Metasploit: The Penetration Tester's Guide
- Downloads:6706
- Type:Epub+TxT+PDF+Mobi
- Create Date:2021-09-11 09:53:36
- Update Date:2025-09-06
- Status:finish
- Author:David Kennedy
- ISBN:159327288X
- Environment:PC/Android/iPhone/iPad/Kindle
- Download
Summary
"The best guide to the Metasploit Framework。" —HD Moore, Founder of the Metasploit ProjectThe Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless。 But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users。 Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors。
Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks。 You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks。
Learn how to:
Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks。 Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond。
Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks。 You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks。
Learn how to:
Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks。 Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond。
Reviews
Kerszi
,
Książkę kupiłem dobrych parę lat temu i niestety dopiero teraz ją przeczytałem (wydanie I)。 To był ogromny błąd, że tak późno。 Książka dosyć mocno się zdezaktualizowała。 Metasploit jest już wersji 6 (rok 2021) a nie 3, ludzie już prawie zapomnieli o Windowsie XP。 Nie ma już Backtrack, ale jest Kali Linux。 Połączenie z bazą danych przez Msf teraz trochę inaczej wygląda, ale podstawy do nauki i ogólne zasady pozostały。 Ogólnie poćwiczyć można też na starych obrazach metasploitable。 Miejscami książ Książkę kupiłem dobrych parę lat temu i niestety dopiero teraz ją przeczytałem (wydanie I)。 To był ogromny błąd, że tak późno。 Książka dosyć mocno się zdezaktualizowała。 Metasploit jest już wersji 6 (rok 2021) a nie 3, ludzie już prawie zapomnieli o Windowsie XP。 Nie ma już Backtrack, ale jest Kali Linux。 Połączenie z bazą danych przez Msf teraz trochę inaczej wygląda, ale podstawy do nauki i ogólne zasady pozostały。 Ogólnie poćwiczyć można też na starych obrazach metasploitable。 Miejscami książka jest dosyć trudna i jest wymagana wiedza o assemblerze。 Widziałem wydanie II, ale to już nie ci sami autorzy。 Ogólnie polecam。 。。。more
michalisp
,
Easy to read and well structured。 Although the content is very basic。 This is a book for a complete beginner。
Timoteo
,
Unfortunately, it's old Unfortunately, it's old 。。。more
Ahmet Gürdal
,
METASPLOIT – THE PENETRATION TESTER’S GUIDEThis book has around 300 pages and 4 authors wrote this book: (From the book)David Kennedy is the chief information security officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), FastTrack and other open-source tools。 He is also on the BackTrack and ExploitDB development team and is a core member of the Social-Engineer podcast and framework。Jim O’Gorman is a professional penetration tester with CSC’s StrikeForce, a co-founder METASPLOIT – THE PENETRATION TESTER’S GUIDEThis book has around 300 pages and 4 authors wrote this book: (From the book)David Kennedy is the chief information security officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), FastTrack and other open-source tools。 He is also on the BackTrack and ExploitDB development team and is a core member of the Social-Engineer podcast and framework。Jim O’Gorman is a professional penetration tester with CSC’s StrikeForce, a co-founder of Scoail-Engineer。org and an instructor at Offensive-Security。 He is involved in digital investigations and malware analysis and helped build forensic capabilities into BackTrack Linux。Devon Kearns is an instructor at Offensive-Security, a BackTrack Linux developer and administrator of the ExploitDB。 He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki。Mati Aharoni is the creator of the BackTrack Linux distribution and founder of Offensive-Security。ABOUT the BOOKAfter giving a basic story of the book and the Metasploit tool。 it starts with the Metasploit basics。Basic terminologies like exploit, payload, shellcode, module and listener then authors explained Metasploit interfaces like msfconsole, msfcli(armitage) and Metasploit utilities like msfpayload and msfencode。 It shows the intelligence-gathering tools; whois, Netcraft, nslookup, Nmap tool and basic usage knowledge of these tools。 Then continues with the Metasploit intelligence gathering modules like auxiliary and scanners and contains port scanning and network management protocol sweeping techniques and some other custom service scanners。 Then you will see vulnerability scanning, scanning with NeXpose and Nessus usage, configuration and basic explanation about the tool then importing the report of these tools to the Metasploit and running them within the Metasploit framework。 It also contains scanning the SMB logins, OpenVNC, OpenX11 Servers。 Exploitation starts with the “The Joy of the Exploitations” chapter with the classic exploit, ms08_067_netapi, the authors show how to use an exploit in the Metasploit framework, basic commands, options, etc。 After successful exploitation, you need to know what a hacker can do with the targeted machine。 So, you can learn the meterpreter shell。 