Metasploit, 2nd Edition cover

Metasploit, 2nd Edition

by David Kennedy, Mati Aharoni, Devon Kearns, Jim O’Gorman, and Daniel Graham
December 2024, 288 pp.
ISBN-13: 
9781718502987

Download Chapter 3: Intelligence Gathering

Look Inside!

Metasploit 2E back cover
Metasploit 2E pages 52-53Metasploit 2E pages 60-61Metasploit 2E pages 204-205

Metasploit: The Penetration Tester’s Guide has been the definitive security assessment resource for over a decade. The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless, but using it can be challenging for newcomers.

Written by renowned ethical hackers and industry experts, this fully updated second edition includes:

  • Advanced Active Directory and cloud penetration testing 
  • Modern evasion techniques and payload encoding
  • Malicious document generation for client-side exploitation
  • Coverage of recently added modules and commands

Starting with Framework essentials—exploits, payloads, Meterpreter, and auxiliary modules—you’ll progress to advanced methodologies aligned with the Penetration Test Execution Standard (PTES). Through real-world examples and simulated penetration tests, you’ll:

  • Conduct network reconnaissance and analyze vulnerabilities
  • Execute wireless network and social engineering attacks
  • Perform post-exploitation techniques, including privilege escalation
  • Develop custom modules in Ruby and port existing exploits
  • Use MSFvenom to evade detection
  • Integrate with Nmap, Nessus, and the Social-Engineer Toolkit

Whether you’re a cybersecurity professional, ethical hacker, or IT administrator, this second edition of Metasploit: The Penetration Tester’s Guide is your key to staying ahead in the ever-evolving threat landscape.

Author Bio 

David Kennedy, founder of Binary Defense and TrustedSec, is a cybersecurity leader who advised on the Emmy-winning series Mr. Robot. Mati Aharoni, OffSec founder, is a veteran penetration tester who has uncovered major security flaws. Devon Kearns co-founded the Exploit Database and Kali Linux. Jim O’Gorman heads the Kali Linux project at OffSec. Daniel G. Graham is a professor of computer science at the University of Virginia and a former program manager at Microsoft.

Table of contents 

Foreword to the First Edition
Acknowledgments
Special Thanks
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Fundamentals
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Analysis
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Client-Side Attacks
Chapter 9: Auxiliary Modules
Chapter 10: Social Engineering
Chapter 11: Wireless Attacks
Chapter 12: Porting Exploits to the Framework
Chapter 13: Building Your Own Modules
Chapter 14: Creating Your Own Exploits
Chapter 15: Simulated Penetration Test
Chapter 16: Pentesting the Cloud
Appendix A: Configuring Your Lab Environment
Appendix B: Cheat Sheet

View the Copyright page
View the detailed Table of Contents
View the Index

Reviews 

"This is an excellent book to help familiarize testers with one of the most popular security tools ever created. It will help guide you through familiar concepts and how they integrate into the broader security framework of Metasploit. An absolutely fantastic addition to any penetration tester's bookshelf." 
—Menachem Rothbart, Principal Security Consultant, Hacker, OSCE3

"The Metasploit Framework has enrichments and features that can enhance your offensive security journey, and they're all covered in this book. Many users are acquainted with the pre-built exploitation and initial access use cases covered in the first edition, but this update includes new vulnerabilities, their associated modules, and the new frontier of cloud penetration testing. A practitioner's toolkit and environment may change, but the methodology remains the same."
Billy Trobbiani, @billycontra, Red Team Engineer at Toast, Inc.

"Not just another Metasploit tutorial. The second edition of this comprehensive book walks you through each stage of a simulated penetration test, and shows you how to use Metasploit to its full potential. Plus, it is logically ordered and easy to follow."
—Andy “ApexPredator” Poole, OSEE, GSE

"[P]rovides invaluable insights for penetration testers seeking to enhance their skills and understanding using Metasploit. However, its benefits extend beyond penetration testers. In contrast, blue teamers can also leverage the same techniques and knowledge in this book to go behind enemy lines and identify gaps in their own security controls before they can be exploited by attackers using the same toolset."
—Josh Tristram, @jdtristram, Healthcare Blue Teamer

"An easy read that is more than a metasploit book. It covers beginner and intermediate concepts anyone interested in the offensive side of security should understand."
—Dave Curtin, Security Consultant, LRQA

 

REVIEWS OF THE 1st EDITION:

"Very comprehensive and packed full of great advice."
Christian Kirsch, Rapid7 (Read More)

"For anyone who wants to get involved in the mechanics of penetration testing with Metasploit, this book is an excellent resource."
Tod Beardsley, Rapid7

"Arguably my favorite book for 2012, this is the most complete and comprehensive instruction book for Metasploit that I have seen so far."
Dan Dieterle, Infosec Island (Read More)

"Metasploit is perhaps the most enjoyable book I have come across regarding the uses and functionality of Metasploit. There were so many concepts it refreshed me on, many functions I didn’t know existed and other functions I did not correctly understand even with my years of using Metasploit."
The Ethical Hacker Network (Read More)

"Takes current documentation further and provides a valuable resource for people who are interested in security but don't have the time or money to take a training class on Metasploit. Rating: 10/10"
Slashdot (Read More)

"Metasploit: The Penetration Tester's Guide is a great book about the Metasploit Framework."
Richard Bejtlich, TaoSecurity (Read More)

"My recommendation: Get this book."
Chris Koger, PenTest Magazine

"Whether you are a penetration tester or a technical security professional, quality time spent working through this book will add valuable tools and insight to your professional repertoire."
IEEE Cipher (Read More)

"For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester's Guide is a valuable aid."
Ben Rothke, Security Management (Read More)

"In case you've never used Metasploit or have limited experience with it, I highly recommend the No Starch Press book Metasploit: The Penetration Tester's Guide. It's a great book to get people started, has examples to walk through, and includes more advanced topics for experienced users."
Dark Reading (Read More)

"This book provides all the key information you need to get going with Metasploit in one easily read and referenced package."
Network Security Newsletter

"This title is nothing less than masterful; there is no nook or cranny for the program and its various third-party addons that is not covered."
NeuFutur Magazine (Read More)

"What I really liked about the book was the incorporation of the Metasploit tools and capabilities with a penetration testing methodology."
Vitalisec - Vital Information Security (Read More)

"A big thumbs up from me. It was worth every penny to learn the bits I did and to add clarity to other areas."
Common Exploits (Read More)

"If you are new to Metasploit and want to get up to speed quickly, it's hard to imagine that you'll find a better book."
Citizen428 (Read More)

"The chapters are sized perfectly, giving the reader just enough time to become proficient in many of the different aspects of Metasploit."
Small Town Geeks (Read More)

"An invaluable resource to get those that are new to this tool up and running while also providing experts with a great resource to turn to when help or ideas are needed."
George Romano, Digital Overdrive (Read More)

"The craft of penetration testing is covered deeply and broadly. The book's greatest source of value is how the concepts being applied are explained and demonstrated with well-annotated examples."
Packet Pushers (Read More)

"This book is an essential read for anyone looking to get into the field of Penetration Testing as well as for seasoned veterans."
LokiSec (Read More)

"On the short list of books I would recommend to any security practitioner."
obscuresec (Read More)

"Perfect for someone who is just starting out in security. This book has the honor of being named “the best guide to the Metasploit framework” by Metasploit founder H.D. Moore himself. Not only does the book provide a great crash course into using the powerful Metasploit framework, but it’s also useful for doing vulnerability research."
—Britt Kemp, Bishop Fox Labs