Metasploit: The Penetration Tester's Guide and over 2 million other books are available for Amazon Kindle . Learn more

Sign in to turn on 1-Click ordering.
Trade in Yours
For a 10.61 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Start reading Metasploit: The Penetration Tester's Guide on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Metasploit: The Penetration Tester's Guide [Paperback]

David Kennedy , Jim O'Gorman , Devon Kearns , Mati Aharoni
4.8 out of 5 stars  See all reviews (13 customer reviews)
Price: 32.50 & FREE Delivery in the UK. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 24 July? Choose Express delivery at checkout. Details


Amazon Price New from Used from
Kindle Edition 14.53  
Paperback 32.50  
Trade In this Item for up to 10.61
Trade in Metasploit: The Penetration Tester's Guide for an Amazon Gift Card of up to 10.61, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

25 July 2011 159327288X 978-1593272883 1
"The best guide to the Metasploit Framework."—HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

Frequently Bought Together

Metasploit: The Penetration Tester's Guide + Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning + The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Price For All Three: 83.57

Buy the selected items together

Product details

  • Paperback: 328 pages
  • Publisher: No Starch Press; 1 edition (25 July 2011)
  • Language: English
  • ISBN-10: 159327288X
  • ISBN-13: 978-1593272883
  • Product Dimensions: 23.3 x 17.7 x 2.9 cm
  • Average Customer Review: 4.8 out of 5 stars  See all reviews (13 customer reviews)
  • Amazon Bestsellers Rank: 22,739 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Authors

Discover books, learn about writers, and more.

Product Description

About the Author

David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.

Jim O'Gorman is a professional penetration tester with CSC's StrikeForce, a co-founder of, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.

Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.

Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

3 star
2 star
1 star
4.8 out of 5 stars
4.8 out of 5 stars
Most Helpful Customer Reviews
7 of 7 people found the following review helpful
5.0 out of 5 stars Worth every Penny. 1 Dec 2011
I've always been interested in penetration testing but oddly enough, I had never used metasploit. So a few weeks ago I bought this book and another one about Metasploit by Syngress. I started with the Syngress one, and it was OK but it was terribly outdated so I literally had to throw it away. This one from NoStarch is a completely different story. For starters, I did a background check on the authors. I was glad to find that some of them are key members of the BackTrack Linux distro, which I'm particularly fond of. The others are well respected professionals of the information security community and have spoken at cons like Blackhat or Defcon.

So considering the experience of the authors I had high expectations and I have to say that they were surpassed.

The book starts off with a nice introduction to Penetration Testing where it explains the different phases of the process and the types of pentests. Then goes on to introduce the actual metasploit framework, covering the basic terminology, the available interfaces and the most important companion tools (msfpayload, msfencode, and so on). However, the fun begins after the introduction, where the authors show how to use metasploit to conduct a penetration test. They divide the process into three phases: intelligence gathering, vulnerability scanning and exploitation. They guide the reader through several step-by-step examples, each one demonstrating different techniques and components. The chapter on the meterpreter is specially detailed and interesting.

Apart from the basic find-a-vuln-and-exploit-it, the book also covers advanced topics such as detection avoidance, client-side attacks or social engineering. It even shows how to hack the framework and build your own modules and exploits.

Summing up...
Read more ›
Comment | 
Was this review helpful to you?
6 of 6 people found the following review helpful
4.0 out of 5 stars An excellent introduction. 23 Aug 2011
By ASmith
Format:Kindle Edition
This book is exactly what you expect from start to finish if you are judging by the title. The authors go through the full process of conducting a penetration test and discuss the process fully in relation to the Metasploit framework. Saying that, this book will not make you an expert penetration tester and definitely doesn't substitute for broad reading. What this book definitely does do is give you the skills to get you there using Metasploit.

My only criticism is that this book covers broadly what is available in the online help. However, the authors do cover the framework in an excellent manner in an obvious order allowing even the most novice of security professionals to use the tool well.

Bottom line: this book is excellent light reading if you wish to use the Metasploit framework in a professional manner.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
5.0 out of 5 stars Amazing book 19 July 2013
Format:Paperback|Verified Purchase
This book is simply amazing and if you have an interest in using the MS framework look no further than this release. It does a great job of explaining how and why it works and also a very good guide on the most popular tools within it.

Don`t let the price put you off, you will see in the first 5 minutes of reading that you have invested wisely.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
5.0 out of 5 stars Well done Kindle version 30 Jun 2013
Format:Kindle Edition|Verified Purchase
I already knew Metasploit very well (or so I thought) but I've learnt a lot more through this book. No need to repeat what all the other reviewers have said, this is a well written and easy to understand book.

I bought the Kindle version, in too many cases with technical books the conversion from print to Kindle seems to have been an afterthought, but in this case it's very well done. Recommended.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
5.0 out of 5 stars Great book 16 Feb 2013
By mike
A book for all levels of security specialists.
Covers all topics that are needed for a pen tester.
A must.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
5.0 out of 5 stars Excellent introduction 5 Nov 2011
By Talha
If you're into penetration testing and hacking, and you don't know much about Metasploit and other useful pentesting tools, then this is the place to start. The book does what it promises by being a starters guide to penetration testers, nothing more, nothing less. Experienced testers don't need a guide; you might learn a few things, yes, but don't waste your time and money for the tiny bits of new information you think you might find in it. Also, the book requires you have a basic knowledge of important hacking concepts like buffer overflows, shellcode and assembly language. If you're a total newbie to hacking, try starting out with Hacking: The Art of Exploitation Book/CD Package 2nd Edition, also printed by NoStarch Press.

As for the product, Metasploit is an awesome penetration testing tool by Rapid7, and together with its plugins, auxiliary modules and complementary products, it will be the only thing you need in your hacking adventures. Never again do you have to manually search for exploits or deploy them yourself, so that you can finally concentrate on the job at hand by freeing your hands, instead of wasting time on boring repetitive tasks.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
4.0 out of 5 stars Excellent if slightly scary! 25 Oct 2011
First of all the authors deserve considerable kudos for writing a very readable technical manual. Whenever you open a programming or software manual you run the risk of it being so dry that you are coughing up dust for weeks later. That is certainly not the case here. OK there may be a bit too much pointy-hair speak (entirely too much leveraging of low hanging fruit) but you can happily read several chapters at a time without any sort of pain being involved. There were a couple of presentation issues I had problems with. Firstly I found the screen capture images to be just too small - I couldn't really tell what was going on properly. Of course that may not be a problem to those with younger eyes or stronger glasses but it could cause you issues. Secondly the sections of text from the Metasploit shell jumped about between being the same width as the text or the entire width of the page (text + margins) which I found deeply annoying for some reason. (Note to the publisher - in any reprints please be constant with the format!)

In terms of technical coverage the book is excellent. It starts off with a primer on penetration testing before introducing the Metaspoit framework. The write up of the Metasploit framework itself follows a nicely graded learning curve, describing the framework and data import procedures, tool use and external modules in a logical and progressive way. I picked this book up largely from a security interest point of view and found it for the most part relatively easy to understand. Elements of chapters on module building and exploit porting went a little over my head but I'm not really the target audience for them anyway.
Read more ›
Comment | 
Was this review helpful to you?
Would you like to see more reviews about this item?
Were these reviews helpful?   Let us know
Most Recent Customer Reviews
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category