Metasploit : the penetration tester's guide /
by David Kennedy [and others].
- San Francisco : No Starch Press, c2011.
- xxiv, 299 pages : illustrations ; 24 cm.
Includes index.
The absolute basics of penetration testing -- Metasploit basics -- Intelligence gathering -- Vulnerability scanning -- The joy of exploitation -- Meterpreter -- Avoiding detection -- Exploitation using client-side attacks -- Metasploit auxiliary modules -- The social-engineer toolkit -- Fast-track -- Karmetasploit -- Building your own module -- Creating your own exploits -- Parting exploits to the metasploit framework -- Meterpreter scripting -- Simulated penetration test -- Configuring your target machines -- Cheat sheet.
"The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, documentation is lacking and the tool can be hard to grasp for first-time users. Metasploit: A Penetration Tester's Guide fills this gap by teaching you how to harness the Framework, use its many features, and interact with the vibrant community of Metasploit contributors. The authors begin by building a foundation for penetration testing and establishing a fundamental methodology. From there, they explain the Framework's conventions, interfaces, and module system, as they show you how to assess networks with Metasploit by launching simulated attacks. Having mastered the essentials, you'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, devastating wireless attacks, and targeted social engineering attacks. Metasploit: A Penetration Tester's Guide will teach you how to: Find and exploit unmaintained, misconfigured, and unpatched systems Perform reconnaissance and find valuable information about your target Bypass anti-virus technologies and circumvent security controls Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery Use the Meterpreter shell to launch further attacks from inside the network Harness standalone Metasploit utilities, third-party tools, and plug-ins Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to make your own networks more secure or to put someone else's to the test, Metasploit: A Penetration Tester's Guide will take you there and beyond"-- "How to identify and exploit security vulnerabilities with Metasploit, the world's most popular penetration testing framework"--