Metasploit: The Penetration Tester's Guide and over one million other books are available for Amazon Kindle. Learn more
CDN$ 37.63
  • List Price: CDN$ 63.02
  • You Save: CDN$ 25.39 (40%)
Only 8 left in stock (more on the way).
Ships from and sold by
Gift-wrap available.
Metasploit: The Penetrati... has been added to your Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Metasploit: The Penetration Tester's Guide Paperback – Jul 25 2011

See all 5 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 37.63
CDN$ 35.35 CDN$ 38.03 First Novel Award - 6 Canadian Novels Make the Shortlist

Frequently Bought Together

Metasploit: The Penetration Tester's Guide + Hacking : The Art of Exploitation, 2nd Edition + The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
Price For All Three: CDN$ 102.21

Buy the selected items together

Product Details

  • Paperback: 328 pages
  • Publisher: No Starch Press; 1 edition (July 25 2011)
  • Language: English
  • ISBN-10: 159327288X
  • ISBN-13: 978-1593272883
  • Product Dimensions: 17.8 x 2.9 x 23.5 cm
  • Shipping Weight: 635 g
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: #31,321 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description

About the Author

David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.

Jim O'Gorman is a professional penetration tester with CSC's StrikeForce, a co-founder of, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.

Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.

Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 4 customer reviews
Share your thoughts with other customers

Most helpful customer reviews

1 of 1 people found the following review helpful By Jean-Sebastien B. Miousse on July 29 2013
Format: Paperback Verified Purchase
This book will teach you how to use Metasploit (included in every penetration test Linux distribution such as BackTrack, Kali Linux, BackBox...) starting from A to Z and will also teach you step-by-step typical use of Metasploit such as doing a penetration test. This book not only teach you Metasploit but also all the tools/scripts/programs commonly used with Metasploit such as Nmap, Nessus, Airmon-ng, Aircrack-ng etc... and will lead you to exploit a vulnerable machine and give you a remote shell, encoding and installing trojans and rootkits to maintain persistence all that in the first 100 pages.

If you are a beginner, don't worry, this book will show you the way by teaching you also about the other tools you need to use. If you are an elite hacker this can also be for you if you did not master or don't use and looking to use Metasploit this handbook is the only book you will need to take care of Metasploit.

From beginner to advanced this is the only book you will need to know everything about Metasploit and since Metasploit is updated every other day, the authors wrote it having that in mind so this is really the only book you will ever need and be a Mastersploit!

Note: Please use this book with caution and perform your hacking on computers you have authorization to and/or your own network or even your localhost if you use a virtual machine. Hacking should always be performed in an ethical way.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
1 of 1 people found the following review helpful By Brian Kanis on March 1 2013
Format: Paperback Verified Purchase
Exactly what I needed to learn more about Metasploit. Package came quickly, package size was appropriate, and the product is amazing!
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback
Very useful book for learning the Metasploit Framework.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
By ALAIN AUBE on April 12 2015
Format: Paperback Verified Purchase
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most Helpful Customer Reviews on (beta) 94 reviews
36 of 38 people found the following review helpful
"Metasploit - The Penetration Tester's Guide" by Mati Aharoni, Devon Kearns, Jim O'Gorman, David Kennedy; No Starch Press Dec 5 2011
By Joe Colantonio - Published on
Format: Paperback
I'm an accomplished test automation/performance engineer, but one area of testing that I'm pretty green at is penetration testing. Luckily, I came across Metasploit: The Penetration Tester's Guide, which is a book about penetration testing using the opensource Metasploit Framework testing and is a great introduction to security testing in general. Since I'm a complete novice when it comes to Metasploit, the book was great for getting me started with the basics of the framework. (A more experience Metasploit user, however, will probably want to read something a bit more advanced.)

The book assumes the reader has zero experience, and begins with a brief history of Metasploit and how to install it. Although you don't need to be a programmer to read it, most of the examples are written in Ruby and Python. You should also be familiar with Linux and how to set up VMs.

