San Francisco, CA, July 7, 2011—The free and open source Metasploit Framework is the most popular suite of penetration testing tools in the world, with more than one million downloads yearly. But despite its popularity, Metasploit has—until now—lacked an authoritative user's guide.
Hailed by HD Moore, the founder of the Metasploit Project, as "the best guide to the Metasploit Framework available today," Metasploit: The Penetration Tester's Guide (No Starch Press, July 2011, 328 pp., $49.95, ISBN 9781593272883) teaches readers how to identify vulnerabilities in networks by using Metasploit to launch simulated attacks. The book's authors, acknowledged Metasploit gurus, begin by building a foundation for penetration testing and establishing a methodology. From there, they explain the Framework's conventions, interfaces, and module system, and then move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, devastating wireless attacks, and targeted social-engineering attacks.
"These days, everyone's a target," said No Starch Press founder Bill Pollock. "Consider Sony PlayStation, Lockheed Martin, the IMF, and Citigroup—all attacked in big ways, just this year. We're excited to release Metasploit: The Penetration Tester's Guide at this critical time because every business needs to make sure that its networks are secure. The Metasploit Framework is arguably the most powerful tool we have in our arsenal."
Metasploit: The Penetration Tester's Guide shows penetration testers how to:
- Find exploits in unmaintained, misconfigured, and unpatched systems
- Perform reconnaissance and find valuable information about a target
- Bypass antivirus technologies and circumvent security controls
- Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
- Use the Meterpreter shell to launch attacks from inside a network
- Harness stand-alone Metasploit utilities, third-party tools, and plug-ins
- Learn how to write Meterpreter post exploitation modules and scripts
Whether readers' goals are to secure their own network or to put someone else's to the test, Metasploit: The Penetration Tester's Guide is without doubt the essential guide to using Metasploit.