Metasploit: The Penetration Tester's Guide and over one million other books are available for Amazon Kindle. Learn more

Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 


or
Sign in to turn on 1-Click ordering
Sell Us Your Item
For a $10.78 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Start reading Metasploit: The Penetration Tester's Guide on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Metasploit: The Penetration Tester's Guide [Paperback]

David Kennedy , Jim O'Gorman , Devon Kearns , Mati Aharoni
4.7 out of 5 stars  See all reviews (76 customer reviews)

List Price: $49.95
Price: $30.34 & FREE Shipping on orders over $35. Details
You Save: $19.61 (39%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.
Want it Tuesday, July 15? Choose One-Day Shipping at checkout. Details
Free Two-Day Shipping for College Students with Amazon Student

Formats

Amazon Price New from Used from
Kindle Edition $22.99  
Paperback $30.34  
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Book Description

July 25, 2011 159327288X 978-1593272883 1
"The best guide to the Metasploit Framework."—HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.


Frequently Bought Together

Metasploit: The Penetration Tester's Guide + Rtfm: Red Team Field Manual + Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
Price for all three: $72.84

Buy the selected items together


Editorial Reviews

About the Author

David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.

Jim O'Gorman is a professional penetration tester with CSC's StrikeForce, a co-founder of Social-Engineer.org, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.

Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.

Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.


Product Details

  • Paperback: 328 pages
  • Publisher: No Starch Press; 1 edition (July 25, 2011)
  • Language: English
  • ISBN-10: 159327288X
  • ISBN-13: 978-1593272883
  • Product Dimensions: 9.2 x 7 x 1.2 inches
  • Shipping Weight: 1.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (76 customer reviews)
  • Amazon Best Sellers Rank: #26,796 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews
31 of 33 people found the following review helpful
Format:Paperback
I'm an accomplished test automation/performance engineer, but one area of testing that I'm pretty green at is penetration testing. Luckily, I came across Metasploit: The Penetration Tester's Guide, which is a book about penetration testing using the opensource Metasploit Framework testing and is a great introduction to security testing in general. Since I'm a complete novice when it comes to Metasploit, the book was great for getting me started with the basics of the framework. (A more experience Metasploit user, however, will probably want to read something a bit more advanced.)

The book assumes the reader has zero experience, and begins with a brief history of Metasploit and how to install it. Although you don't need to be a programmer to read it, most of the examples are written in Ruby and Python. You should also be familiar with Linux and how to set up VMs.

Overall, the book is written with a hands-on, tutorial-like style that is great for people like me who prefer to learn by doing. The book is a progression, beginning by establishing the methodologies/phases and terminology of penetration testing and an intro to the utilities and functions within the Metasploit framework. The first few chapters are a great help in getting up to speed on what penetration testing is and provide a nice overview of the different phases of a penetration test. The author then walks you through how to identify different types of vulnerabilities and how to exploit them using the tool. I really liked the sections on how to attack MS SQL, Browser-Based & File exploits and Social Engineering attacks. Many different modules of the framework are covered, as well as how to create a module. The book ends with a realistic simulation of an actual penetration test.
Read more ›
Comment | 
Was this review helpful to you?
15 of 16 people found the following review helpful
Format:Paperback|Verified Purchase
The book covers the basics of using Metasploit with other related tools (SET and Fast-Track). If the reader is expecting to become a penetration tester expert by reading this book then I will say that the expectations are wrong. The author has managed to put in a single book the methodology used for penetration testing, named as PTES (Penetration Testing Execution Standard) and described as the redefined methodology for penetration testing and a general overview of the Metasploit framework, how it works, how is composed and how you can leverage the power of using this framework to make adaptations in different situations or scenarios. Also the author has recalled the fact that every situation is different and the penetration tester should deal with obstacles that he may find in the way to exploit a system.

