.
Abhinav’s work has been quoted in several Infosec magazines and portals. He shares his day to day security encounters on
www.securitycalculus.com.
Currently he is working as Cyber Security Engineer for JP Morgan.
Linkedin profile: sg.linkedin.com/in/abhinavbom/
Abhinav’s work has been quoted in several Infosec magazines and portals. He shares his day to day security encounters on
www.securitycalculus.com.
Currently he is working as Cyber Security Engineer for JP Morgan.
Linkedin profile: sg.linkedin.com/in/abhinavbom/
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 8 of 8 reviews
December 19, 2013
This book offers a broad coverage on how network based pen-testing which would serve as a good reference for beginners. Some of the tips and references provided are useful. However, there are some assumptions are inaccurate which you may need to be cautious. E.g 1) DLL injection is not the same as DLL hijacking; and 2) with the presence of AV it does not mean that all malwares could be detected and deleted. Overall, I like the way that it is presented, but I would hope to see more advance chapters included.
May 24, 2021
Przeczytawszy I wydanie tej książki, coś mnie podkusiło, żeby kupić II część. Spis treści co prawda się różnił, data drugiego wydania było w 2014 roku, no i inni autorzy. Jest inaczej, ale nie do końca. W obu pozycjach powtarzają się techniki łamania, komendy msf, ale są też inne. W I tomie jest główny nacisk na assembler, w II tomie o tym praktycznie nic nie ma. Jest za to łamanie przez Wifi i pivoting. Podsumowując, jeżeli ktoś nie czytał żadnego tomu, może zacząć od drugiego. Jeżeli zaś ktoś jest zagorzałym fanem Metasploita, może przeczytać oba tomy.Ja chyba przeczytam i III wersje, jeżeli już będzie dostępna w Polsce.
November 17, 2022
Good to read 📚
Facebook is good to have your five good test your face challenges everybody is good and easy to understand how they work the tools you need and guys and the steps you can do very easy you do not need to read the book but to know the commands
Facebook is good to have your five good test your face challenges everybody is good and easy to understand how they work the tools you need and guys and the steps you can do very easy you do not need to read the book but to know the commands
January 25, 2020
Second Edition 2013 is a bit dated now, but good for a quick scan of the concepts and capabilities.
July 25, 2018
The Metasploit framework is a very powerful set of tools in the right hands. This second edition of the Penetration Testing Cookbook is a timely update to Abhinav Singh's first edition. From configuring your environment whether in Windows, Linux (Ubuntu specifically), kali, or a virtual machine,
Singh goes on to expand beyond the basic usage of the Metasploit framework and explores additional tools for port scanning, exploiting browser and/or OS vulnerabilities, and SQL injection. Singh also explores wireless and voice over IP pen testing and social engineering.
The wireless and VoIP chapters were pretty interesting, but I found the chapter on social engineering a bit weak and would recommend a book dedicated to that topic in order to really learn more about it. But the core material in this book - using the Metasploit framework to pen test via a number of different attack vectors - is satisfactory. Not ground-breaking, and you may want to start with a more introductory book (or one that is not in the cookbook format) on the Metasploit framework before diving into this cookbook, but if you prefer to jump in and get your hands dirty right away, this is the book for you.
Overall, I would recommend this book to every security professional as it has too much content
Singh goes on to expand beyond the basic usage of the Metasploit framework and explores additional tools for port scanning, exploiting browser and/or OS vulnerabilities, and SQL injection. Singh also explores wireless and voice over IP pen testing and social engineering.
The wireless and VoIP chapters were pretty interesting, but I found the chapter on social engineering a bit weak and would recommend a book dedicated to that topic in order to really learn more about it. But the core material in this book - using the Metasploit framework to pen test via a number of different attack vectors - is satisfactory. Not ground-breaking, and you may want to start with a more introductory book (or one that is not in the cookbook format) on the Metasploit framework before diving into this cookbook, but if you prefer to jump in and get your hands dirty right away, this is the book for you.
Overall, I would recommend this book to every security professional as it has too much content
March 24, 2014
Metasploit has gained a lot of popularity since last couple of years. This is simply because of its proven ability to help the security testers in the process of penetration testing and exploitation. The book titled "Metasploit Penetration Testing Cookbook, Second Edition" completely guides the user from basics to advance of Metasploit Framework. It does so following the 'recipe' style of writing giving crisp understanding of all concepts with suitable illustrations and references. Thus its really a good resource to get started with learning MEtasploit.
August 4, 2014
One of the best books to deepen your knowledge about Metasploit.
Currently reading
September 17, 2015k
Displaying 1 - 8 of 8 reviews