- Amazon Students Members Get an Extra 10% Off Selected Books Here's how (terms and conditions apply)
Metasploit Penetration Testing Cookbook Paperback – 22 Jun 2012
Save an extra 10% with Amazon Student*
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
There is a newer edition of this item:
Special Offers and Product Promotions
Customers Who Bought This Item Also Bought
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
About the Author
Abhinav Singh is a young Information Security specialist from India. He has a keen interest in the field of hacking and network security. He actively works as a freelancer with several security companies and is a consultant. Currently he is employed as Systems Engineer in Tata Consultancy Services, India. He is an active contributor to the SecurityXploded community. He is well recognized for his blog http://hackingalert.blogspot.com where he shares his encounters with hacking and network security. Abhinav's works have been quoted in several technology magazines and portals.
Top Customer Reviews
I would recommend you buy this book and the Metasploit Pen Testing by Kennedy et al, using them in tandem, if you can afford both.
The Kennedy book is better for beginners and this book, gives more advanced "recipes" to take your skill from beginner to intermediate level.
It covers the Windows 7 infinite loop to crash a machine along with several attacks that you won't find in other books.
It's useful to know how the latest Operating systems can be impacted, even if they are much more secure than XP.
Easy to read.
A couple of daft typo's, but then every technical book has those. :)
I've read a lot of the other pen test books out there, most recently Packts "Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide" and after trying the labs I wanted more. To say I was pleasantly surprised to find Packt had another Pen Test author; Abhinav Singh, up their sleeves was an understatement :)
I'll be honest, I was a little unsure whether the cookbook format would be a good way to learn Pen testing for me, but the book is so well written that I found myself flying through the chapters. I also bought it direct from Packt and so I had it in both kindle and pdf formats which meant I could read it whenever and wherever I wanted.
As per normal it follows the standard pen test book chapter setup of intro, machine setup, recce, exploitation etc. but it covers them in a bit more depth and has a wealth of good screen shots to help guide you through each 'recipe'. I particularly like the fact that both Armitage and SET have chapters of their own and although Armitage has a reputation of Hacking for Dummies, I find it's a very useful tool and Singh covers it well enough without it being an entire book of it's own - now theres an idea..
It's a good book and will find itself staying on my 'book shelf' as a reference, especially as both the code and examples can be downloaded from Packts website for future use and testing.
Most Helpful Customer Reviews on Amazon.com (beta)
The differences between these two books extends beyond format. Singh's book goes beyond a basic coverage of Metasploit and covers additional penetration testing tools such as various scanners and evasion tools. So which book should you buy if you had to pick just one? To me it mostly comes down to personal preference. If you are just learning Metasploit, either should be a great aid in this process. If you want a book you can refer back to later, the Singh book may be slightly more convenient.
The publisher may also be a consideration. The Kennedy book is published by No Starch Press, whereas Singh's book is published by Packt. If you like eBooks you may prefer books from Packt Publishing. Packt provides DRM-free books in both PDF and ePub formats. This can be extremely convenient if you like to read your books on multiple devices. Personally I find myself reading books on my tablet and also keeping a copy on my penetration testing platform as a reference.
Here is a brief table of contents for Singh's book:
Chapter 1: Metasploit Quick Tips for Security Professionals covering: configuration, installation, basic use, and storing results in a database
Chapter 2: Information Gathering and Scanning covering: passive and active gathering, social engineering, scanning, Nessus, NeXpose, and Dradis
Chapter 3: Operating System-based Vulnerability Assessment covering: exploits, Windows XP, remote shells, Windows 2003, Windows 7, Linux, and DLL injection
Chapter 4: Client-side Exploitation and Antivirus bypass covering: IE, Word, Adobe Reader, payloads, and killing anti-virus
Chapter 5: Using Meterpreter to Explore the Compromised Target covering: Meterpreter commands, privilege escalation, communication channels, and snooping on Windows targets
Chapter 6: Advanced Meterpreter Scripting covering: hash dumps, back doors, pivoting, Railgun, pivoting, and killing firewalls
Chapter 7: Working with Modules for Penetration Testing covering: Auxiliary modules, admin modules, SQL injection, post-exploitation, and creating new modules
Chapter 8: Working with Exploits covering: mixins, msfvenum, going from exploit to Metasploit module, and fuzzing
Chapter 9: Working with Armitage covering: Getting started, information gathering, and targeting multiple machines
Chapter 10: Social Engineering Toolkit covering: Installation, configuration, spear-phishing, website attacks, and infectious media generation
To summarize, if you are looking for a Metasploit book in cookbook format than this book would be a good choice.
cross-posted from [..]
I like the Cookbook style however the first part of the book is written in the Cookbook format but it is actually more like a guide or tutorial then a cookbook because the recepies are very much related to each other, hence it is difficult to read just single recepies. On the other hand the second part of the book really follows the original Cookbook idea.
It is actually written in the book that it is from beginners to experienced people. And that is true. I knew metasploit from a average user's point of view but I don't use it everyday, hence the first part was a bit boring for me but the second where it went quite deep into Ruby scripting gave me some interesting new stuff.
The book is good, however most of it can be found on the Internet sometimes in a well made form for free. But if you like to have a book at home (like me) that you can sometimes open when you have a specific problem to solve with Metasploit then it is a good choice. However I haven't read any other books on this topic so I cannot really compare it to anything.
The book does a really good job of providing a beginning foundation with escalating use of difficulty. It was not overly difficult to follow along but I think it's strong point will be in providing reference for different areas in the use of Metasploit.
I really think the book was a stand out in a few areas:
- The quick walk through of what could go wrong during setup and how to potentially fix the issue. The screen shots served as a good reference point of what to expect in that regard. From memory I cannot recall very many technical security books that addressed what could go wrong and the fix(es).
- The use of SSH to help save on memory resources. I think many like to use the Linux UI to get to the Metasploit framework and this is a great alternative to reach Metasploit and really exercise ones command line skillz. (yes, I actually used "z" instead of "s"... Gotta keep street cred Yo!)
- The inclusion of multiple OS's for targeting against. This was great run through as most will only have Windows XP SP2 and a Linux flavor listed. This actually brought the exercises to feel more real. Unfortunately though, it didn't go into more depth on the OS exploitation and felt limited.
- The inclusion of Armitage was a nice surprise, but far to little in comparison to the rest of the Metasploit chapters. The introduction to fast and easy hacking was far to little.
- The introduction to the Social Engineering Toolkit (SET) was nice as well. Again in my opinion, it could've used a little more exposure along with Armitage.
- The "How it works..." sections were nice as well. I know some just want to get it working but there are those of us who want to go deeper into the rabbit hole to understand how and why it works, but alas it seems like there can never be enough information.
Even though the book didn't go as in-depth, the reality is you can't otherwise we'd all be toting 10 lbs. book that could go on for days and days. But I do think that a few of the subjects like Armitage and SET could've been expanded upon a little more as they're are becoming more and more important tools in the security professionals toolkit for finding vulnerabilities and exploiting them. Overall, there are quite a few good books on this subject out there and this is one that should be included on your reference shelf.