Beginning to end; it goes like scanning the target machine and gathering information and with the correct exploit and gaining a meterpreter shell。However, it is not always easy to exploit a system, you will encounter some antivirus, firewalls, etc。 So, avoiding detection with encoding your payload with the Metasploit tools as msfpayload and msfencode。 Hackers’ job is not finished after gaining access to the system and getting what they want to get, they need to cover their tracks in the system。 After all that, you find browser-based exploits, file format exploits, sending the payloads, social engineering tools like toolkits, phishing attacks, web attack vectors, infectious media generations, etc。Wireless Security Tools topic covered with Karmetasploit that is developed by Dino Dai Zovi and Shane Macaulay and you will also build your own modules, exploits and meterpreter scripts, port exploits to the metasploit。 。。。more
Mahendra
,
i want to read this。
Ben Richards
,
A great, easy to read and follow along with introductory book for Metasploit。 As someone who had previous knowledge, I still enjoyed reading this book from start to finish in order to cement Concepts I knew and learn things I didn’t。
Dan
,
"The best guide to the Metasploit Framework。"—HD Moore, Founder of the Metasploit Project \The Metasploit Framework is a powerful suite of tools that security researchers use to investigate and resolve potential network and system vulnerabilities。 Metasploit: The Penetration Tester's Guide shows readers how to assess networks by using Metasploit to launch simulated attacks that expose weaknesses in their security。 "The best guide to the Metasploit Framework。"—HD Moore, Founder of the Metasploit Project \The Metasploit Framework is a powerful suite of tools that security researchers use to investigate and resolve potential network and system vulnerabilities。 Metasploit: The Penetration Tester's Guide shows readers how to assess networks by using Metasploit to launch simulated attacks that expose weaknesses in their security。 。。。more
John Nye
,
I have gone through a paper copy of this book (that is exceedingly rare for me) that was much marked-up, dog-eared, and falling apart before I bought the Kindle version。 Still one of the most useful reference books I use as a go-to whenever I get the pleasure of using Metasploit again。 Lately, I have been doing more speaking and writing。 But anyone who is a penetration tester looking to add to their library should absolutely have this book。 Not only is it terribly informative, Dave does an amazi I have gone through a paper copy of this book (that is exceedingly rare for me) that was much marked-up, dog-eared, and falling apart before I bought the Kindle version。 Still one of the most useful reference books I use as a go-to whenever I get the pleasure of using Metasploit again。 Lately, I have been doing more speaking and writing。 But anyone who is a penetration tester looking to add to their library should absolutely have this book。 Not only is it terribly informative, Dave does an amazing job of making the technical content entertaining。 That alone is worth the cover price, even if you're not a hacker。 Happy hacking and hack all the things。 See you all at DEF CON and DerbyCon 。。。more
M。 Cetin
,
This book is not just about Metasploit。 It is also a great InfoSec and Pen。 Testing book。 A must read for anyone who wants to get into or master the field。 No repetitions, well written, full of examples。
Ahmed Alkatheeri
,
Very good book for beginning to learn penetration testing from gathering informaiton to covering tracks。 Also it has many examples of how to use Metasploit framework on hacking scenarios。 However, if example not work you can find alternative tutorials for specific section using Google。
Randy
,
Along with nMap and Burpsuite, one of the indispensable tools of the trade。 So much more to learn - the firehose never turns off, one just learns to take larger gulps at a time。 Waving, not drowning。
Ankit
,
A must read for all exploit development enthusiasts and penetration testers。 More of a handbook to keep by your side。
Jason
,
Although the principles within this book are still relevant and very helpful, the book is outdated and a revised version hasn't been published。 An even newer version of Metasploit is being released at DEFCON 23 which will further make this book obsolete。 Although the principles within this book are still relevant and very helpful, the book is outdated and a revised version hasn't been published。 An even newer version of Metasploit is being released at DEFCON 23 which will further make this book obsolete。 。。。more
Kenneth Miller
,
Bought this with IASP scholarship money。 Read it front to back, was not required by any class。
Tom
,
This book was great but it is quickly dated。 A lot of the information is now online but that is ok its still a great place for a beginner to start。
Eric Gragsone
,
