Shop now Shop now Shop now Shop Black Friday Deals Week in Fashion Cloud Drive Photos Shop now Amazon Fire TV Shop now DIYED Shop now Shop Fire Shop Kindle Paperwhite Listen in Prime Shop now Shop now

Customer Reviews

4.6 out of 5 stars20
4.6 out of 5 stars
Format: PaperbackChange
Price:£26.80+ Free shipping with Amazon Prime
Your rating(Clear)Rate this item

There was a problem filtering reviews right now. Please try again later.

10 of 10 people found the following review helpful
on 1 December 2011
I've always been interested in penetration testing but oddly enough, I had never used metasploit. So a few weeks ago I bought this book and another one about Metasploit by Syngress. I started with the Syngress one, and it was OK but it was terribly outdated so I literally had to throw it away. This one from NoStarch is a completely different story. For starters, I did a background check on the authors. I was glad to find that some of them are key members of the BackTrack Linux distro, which I'm particularly fond of. The others are well respected professionals of the information security community and have spoken at cons like Blackhat or Defcon.

So considering the experience of the authors I had high expectations and I have to say that they were surpassed.

The book starts off with a nice introduction to Penetration Testing where it explains the different phases of the process and the types of pentests. Then goes on to introduce the actual metasploit framework, covering the basic terminology, the available interfaces and the most important companion tools (msfpayload, msfencode, and so on). However, the fun begins after the introduction, where the authors show how to use metasploit to conduct a penetration test. They divide the process into three phases: intelligence gathering, vulnerability scanning and exploitation. They guide the reader through several step-by-step examples, each one demonstrating different techniques and components. The chapter on the meterpreter is specially detailed and interesting.

Apart from the basic find-a-vuln-and-exploit-it, the book also covers advanced topics such as detection avoidance, client-side attacks or social engineering. It even shows how to hack the framework and build your own modules and exploits.

Summing up... I really liked the book, I think it's worth every penny. I wanted to learn how to use metasploit and I did it. Of course, the book does not cover every single exploit and module available but it does a great job at at teaching you how to use metasploit to conduct a penetration test and compromise the security of your systems.
0CommentWas this review helpful to you?YesNoReport abuse
7 of 7 people found the following review helpful
on 23 August 2011
This book is exactly what you expect from start to finish if you are judging by the title. The authors go through the full process of conducting a penetration test and discuss the process fully in relation to the Metasploit framework. Saying that, this book will not make you an expert penetration tester and definitely doesn't substitute for broad reading. What this book definitely does do is give you the skills to get you there using Metasploit.

My only criticism is that this book covers broadly what is available in the online help. However, the authors do cover the framework in an excellent manner in an obvious order allowing even the most novice of security professionals to use the tool well.

Bottom line: this book is excellent light reading if you wish to use the Metasploit framework in a professional manner.
0CommentWas this review helpful to you?YesNoReport abuse
2 of 2 people found the following review helpful
on 5 November 2011
If you're into penetration testing and hacking, and you don't know much about Metasploit and other useful pentesting tools, then this is the place to start. The book does what it promises by being a starters guide to penetration testers, nothing more, nothing less. Experienced testers don't need a guide; you might learn a few things, yes, but don't waste your time and money for the tiny bits of new information you think you might find in it. Also, the book requires you have a basic knowledge of important hacking concepts like buffer overflows, shellcode and assembly language. If you're a total newbie to hacking, try starting out with Hacking: The Art of Exploitation Book/CD Package 2nd Edition, also printed by NoStarch Press.

As for the product, Metasploit is an awesome penetration testing tool by Rapid7, and together with its plugins, auxiliary modules and complementary products, it will be the only thing you need in your hacking adventures. Never again do you have to manually search for exploits or deploy them yourself, so that you can finally concentrate on the job at hand by freeing your hands, instead of wasting time on boring repetitive tasks.
0CommentWas this review helpful to you?YesNoReport abuse
1 of 1 people found the following review helpful
on 30 June 2013
I already knew Metasploit very well (or so I thought) but I've learnt a lot more through this book. No need to repeat what all the other reviewers have said, this is a well written and easy to understand book.

