The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to: -Find and exploit unmaintained, misconfigured, and unpatched systems -Perform reconnaissance and find valuable information about your target -Bypass anti-virus technologies and circumvent security controls -Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery -Use the Meterpreter shell to launch further attacks from inside the network -Harness standalone Metasploit utilities, third-party tools, and plug-ins -Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

How to identify and exploit security vulnerabilities with Metasploit, the world's most popular penetration testing framework. Metasploit is used by security professionals everywhere No competing titles for the current generation of Metasploit Endorsed by Rapid7, the developers of Metasploit High-profile authors maintain popular online Metasploit tutorial

Chapter 1: The Absolute Basics of Penetration TestingChapter 2: Metasploit BasicsChapter 3: Intelligence GatheringChapter 4: Vulnerability ScanningChapter 5: The Joy of ExploitationChapter 6: MeterpreterChapter 7: Avoiding DetectionChapter 8: Exploitation Using Client-side AttacksChapter 9: Metasploit Auxiliary ModulesChapter 10: The Social-Engineer ToolkitChapter 11: Fast-TrackChapter 13: Building Your Own ModuleChapter 14: Creating Your Own ExploitsChapter 15: Porting Exploits to the Metasploit FrameworkChapter 16: Meterpreter ScriptingChapter 17: Simulated Penetration TestAppendix A: Configuring Your Target MachinesAppendix B: Cheat Sheet