I mainly picked this up for the chapter on the Social-Engineering Toolkit, but I felt much of the content for both SET and Metasploit was already well documented online (http://www。offensive-security。com/met。。。)。 But if you prefer serial content over hyperlinked, then this is a decent version。 I mainly picked this up for the chapter on the Social-Engineering Toolkit, but I felt much of the content for both SET and Metasploit was already well documented online (http://www。offensive-security。com/met。。。)。 But if you prefer serial content over hyperlinked, then this is a decent version。 。。。more
L3ghost
,
Great book but, it is outdated。 For people wanting to read this book, I recommend reading the manual thats in Kali(new bt5)。
Charles Bellefleur
,
This book serves as an excellent way to learn the Metasploit framework。 Very clear and detailed information, well explained and a great structure makes it easy to follow and assimilate。 Only chapter that could have been better is the "real-life example of a complete pen test"。 This book serves as an excellent way to learn the Metasploit framework。 Very clear and detailed information, well explained and a great structure makes it easy to follow and assimilate。 Only chapter that could have been better is the "real-life example of a complete pen test"。 。。。more
Joe Visconti
,
A very technical book that can get you up and running on metasploit; if you are patient
Allyn
,
I have occasionally played Metasploit with friends and recently started playing at home, so this seemed like a good guide。 The first chapter adds some interesting commentary to the storyline but can be skipped by those not completely interested in the thin plot。 Other than that, this book is a standard walkthrough with some hints and easter eggs。 My biggest complaint is that even after reading this book cover to cover, I'm still trying to figure out how to beat this game。 I have occasionally played Metasploit with friends and recently started playing at home, so this seemed like a good guide。 The first chapter adds some interesting commentary to the storyline but can be skipped by those not completely interested in the thin plot。 Other than that, this book is a standard walkthrough with some hints and easter eggs。 My biggest complaint is that even after reading this book cover to cover, I'm still trying to figure out how to beat this game。 。。。more
Patrick
,
A fantastic resource。 I think that if I worked in the field, I'd make this a book to reread regularly。 Each time you'd pick out more useful details。 A fantastic resource。 I think that if I worked in the field, I'd make this a book to reread regularly。 Each time you'd pick out more useful details。 。。。more
F
,
it's the best book that's i ever read it 。。 it's open my eyes to sea everything that's i wasn't sea it before 。。i really enjoy to read all the book and i was so sad because the book is finish ! 。。 and know i recommend every one to read this book to know how thing work and to sea the world in really life 。。 thaks to u Devid kenndy FOR the writting the book and shared whit us ! it's the best book that's i ever read it 。。 it's open my eyes to sea everything that's i wasn't sea it before 。。i really enjoy to read all the book and i was so sad because the book is finish ! 。。 and know i recommend every one to read this book to know how thing work and to sea the world in really life 。。 thaks to u Devid kenndy FOR the writting the book and shared whit us ! 。。。more
Justin Andrusk
,
Great starter book for the MSF。
عَبدُالكَرِيمْ
,
Probably one of the best penetration testing books I have ever read。 You will need basic linux knowledge and a backtrack distro to be able to get most of this book。 It first teaches you the basics of Metasploit then you go deeper and deeper。 some of the commands are outdated however I am pretty sure a hacker like you can manage to get him/herself updated。 And remember: Hugs are always better than handshakes !!;-)
Wolfgang Barthel
,
One of the best Metasploit books out there。 It covers the basics but also some more advanced stuff very useful in my daily pentesting live out there :)
Sien
,
Its david kennedy you really can't say any thing else。 Your going to get the best from the best。 Its david kennedy you really can't say any thing else。 Your going to get the best from the best。 。。。more
Billy
,
This book is great for anyone trying to pick up advanced metasploit methodology。 Great as a reference and for first timers that want a complete walk through。
Alex
,
Its too short, mostly novice tutorials。Last chapters on exploit development / adapting side exploits for Metasploit Framework and scripting were best but still too thin。This book is more like introduction articles on Metasploit / SET / Fast Track / etc。 Such famous authors could write multiple thousand+ pages volumes on each topic for good I think。
Timo
,
A good introductory to the different ways of using Metasploit。 Since I had already some previous experience using Metasploit my favorite chapters were the one covering usage of Meterpreter and how to create your own module or how to port your own exploits to Metasploit framework。 In the end of the book there was also a nice chapter how to set up a small and vulnerable network for testing different attacks which I also found a good addition to the book。
Patrick Vinge
,