Metasploit, 2nd Edition

by David Kennedy, Mati Aharoni, Devon Kearns, Jim O’Gorman, and Daniel Graham
May 2023, 352 pp.
ISBN-13: 
9781718502987
Use coupon code PREORDER to get 25% off!

The Metasploit Framework makes discovering, exploiting, and sharing systemic vulnerabilities quick and painless. But this popular pentesting tool can be hard to grasp for first-time users. Metasploit fills the gap by teaching readers how to harness the Framework and interact with the vibrant community of Metasploit open-source contributors. The guide's updated second edition introduces contemporary modules and commands recently added to the Metasploit Framework, and new chapters on cloud penetration testing using the Cloud Lookup and Bypass module, as well as attacking IoT and SCADA systems using the Mobius Client Module.

Readers will learn the Framework's conventions, interfaces, and module system as they launch simulated attacks. The book also covers advanced pentesting techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. In an ecosystem increasingly driven by cloud-based and industrial attacks, these modern skills are essential for today's penetration testers.

Author Bio 

Dave Kennedy is founder and principal security consultant of TrustedSec, and co-author of the Penetration Testing Execution Standard (PTES). Considered a visionary in the infosec field, he has spoken at conferences including DEFCON and Black Hat, and co-founded DerbyCon. He is also the creator of the Social-Engineer Toolkit (SET) and Artillery, as well as a co-author of Metasploit: The Penetration Testers Guide (No Starch Press).

Mati Aharoni is the founder of Offensive-Security, the industry leader in security training, and the creator of BackTrack Linux distribution. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.

Devon Kearns is an instructor at Offensive Security, a BackTrack Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.

Jim O'Gorman, a.k.a. Elwood, is a professional penetration tester working with CSC's StrikeForce. He is one of the founders of Social-Engineer.org and co-trainer in Offensive Security's most challenging class, Advanced Windows Exploits (AWE)

Daniel Graham is an Assistant Professor of Computer Science at The University of Virginia in Charlottesville, Virginia. His research interests include secure embedded systems and networks. Before teaching at UVA, Dr. Graham was a Program Manager at Microsoft in Seattle, Washington. He publishes in IEEE journals relating to sensors and networks.

Table of contents 

Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Basics
Chapter 3: Intelligence Gathering

Chapter 4: Vulnerability Scanning
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Exploitation Using Client-side Attacks
Chapter 9: Metasploit Auxiliary Modules
Chapter 10: The Social-Engineer Toolkit
Chapter 11: Fast-Track
Chapter 12: Karmetasploit
Chapter 13: Building Your Own Module
Chapter 14: Creating Your Own Exploits
Chapter 15: Porting Exploits to the Metasploit Framework
Chapter 16: Meterpreter Scripting
Chapter 17: Simulated Penetration Test
Chapter 18: Cloud Pentesting
Chapter 19: Escaping Containers
Chapter 20: Pentesting IoT and SCADA Systems

The chapters in red are included in this Early Access PDF.

Reviews 

Reviews of the first edition:

"Very comprehensive and packed full of great advice."
Christian Kirsch, Rapid7 (Read More)

"For anyone who wants to get involved in the mechanics of penetration testing with Metasploit, this book is an excellent resource."
Tod Beardsley, Rapid7

"Arguably my favorite book for 2012, this is the most complete and comprehensive instruction book for Metasploit that I have seen so far."
Dan Dieterle, Infosec Island (Read More)

"Metasploit is perhaps the most enjoyable book I have come across regarding the uses and functionality of Metasploit. There were so many concepts it refreshed me on, many functions I didn’t know existed and other functions I did not correctly understand even with my years of using Metasploit."
The Ethical Hacker Network (Read More)

"Takes current documentation further and provides a valuable resource for people who are interested in security but don't have the time or money to take a training class on Metasploit. Rating: 10/10"
Slashdot (Read More)

"Metasploit: The Penetration Tester's Guide is a great book about the Metasploit Framework."
Richard Bejtlich, TaoSecurity (Read More)

"My recommendation: Get this book."
Chris Koger, PenTest Magazine

"Whether you are a penetration tester or a technical security professional, quality time spent working through this book will add valuable tools and insight to your professional repertoire."
IEEE Cipher (Read More)

"For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester's Guide is a valuable aid."
Ben Rothke, Security Management (Read More)

"In case you've never used Metasploit or have limited experience with it, I highly recommend the No Starch Press book Metasploit: The Penetration Tester's Guide. It's a great book to get people started, has examples to walk through, and includes more advanced topics for experienced users."
Dark Reading (Read More)

"This book provides all the key information you need to get going with Metasploit in one easily read and referenced package."
Network Security Newsletter

"This title is nothing less than masterful; there is no nook or cranny for the program and its various third-party addons that is not covered."
NeuFutur Magazine (Read More)

"What I really liked about the book was the incorporation of the Metasploit tools and capabilities with a penetration testing methodology."
Vitalisec - Vital Information Security (Read More)

"A big thumbs up from me. It was worth every penny to learn the bits I did and to add clarity to other areas."
Common Exploits (Read More)

"If you are new to Metasploit and want to get up to speed quickly, it's hard to imagine that you'll find a better book."
Citizen428 (Read More)

"The chapters are sized perfectly, giving the reader just enough time to become proficient in many of the different aspects of Metasploit."
Small Town Geeks (Read More)

"An invaluable resource to get those that are new to this tool up and running while also providing experts with a great resource to turn to when help or ideas are needed."
George Romano, Digital Overdrive (Read More)

"The craft of penetration testing is covered deeply and broadly. The book's greatest source of value is how the concepts being applied are explained and demonstrated with well-annotated examples."
Packet Pushers (Read More)

"This book is an essential read for anyone looking to get into the field of Penetration Testing as well as for seasoned veterans."
LokiSec (Read More)

"On the short list of books I would recommend to any security practitioner."
obscuresec (Read More)

"Perfect for someone who is just starting out in security. This book has the honor of being named “the best guide to the Metasploit framework” by Metasploit founder H.D. Moore himself. Not only does the book provide a great crash course into using the powerful Metasploit framework, but it’s also useful for doing vulnerability research."
—Britt Kemp, Bishop Fox Labs