The author begins the book by describing the PTES methodology and also referring the user to the penetration standard organization website in order to get more information (for people that are new in penetration testing). Then the author moves on with the metasploit basics, explaining the terminology and how the framework is composed. It also makes a brief explanation about Metasploit Express and Metasploit Pro. In the Chapter 2 the book deals with an important step (information gathering), if not the most important, when conducting a penetration test. People tend to overlook this step because sometimes it will not have the "expected" fun necessary but users should understand that the success of exploiting a system is the time spent on gathering information of the target. The information gathering process, in this book, covers the identification of the target and the discovery of different applications or possible attack vectors.
Read more ›
Comment | 
Was this review helpful to you?
10 of 10 people found the following review helpful
5.0 out of 5 stars Definitive Metasploit reference January 3, 2012
Format:Paperback
People who design networks or build software applications are often oblivious to security faults that their designs may have. Those serious about information security will perform or will have an outside firm perform a penetration test--which is a way to evaluate how effective the security of a network or application is. Those performing a penetration test will imitate what an attacker would do in an adversarial situation to see how the system holds up.

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing. For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester's Guide is a valuable aid. Metasploit itself is an extremely powerful tool, but it is not an intui-tive piece of software.

While there's documentation on Metasploit available at the project Web site, the authors use the book to help the reader become more fluent in how to use the base Metasploit meth­odology to be an effective penetration tester.

The first two chapters provide an introduction to penetration testing and Metasploit. By chapter four, the reader is deep in the waters of penetration testing. The book progressively advances in complexity. And by the time the reader finishes chapter 17, he or she should have a high comfort level on how to use Metasploit.

The book is meant for someone who is technical and needs to be hands-on with Metasploit and really understand it. For firms that are looking to do their own penetration testing, Metasploit is a free open-source tool, also used by firms that charge for the service.

For those looking to jump on the Meta­sploit bandwagon, this book is a great way to do that.
Was this review helpful to you?
Most Recent Customer Reviews
4.0 out of 5 stars Great reference and higher level framework book!
This is a great reference book, however it is a book and by the time it is printed, it is obsolete. The exploits in this book are not all going to work, however it is a great... Read more
Published 2 days ago by ThaReaper2b
5.0 out of 5 stars Five Stars
Looks good so far
Published 2 days ago by Ben
5.0 out of 5 stars Great book with examples!
Excellent book with many great examples and demonstrations. I actually found a bug in windows with this book that had since been taken by MS and patched!
Published 11 days ago by pcmojo
5.0 out of 5 stars Sumptuous book
The best pen tester guide, explain everything that you need to start playing with Metasploit. It's a pretty good knowlegde :)
Published 22 days ago by Pedro Pavan
5.0 out of 5 stars killer book
this book is the the real deal. Just be sure to setup a test lab at home with virtualbox etc so you can try the exploits out.
Published 1 month ago by Zach Hatsis
4.0 out of 5 stars Excellent Training And Skills Development Tool
This should prove to be an excellent tool in the continuation of my vulnerability assessment professional skills. It has some very good examples.
Published 3 months ago by bbryantf
5.0 out of 5 stars Great product! This is something that quality is a must and it was...
Great product! This is something that quality is a must and it was provided. Will buy again! Right price, fast service!
Published 3 months ago by Peter Walker
5.0 out of 5 stars Great book
Great book for a beginner. Well layer out and easy to understand. It made getting started easy and help with setup and configuration.
Published 5 months ago by Tfritz
3.0 out of 5 stars good but not many examples
It is more of therory than practical and examples. good book and who ever wrote it was a smart guy but not for an average guy. Read more
Published 6 months ago by Darin D
5.0 out of 5 stars Best Book ever if you are starting out in Pen Testing!
Best Book ever if you are starting out in Pen Testing! Dave has a way of making the topic super easy to understand..
Published 6 months ago by AG
Search Customer Reviews
Search these reviews only

What Other Items Do Customers Buy After Viewing This Item?


Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 



Look for Similar Items by Category