I bought the Kindle version, in too many cases with technical books the conversion from print to Kindle seems to have been an afterthought, but in this case it's very well done. Recommended.
0CommentWas this review helpful to you?YesNoReport abuse
1 of 1 people found the following review helpful
on 19 July 2013
This book is simply amazing and if you have an interest in using the MS framework look no further than this release. It does a great job of explaining how and why it works and also a very good guide on the most popular tools within it.

Don`t let the price put you off, you will see in the first 5 minutes of reading that you have invested wisely.
0CommentWas this review helpful to you?YesNoReport abuse
4 of 5 people found the following review helpful
on 25 October 2011
First of all the authors deserve considerable kudos for writing a very readable technical manual. Whenever you open a programming or software manual you run the risk of it being so dry that you are coughing up dust for weeks later. That is certainly not the case here. OK there may be a bit too much pointy-hair speak (entirely too much leveraging of low hanging fruit) but you can happily read several chapters at a time without any sort of pain being involved. There were a couple of presentation issues I had problems with. Firstly I found the screen capture images to be just too small - I couldn't really tell what was going on properly. Of course that may not be a problem to those with younger eyes or stronger glasses but it could cause you issues. Secondly the sections of text from the Metasploit shell jumped about between being the same width as the text or the entire width of the page (text + margins) which I found deeply annoying for some reason. (Note to the publisher - in any reprints please be constant with the format!)

In terms of technical coverage the book is excellent. It starts off with a primer on penetration testing before introducing the Metaspoit framework. The write up of the Metasploit framework itself follows a nicely graded learning curve, describing the framework and data import procedures, tool use and external modules in a logical and progressive way. I picked this book up largely from a security interest point of view and found it for the most part relatively easy to understand. Elements of chapters on module building and exploit porting went a little over my head but I'm not really the target audience for them anyway. As a final icing to a very good book, there are some excellent touches such as a final wrap up chapter which runs through the entire penetration testing process so you get more than just a series of technical chapters and a command cheat sheet. If only all technical books were as well written, readable and informative. Even if you are approaching Metasploit from a similar interest rather than professional background I would highly recommend this book for its easy reading layout, excellent chapters on intelligence gathering, vulnerability scanning and social engineering and overall high quality.
0CommentWas this review helpful to you?YesNoReport abuse
on 15 May 2014
Ok, so you've most likely found yourself here because you're looking for a book on Metasploit...

Firstly; DO NOT be put off by the price! It is worth every single penny.

Secondly; if you want a book on Metasploit; why would you even consider anything else?! When you research the people who've written this (David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni), then you realise that you're getting a book written by arguably some of the most experienced people in the world.

Metasploit is a hugely powerful framework, capable of sooo much. I thought I knew Metasploit *reasonably* well, until this book arrived!

It's clear, concise, well written and a great way to learn about one of the world's most powerful hacking tools.

Highly, highly recommended for anyone serious about learning Metasploit.
0CommentWas this review helpful to you?YesNoReport abuse
1 of 1 people found the following review helpful
on 16 February 2013
A book for all levels of security specialists.
Covers all topics that are needed for a pen tester.
A must.
0CommentWas this review helpful to you?YesNoReport abuse
on 30 September 2011
Authors have done an excellent job breaking down the topics to small enough pieces so the user can digest easily. Even for someone who's been using the framework for a while, this book gives fair few "I didn't know that" moments. If you haven't touched the framework before, this will guide you through each step helping you having a good understanding.
0CommentWas this review helpful to you?YesNoReport abuse
on 12 March 2014
I bought this book looking for a broad introduction to Metasploit Framework and it's capabilities (having heard lots about it, but never used it) and it did that and more.

The examples (which can be tested in your own "lab" environment setup as described in one of the books appendices) really help illustrate what you've read.
0CommentWas this review helpful to you?YesNoReport abuse
Customers who viewed this item also viewed
Rtfm: Red Team Field Manual
Rtfm: Red Team Field Manual by Ben Clark (Paperback - 11 Feb. 2014)


Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.

Sponsored Links

  (What is this?)
The Market Leader in Vulnerability Management. Try Qualys Free Now!
Evaluate & Improve Your Network Security With A Pen Test. Call us!
Integrated Penetration Testing And Vulnerability Scanning From SAINT!