San Francisco, CA, July 7, 2011—The free and open source Metasploit Framework is the most popular suite of penetration testing tools in the world, with more than one million downloads yearly. But despite its popularity, Metasploit has—until now—lacked an authoritative user's guide.
Hailed by HD Moore, the founder of the Metasploit Project, as "the best guide to the Metasploit Framework available today," Metasploit: The Penetration Tester's Guide (No Starch Press, July 2011, 328 pp., $49.95, ISBN 9781593272883) teaches readers how to identify vulnerabilities in networks by using Metasploit to launch simulated attacks. The book's authors, acknowledged Metasploit gurus, begin by building a foundation for penetration testing and establishing a methodology. From there, they explain the Framework's conventions, interfaces, and module system, and then move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, devastating wireless attacks, and targeted social-engineering attacks.
"These days, everyone's a target," said No Starch Press founder Bill Pollock. "Consider Sony PlayStation, Lockheed Martin, the IMF, and Citigroup—all attacked in big ways, just this year. We're excited to release Metasploit: The Penetration Tester's Guide at this critical time because every business needs to make sure that its networks are secure. The Metasploit Framework is arguably the most powerful tool we have in our arsenal."
Metasploit: The Penetration Tester's Guide shows penetration testers how to:
- Find exploits in unmaintained, misconfigured, and unpatched systems
- Perform reconnaissance and find valuable information about a target
- Bypass antivirus technologies and circumvent security controls
- Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
- Use the Meterpreter shell to launch attacks from inside a network
- Harness stand-alone Metasploit utilities, third-party tools, and plug-ins
- Learn how to write Meterpreter post exploitation modules and scripts
Whether readers' goals are to secure their own network or to put someone else's to the test, Metasploit: The Penetration Tester's Guide is without doubt the essential guide to using Metasploit.
About the Authors
David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at several security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.
Jim O'Gorman is a professional penetration tester with CSC's StrikeForce, co-founder of Social-Engineer.org, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.
Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.
Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.
Additional Resources
Chapter 8: "Exploitation Using Client-Side Attacks" (PDF)
Table of Contents
Detailed Table of Contents (PDF)
Index (PDF)
No Starch Press Catalog Page
Available in fine bookstores everywhere, from http://www.oreilly.com/nostarch, or directly from No Starch Press (http://www.nostarch.com, [email protected], 1-800-420-7240).
About No Starch Press
Founded in 1994, No Starch Press is one of the few remaining independent computer book publishers. We publish the finest in geek entertainment—unique books on technology, with a focus on open source, security, hacking, programming, alternative operating systems, LEGO, science, and math. Our titles have personality, our authors are passionate, and our books tackle topics that people care about. Visit http://www.nostarch.com for a complete catalog.
About O'Reilly
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.
# # #
O'Reilly is a registered trademark of O'Reilly Media, Inc. All other trademarks are the property of their respective owners.