book

Metasploit, 2nd Edition

by David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman

January 2025

Intermediate to advanced

288 pages

7h 12m

English

No Starch Press

Read now

Unlock full access

Praise for Metasploit, 2nd Edition
Title Page
Copyright
About the Authors and About the Technical Reviewer
Foreword to the First Edition
Acknowledgments
Special Thanks
Introduction
Why Do a Penetration Test?Why Metasploit?About This BookWhat’s New to This EditionA Note on Ethics
1. The Absolute Basics of Penetration Testing
The Phases of the PTESPreengagement InteractionsIntelligence GatheringThreat ModelingVulnerability AnalysisExploitationPost ExploitationReportingTypes of Penetration TestsOvertCovertVulnerability ScannersInstalling Kali, Metasploit, and MetasploitableWrapping Up
2. Metasploit Fundamentals
TerminologyExploitPayloadShellcodeModuleListenerMetasploit InterfacesMSFconsoleResource ScriptsArmitage and Cobalt StrikeMetasploit UtilitiesMSFvenomNASM ShellMetasploit ProWrapping Up

3. Intelligence Gathering
Passive Information GatheringWhois LookupsNetcraftDNS AnalysisActive Information GatheringPort Scanning with NmapPort Scanning with MetasploitTargeted ScanningScanning for Server Message BlockHunting for Poorly Configured Microsoft SQL ServersScanning for S3 BucketsScanning for SSH Server VersionScanning for FTP ServersSweeping for Simple Network Management ProtocolWriting a Custom ScannerWrapping Up
4. Vulnerability Analysis
The Basic Vulnerability ScanScanning with NexposeConfiguring NexposeImporting Reports into MetasploitRunning Nexpose in MSFconsoleScanning with NessusConfiguring NessusCreating ScansCreating Scan PoliciesViewing ReportsImporting Results into MetasploitNessus Scanning in MetasploitSpecialty Vulnerability ScannersValidating SMB LoginsFinding Scanners for Recent ExploitsWrapping Up
5. The Joy of Exploitation
Basic ExploitationSearching for an ExploitsearchsploitinfoSelecting an Exploitshow payloadsshow targetsset and unsetsetg and unsetgsaveexploitExploiting a Windows MachineExploiting an Ubuntu MachineWrapping Up
6. Meterpreter
Compromising a Windows Virtual MachinePort Scanning with NmapBrute-Forcing MySQL Server AuthenticationUploading User-Defined FunctionsBasic Meterpreter CommandsCapturing ScreenshotsFinding Platform InformationCapturing KeystrokesExtracting Password HashesPassing the HashMimikatz and KiwiPrivilege EscalationLateral Movement TechniquesToken ImpersonationDCSync and Golden Ticket AttacksOther Useful Meterpreter CommandsEnabling Remote Desktop ServicesViewing All Traffic on a TargetScraping a SystemEstablishing PersistenceManipulating Windows APIs with RailgunPivoting to Other SystemsWrapping Up
7. Avoiding Detection
Creating Stand-Alone Binaries with MSFvenomEncoding with MSFvenomPacking ExecutablesCustom Executable TemplatesLaunching Payloads StealthilyEvasion ModulesDeveloping Custom PayloadsGenerating Executables from Python FilesWrapping Up
8. Social Engineering
Updating and Configuring the Social-Engineer ToolkitSpear-Phishing AttacksSetting Up an Email ServerSending Malicious EmailPhishing with GophishWeb AttacksUsername and Password HarvestingTabnabbingBypassing Two-Factor AuthenticationInfectious Media Generation AttacksWrapping Up
9. Client-Side Attacks
Browser-Based ExploitsFinding Exploits in MetasploitAutomating Exploitation with AutoPwn2Finding Even More Recent ExploitsFile-Format ExploitsExploiting Word DocumentsSending PayloadsWrapping Up
10. Wireless Attacks
Connecting to Wireless AdaptersMonitoring Wi-Fi TrafficDeauth and DoS AttacksCapturing and Cracking HandshakesEvil Twin AttacksSniffing Traffic with MetasploitHarvesting Credentials with the Wi-Fi PineappleWrapping Up
11. Auxiliary Modules
Exploring Auxiliary ModulesSearching for HTTP ModulesCreating an Auxiliary ModuleWriting the ModuleRunning the ModuleDebugging the ModuleWrapping Up
12. Porting Exploits to the Framework
Assembly Language BasicsEIP and ESP RegistersThe JMP Instruction SetNOPs and NOP SlidesDisabling ProtectionsPorting Buffer OverflowsStripping Existing ExploitsConfiguring the Exploit DefinitionTesting the Base ExploitImplementing Features of the FrameworkAdding RandomizationRemoving the NOP SlideRemoving the Dummy ShellcodePorting an SEH Overwrite ExploitWrapping Up
13. Building Your Own Modules
Getting Command Execution on MS SQLEnabling Administrator-Level ProceduresRunning the ModuleExploring the Module CodeCreating a New ModuleEditing an Existing ModuleRunning the Shell ExploitDefining the ExploitUploading PowerShell ScriptsRunning the ExploitWrapping Up
14. Creating Your Own Exploits
The Art of FuzzingDownloading the Test ApplicationWriting the FuzzerTesting the FuzzerControlling the Structured Exception HandlerHopping Around RestrictionsGetting a Return AddressIncluding Backward Jumps and Near JumpsAdding a PayloadBad Characters and Remote Code ExecutionWrapping Up
15. A Simulated Penetration Test
Preengagement InteractionsIntelligence GatheringThreat ModelingExploitationExecuting the ExploitEstablishing PersistencePost ExploitationScanning the Linux SystemIdentifying Vulnerable ServicesAttacking Apache TomcatAttacking Obscure ServicesCovering Your TracksWrapping Up
16. Pentesting the Cloud
Cloud Security BasicsIdentity and Access ManagementServerless FunctionsStorageDocker ContainersSetting Up Cloud Testing EnvironmentsContainer TakeoversEscaping Docker ContainersKubernetesWrapping Up
A. Configuring Your Lab Environment
x86 and AMD64ARM and Apple SiliconInstalling Kali Meta Packages
B. Cheat Sheet
MSFconsoleMeterpreterMSFvenomMeterpreter Post Exploitation
Index

Overview

Metasploit: The Penetration Tester’s Guide has been the definitive security assessment resource for over a decade. The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless, but using it can be challenging for newcomers.

Written by renowned ethical hackers and industry experts, this fully updated second edition includes:

Advanced Active Directory and cloud penetration testing
Modern evasion techniques and payload encoding
Malicious document generation for client-side exploitation
Coverage of recently added modules and commands

Starting with Framework essentials—exploits, payloads, Meterpreter, and auxiliary modules—you’ll progress to advanced methodologies aligned with the Penetration Test Execution Standard (PTES). Through real-world examples and simulated penetration tests, you’ll:

Conduct network reconnaissance and analyze vulnerabilities
Execute wireless network and social engineering attacks
Perform post-exploitation techniques, including privilege escalation
Develop custom modules in Ruby and port existing exploits
Use MSFvenom to evade detection
Integrate with Nmap, Nessus, and the Social-Engineer Toolkit

Whether you’re a cybersecurity professional, ethical hacker, or IT administrator, this second edition of Metasploit: The Penetration Tester’s Guide is your key to staying ahead in the ever-evolving threat landscape.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

The Web Application Hacker's Handbook, 2nd Edition

Publisher Resources

ISBN: 9798341620032Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills