Paperback: 328 pages
Publisher: No Starch Press; 1 edition (July 25, 2011)
Product Dimensions: 7 x 1.2 x 9.2 inches
Shipping Weight: 1.4 pounds (View shipping rates and policies)
Average Customer Review: 4.6 out of 5 stars See all reviews (116 customer reviews)
Best Sellers Rank: #30,381 in Books (See Top 100 in Books) #17 in Books > Computers & Technology > Security & Encryption > Viruses #27 in Books > Computers & Technology > Security & Encryption > Privacy & Online Safety #29 in Books > Computers & Technology > Networking & Cloud Computing > Network Security
I'm an accomplished test automation/performance engineer, but one area of testing that I'm pretty green at is penetration testing. Luckily, I came across Metasploit: The Penetration Tester's Guide, which is a book about penetration testing using the opensource Metasploit Framework testing and is a great introduction to security testing in general. Since I'm a complete novice when it comes to Metasploit, the book was great for getting me started with the basics of the framework. (A more experience Metasploit user, however, will probably want to read something a bit more advanced.)The book assumes the reader has zero experience, and begins with a brief history of Metasploit and how to install it. Although you don't need to be a programmer to read it, most of the examples are written in Ruby and Python. You should also be familiar with Linux and how to set up VMs.Overall, the book is written with a hands-on, tutorial-like style that is great for people like me who prefer to learn by doing. The book is a progression, beginning by establishing the methodologies/phases and terminology of penetration testing and an intro to the utilities and functions within the Metasploit framework. The first few chapters are a great help in getting up to speed on what penetration testing is and provide a nice overview of the different phases of a penetration test. The author then walks you through how to identify different types of vulnerabilities and how to exploit them using the tool. I really liked the sections on how to attack MS SQL, Browser-Based & File exploits and Social Engineering attacks. Many different modules of the framework are covered, as well as how to create a module. The book ends with a realistic simulation of an actual penetration test.
The book covers the basics of using Metasploit with other related tools (SET and Fast-Track). If the reader is expecting to become a penetration tester expert by reading this book then I will say that the expectations are wrong. The author has managed to put in a single book the methodology used for penetration testing, named as PTES (Penetration Testing Execution Standard) and described as the redefined methodology for penetration testing and a general overview of the Metasploit framework, how it works, how is composed and how you can leverage the power of using this framework to make adaptations in different situations or scenarios. Also the author has recalled the fact that every situation is different and the penetration tester should deal with obstacles that he may find in the way to exploit a system.The author begins the book by describing the PTES methodology and also referring the user to the penetration standard organization website in order to get more information (for people that are new in penetration testing). Then the author moves on with the metasploit basics, explaining the terminology and how the framework is composed. It also makes a brief explanation about Metasploit Express and Metasploit Pro. In the Chapter 2 the book deals with an important step (information gathering), if not the most important, when conducting a penetration test. People tend to overlook this step because sometimes it will not have the "expected" fun necessary but users should understand that the success of exploiting a system is the time spent on gathering information of the target. The information gathering process, in this book, covers the identification of the target and the discovery of different applications or possible attack vectors.
Metasploit: The Penetration Tester's Guide The Car Hacker's Handbook: A Guide for the Penetration Tester Hacking: Beginner's Guide to Computer Hacking, Basic Security, Penetration Testing (Hacking, How to Hack, Penetration Testing, Basic security, Computer Hacking) Hacking: How to Hack Computers, Basic Security and Penetration Testing (Hacking, How to Hack, Hacking for Dummies, Computer Hacking, penetration testing, basic security, arduino, python) Hacking: Basic Security, Penetration Testing and How to Hack (hacking, how to hack, penetration testing, basic security, arduino, python, engineering) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) Software Test Engineering with IBM Rational Functional Tester: The Definitive Resource Hacking: Beginner to Expert Guide to Computer Hacking, Basic Security, and Penetration Testing (Computer Science Series) Hacking: Wireless Hacking, How to Hack Wireless Networks, A Step-by-Step Guide for Beginners (How to Hack, Wireless Hacking, Penetration Testing, Social ... Security, Computer Hacking, Kali Linux) HACKING: Beginner's Crash Course - Essential Guide to Practical: Computer Hacking, Hacking for Beginners, & Penetration Testing (Computer Systems, Computer Programming, Computer Science Book 1) Hacking: How to Computer Hack: An Ultimate Beginner's Guide to Hacking (Programming, Penetration Testing, Network Security) (Cyber Hacking with Virus, Malware and Trojan Testing) Hacking: The Ultimate Beginners Guide (Computer Hacking, Hacking and Penetration, Hacking for dummies, Basic security Coding and Hacking) (Hacking and Coding Book 1) Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Hacking: The Beginners Crash Course: Penetration Testing, Computer Hacking & Basic Security Wireless Hacking: How To Hack Wireless Network (How to Hack, Wireless Hacking, Penetration Testing, Social ... Security, Computer Hacking, Kali Linux) Google Hacking for Penetration Testers, Third Edition Hacking: Basic Security, Penetration Testing, and How to Hack Kali Linux Wireless Penetration Testing Essentials Learning Kali Linux: An Introduction to Penetration Testing