- Use promo code PRIMEBOOKS18 to save $5.00 when you spend $20.00 or more on Books offered by Amazon.com. Enter code PRIMEBOOKS18 at checkout. Here's how (restrictions apply)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Mastering Metasploit Paperback – May 26, 2014
|New from||Used from|
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who bought this item also bought
Special offers and product promotions
From the Author
Hi, My Name is Nipun Jaswal, Author of Mastering Metasploit. Mastering Metasploit is my first writing experience and was the most beautiful journey which laid my foundation in the writing world. I decided to write this book since i found numerous books covering the same old exploits and techniques. And as they say, "If you can't find the book you are looking for, you must write it" i kept the thought of penning this one down. I thank PACKT for providing me with the opportunity to write this book. It took me 10 months of time to pen this one down. I deeply thank you all for making your purchases or planning to make a purchase of my book and i wish this book would take you to a Metasploit and Exploitation journey which you haven't been on before.
About the Author
Nipun Jaswal is an independent information security specialist with a keen interest in the fields of penetration testing, vulnerability assessments, wireless penetration testing, forensics, and web application penetration testing. He is an MTech in Computer Science from Lovely Professional University, India, and is certified with C|EH and OSWP. While he was at the university, he was the student ambassador of ECCOUNCIL and worked with many security organizations along with his studies. He has a proven track record in IT security training and has trained over 10,000 students and over 2,000 professionals in India and Africa. He is a professional speaker and has spoken at various national and international IT security conferences. His articles are published in many security magazines, such as Hakin9, eforensics, and so on. He is also the developer of a web application penetration testing course for InSecTechs Pvt. Ltd., Hyderabad, India, which is a distancelearning package on testing web applications. He has been acknowledged for finding vulnerabilities in Rapid7, BlackBerry, Facebook, PayPal, Adobe, Kaneva, Barracuda labs, Zynga, Offensive Security, Apple, Microsoft, AT&T, Nokia, Red Hat Linux, CERTIN, and is also part of the AT&T top 10 security researcher's list for 2013, Q2. Feel free to mail him via email@example.com or visit his site http://www.nipunjaswal.com for more information.
If you buy a new print edition of this book (or purchased one in the past), you can buy the Kindle edition for only $2.99 (Save 84%). Print edition purchase must be sold by Amazon. Learn more.
For thousands of qualifying books, your past, present, and future print-edition purchases now lets you buy the Kindle edition for $2.99 or less. (Textbooks available for $9.99 or less.)
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
I would skip it.
I was provided a copy of this book by Packt Publishing in order to write this review. The book website can be found at [...].
The Quick Summary
This book truly lives up to its name. It starts were many other books about Metasploit stop. I would recommend this book to anyone interesting in taking their pentesting skills to the next level.
What This Books Covers
Chapter 1: This is a brief review of Metasploit
Chapter 2: Reinventing Metasploit through developing new modules in Ruby and using the Meterpreter Rail Gun.
Chapter 3: How to develop exploits. This chapter begins with a brief assembly primer. Then the common methods of exploit are discussed. The chapter concludes with a discussion on using fuzzing to find problems and then writing exploits for these problems.
Chapter 4: This chapter discusses how to port exploits written in other scripting languages to Ruby in a way that is compatible with Metasploit.
Chapter 5: This chapter covers some miscellaneous topics such as SCADA, databases, and VOIP.
Chapter 6: This chapter discusses several other tools used in penetration tests such as intelligence gathering, reporting, and pivoting tools.
Chapter 7: Discusses client side attacks such as browser, media, and file-based attacks.
Chapter 8: This chapter provides a nice overview of the Social Engineering Toolkit by David Kennedy.
Chapter 9: This chapter shows how to speed up pentests using automation.
Chapter 10: In this final chapter, advanced usage of Armitage, the graphical interface to Metasploit, is discussed.
What I Liked Most
There are many Metasploit books available today. Most of them don't go much beyond using MS08_067 to exploit old, unpatched Windows XP machines. This book covers many advanced topics not found in these other books. Most of the information from these other books is easily found online, including in the Metasploit Unleashed online book which may be found here [...].
What I Liked Least
I couldn't find anything I didn't like about this book. About the only way the book could be better is if it was even larger and contained yet more tips and techniques.
In the crowded space of Metasploit books this one stands out. I could see this book being useful to current pentesters and not just students or script kiddies. I also think that this book could be the basis for an advanced pentesting training course.
Taken from [...]
After an introductory part, which describes in general how a penetration Testing should be conducted to adhere to the standard and achieve objective results, the book starts introducing you to Metasploit internals and focuses on the framework and what it offers to you to build your own tests and exploits.
It is not just a mere description of how Metasploit works, the aim of the author is to help you understand how to work with the software and how you can leverage what it offers in order to get full advantage of what it can do.
This objective is achieved explaining every aspect with an example and with some screenshot that help you understand what is going on with a step by step approach : this makes this book ideal also for teaching advanced techniques to a class of students.
The central part of the book then focuses on various techniques to test a rich set of systems ranging fom Scada, to Windows, to web and Database servers.
Other interesting arguments covered are the advanced client-side attacks and the social engineering toolkit.
Finally, the last part of the book gives you many tips to enhance your working environment to speed up the tests and teaches you how you can work even more easily with Armitage, taking advantage of its scripting language Cortana.
To sum up, this is really a must have book if you want to learn a professional approach to penetration testing, to become very proficient using Metasploit and other useful tools used to perform and explain various attack techniques and find useful hints and tips on how to plan and perform penetration testing in various scenarios in a quick and effective manner.
I openly reccommend this book to any Information Security professional looking to strengthen their understanding and use of Metasploit. I further recommend this book for the novice who needs to get up-to-speed quickly in the field, as it is a deep treasure of information that should not be overlooked.
On the first couple of pages it covers nmap target analysis, and exploitation of popular Windows systems.
It gives you a nice intro into the Ruby programming language - the language Metasploit is written in. Analysis of Metasploit code follows, naturally.
But that's not all. Far from it. Explanations on assembly, ports to pearl, web server exploitation, SCADA, SQL, VOIP, you name it. It's all there. Even social engineering.
And after all this, there is a chapter on optimizing code it already covered.
This is an excellent book, that I found very helpful. I would recommend it to anyone interested in security.