Metasploit : The Penetration Tester’s Guide


Here is the core information about the book,

  • Title: Metasploit: The Penetration Tester’s Guide
  • Author: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni
  • Publisher: No Starch Press
  • Pages: 328
  • Release Date: July 22, 2011


Here is the table of contents

Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Basics
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Scanning
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Exploitation Using Client-side Attacks
Chapter 9: Metasploit Auxiliary Modules
Chapter 10: The Social-Engineer Toolkit
Chapter 11: Fast-Track
Chapter 12: Karmetasploit
Chapter 13: Building Your Own Module
Chapter 14: Creating Your Own Exploits
Chapter 15: Porting Exploits to the Metasploit Framework
Chapter 16: Meterpreter Scripting
Chapter 17: Simulated Penetration Test
Appendix A: Configuring Your Target Machines
Appendix B: Cheat Sheet


Initial chapters (from 1-5) covers the basics in good detail, goes on to show how to easily and quickly launch exploit from Metasploit. Good for beginners and quick refresh for experts who are back from Amazon jungles after adventurous trip.

Chapter 6 showcases the power of Meterpreter with capturing keystrokes, dumping passwords, pivoting to other systems, post exploitation modules etc. In real pen testing, often exploits fail because big brother is around. Chap 7 walks you through process of bypassing these annoying Antivirus using techniques such as multi-encoding, custom executable templates, packers etc. Next chapter deals with client side attacks using browser (with famous Aurora exploit as example) and file format exploits. Chap 9 shows how Auxilary modules can be very useful with webdav_scanner example.


Chapter 10 covers Social Engineer Toolkit (SET) – popular framework to seamlessly launch social engineering attacks using Metasploit. Here author demonstrates basic to advanced attack vectors such as Spear-Phishing, Client side Web attacks, Password Harvesting, Web Jacking, Teensay USB HID media attacks etc. Next chapter deals with Fast-Track – another toolkit for advanced pen testing using Metasploit explaining how how one can use FastTrack to quickly launch mssql attacks and massive client side attacks without much efforts. Chapter 12 shows how to use Karmetasploit to launch wireless attacks and then perform password harvesting, launching redirected client side attacks.


Chapter 13 to 16 are meant for advanced users and researchers who would like to develop their own auxilary modules, exploits, port existing exploit to Metasploit and Meterpreter scripts.  Each chapter takes existing example and then shows how to write your own in step by step practical approach. Final chapter is about applying what you have learnt so far in this book to Pen Testing, starting with port scanning to post exploitation of the pwned target!


Written by well known authors who stand on their own for their contribution in the security space, this book is just mirror image of their expertise.

Highlights of the Book

  • Very well written, fun to read this book
  • Tips and techniques to make you smarter while on Metasploit
  • Technical concepts are explained briefly wherever required.
  • Appendix A helps to setup your own local playground using virtual boxes and Metasploitable


Practical examples in every chapter are well illustrated with Metasploit outputso you don’t have to be in front of PC while reading it. However having hands-on parallely, mainly for advanced topics will make it very effective.