Metasploit Cover


The Penetration Tester's Guide
by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni
July 2011, 328 pp.

Metasploit, 2nd edition coming soon. Click here for details.

"The best guide to the Metasploit Framework." —HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you've built your foundation for penetration testing, you’ll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

Author Bio 

David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.

Jim O'Gorman (Elwood) is a professional penetration tester, an instructor at Offensive Security, and manages Offensive Security’s consulting services. Jim has lived online from the times of BBS’s, to FidoNet, to when SLIP connections were the new hotness. Jim spends time on network intrusion simulation, digital investigations, and malware analysis. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.

Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.

Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.

Table of contents 

Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Basics
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Scanning
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Exploitation Using Client-side Attacks
Chapter 9: Metasploit Auxiliary Modules
Chapter 10: The Social-Engineer Toolkit
Chapter 11: Fast-Track
Chapter 13: Building Your Own Module
Chapter 14: Creating Your Own Exploits
Chapter 15: Porting Exploits to the Metasploit Framework
Chapter 16: Meterpreter Scripting
Chapter 17: Simulated Penetration Test
Appendix A: Configuring Your Target Machines
Appendix B: Cheat Sheet

View the detailed Table of Contents (PDF)
View the Index (PDF)


Selected by Cyber Defense Magazine as 1 of 100 Best CyberSecurity Books

"Very comprehensive and packed full of great advice."
Christian Kirsch, Rapid7 (Read More)

"For anyone who wants to get involved in the mechanics of penetration testing with Metasploit, this book is an excellent resource."
Tod Beardsley, Rapid7

"Arguably my favorite book for 2012, this is the most complete and comprehensive instruction book for Metasploit that I have seen so far."
Dan Dieterle, Infosec Island (Read More)

"Metasploit is perhaps the most enjoyable book I have come across regarding the uses and functionality of Metasploit. There were so many concepts it refreshed me on, many functions I didn’t know existed and other functions I did not correctly understand even with my years of using Metasploit."
The Ethical Hacker Network (Read More)

"Takes current documentation further and provides a valuable resource for people who are interested in security but don't have the time or money to take a training class on Metasploit. Rating: 10/10"
Slashdot (Read More)

"Metasploit: The Penetration Tester's Guide is a great book about the Metasploit Framework."
Richard Bejtlich, TaoSecurity (Read More)

"My recommendation: Get this book."
Chris Koger, PenTest Magazine

"Whether you are a penetration tester or a technical security professional, quality time spent working through this book will add valuable tools and insight to your professional repertoire."
IEEE Cipher (Read More)

"For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester's Guide is a valuable aid."
Ben Rothke, Security Management (Read More)

"In case you've never used Metasploit or have limited experience with it, I highly recommend the No Starch Press book Metasploit: The Penetration Tester's Guide. It's a great book to get people started, has examples to walk through, and includes more advanced topics for experienced users."
Dark Reading (Read More)

"This book provides all the key information you need to get going with Metasploit in one easily read and referenced package."
Network Security Newsletter

"This title is nothing less than masterful; there is no nook or cranny for the program and its various third-party addons that is not covered."
NeuFutur Magazine (Read More)

"What I really liked about the book was the incorporation of the Metasploit tools and capabilities with a penetration testing methodology."
Vitalisec - Vital Information Security (Read More)

"A big thumbs up from me. It was worth every penny to learn the bits I did and to add clarity to other areas."
Common Exploits (Read More)

"If you are new to Metasploit and want to get up to speed quickly, it's hard to imagine that you'll find a better book."
Citizen428 (Read More)

"The chapters are sized perfectly, giving the reader just enough time to become proficient in many of the different aspects of Metasploit."
Small Town Geeks (Read More)

"An invaluable resource to get those that are new to this tool up and running while also providing experts with a great resource to turn to when help or ideas are needed."
George Romano, Digital Overdrive (Read More)

"The craft of penetration testing is covered deeply and broadly. The book's greatest source of value is how the concepts being applied are explained and demonstrated with well-annotated examples."
Packet Pushers (Read More)

"This book is an essential read for anyone looking to get into the field of Penetration Testing as well as for seasoned veterans."
LokiSec (Read More)

"On the short list of books I would recommend to any security practitioner."
obscuresec (Read More)

"Perfect for someone who is just starting out in security. This book has the honor of being named “the best guide to the Metasploit framework” by Metasploit founder H.D. Moore himself. Not only does the book provide a great crash course into using the powerful Metasploit framework, but it’s also useful for doing vulnerability research."
—Britt Kemp, Bishop Fox Labs


Please note that some of the following errors have been corrected in newer printings of the book.

Universal Changes
Throughout the book, all instances of text in the first column should be substituted for the text in the second column:
db_services services
db_hosts    hosts
db_vulns    vulns
db_creds    creds
db_notes    notes

Page 4
In the Types of Penetration Tests section, "An overt pen test, or 'white hat' test" should read "'white box' test." (Similarly, a "covert pen test" can also be called a "black box test.")

Page 10
In the last paragraph, the first sentence which reads "You can see that the module requires three options: RHOST, RPORT, and SMPIPE" should instead read "You can see that the module requires three options: RHOST, RPORT, and SMBPIPE".

Page 21
In the Importing Nmap Results into Metasploit section, "nmap -Pn -sS -A -oX Subnet1" should read "nmap -Pn -sS -A -oX Subnet1.xml"

Page 25
In sentence two of the Port Scanning With Metasploit section, "his process called" should read, "this process called."

Page 28
For the scanner/ssh/ssh_version, the RHOSTS parameter must be set to

Page 30
At the msf prompt, the command use appears twice, but should only appear once.

Page 52
In the code block, the following line:
Should read:

Page 80
In the first sentence of paragraph two, "we used the mssql_ping module" should read "we used the mssql_login module."

Page 82
In the first line of the last paragraph, "use" should read "user".

Page 205

Due to a production error, Figure 14-4 is incorrect. A replacement is below:
Metasploit Figure 14-4

Page 216
The term ESP refers to the execution stack pointer.

Page 270
In the first paragraph, "Select Mixed Mode, set a sa login password of password1, and then continue with the installation" should instead read: "Select Mixed Mode, set a sa login password of password123, and then continue with the installation."

Page 272
In item 2 under the heading Creating a Vulnerable Web Application, "log in using the username sa and the password password1" should instead read: "log in using the username sa and the password password123."