Overall, the book is written with a hands-on, tutorial-like style that is great for people like me who prefer to learn by doing. The book is a progression, beginning by establishing the methodologies/phases and terminology of penetration testing and an intro to the utilities and functions within the Metasploit framework. The first few chapters are a great help in getting up to speed on what penetration testing is and provide a nice overview of the different phases of a penetration test. The author then walks you through how to identify different types of vulnerabilities and how to exploit them using the tool. I really liked the sections on how to attack MS SQL, Browser-Based & File exploits and Social Engineering attacks. Many different modules of the framework are covered, as well as how to create a module. The book ends with a realistic simulation of an actual penetration test.

The author states that the book is "designed to teach you everything from the fundamentals of the Framework to advanced techniques in exploitation," and I believe the author excels in fulfilling that goal.

Note: I received a free copy of this book as part of the O'Reilly Blogger Review program.

Joe Colantonio
18 of 19 people found the following review helpful
A worth reading book for introducing the framework to beginers. Jan. 27 2012
By Roberto Medina - Published on
Format: Paperback Verified Purchase
The book covers the basics of using Metasploit with other related tools (SET and Fast-Track). If the reader is expecting to become a penetration tester expert by reading this book then I will say that the expectations are wrong. The author has managed to put in a single book the methodology used for penetration testing, named as PTES (Penetration Testing Execution Standard) and described as the redefined methodology for penetration testing and a general overview of the Metasploit framework, how it works, how is composed and how you can leverage the power of using this framework to make adaptations in different situations or scenarios. Also the author has recalled the fact that every situation is different and the penetration tester should deal with obstacles that he may find in the way to exploit a system.

The author begins the book by describing the PTES methodology and also referring the user to the penetration standard organization website in order to get more information (for people that are new in penetration testing). Then the author moves on with the metasploit basics, explaining the terminology and how the framework is composed. It also makes a brief explanation about Metasploit Express and Metasploit Pro. In the Chapter 2 the book deals with an important step (information gathering), if not the most important, when conducting a penetration test. People tend to overlook this step because sometimes it will not have the "expected" fun necessary but users should understand that the success of exploiting a system is the time spent on gathering information of the target. The information gathering process, in this book, covers the identification of the target and the discovery of different applications or possible attack vectors. In the very beginning of the book, in chapter 2, the author explain briefly how to import databases from other tools such as vulnerability scanners in order to conduct exploits with some kind of automation. Some people will remember the autopwn option in Metasploit, this option is not longer available anymore in the framework (the framework changes everytime). I really don't know the reason why. But, as to import hosts and related information from Nessus, Nexpose, nmap will be very helpful for the penetration tester.

The complexity will be a little bit higher with every new chapter. I think that more than explaining every single module, structure and syntax of commands of the framework the author has focused on how it works and set us the basics in order to get more experience in the tool by discovering what can we do with it, how we can add our features or modules and how we can use the framework with other tools such as SET and Fast-Track. I found useful the way the user explain how to create our own auxiliary, exploit modules within the framework using Ruby as the programming language(you will need some basics in programming in order to get the most of these chapters). The use of the mixins, the structure of the coding is something you will have to pay attention if you want to develop your own modules and tools within Metasploit. In chapter 8 the author begins with the interesting part. He explains the client-side attacks and introduces us to terms such as the heap and the other chapters will deal a little bit more with the stack. The reader must have some understanding of how you can perform a buffer overflow, how you can insert your code after exploiting a given application and how to introduce some stealth in your code in order to get around of the IPS, IDS and AV solutions. The author also explains the use of encoders in order to bypass security solutions. By the way, I have to mention that the meterpreter payload is detectable in a lot of security solutions so that's why the author encourages the reader to be more creative at the moment of target exploitation.

In conclusion, the book is a good one for beginners and to understand what the Metasploit framework is and how you can use it. Most of the material can be found in the project website but not at the same detail level as the book. The book will show you the basics of the framework, don't expect to become an expert after this. The basis will help you to understand how to leverage the functionality of the tool and how to create your own code, workaround some difficulties in the process and most of all encourage people to contribute to the tool. There are some things that the author assumes that the reader should know and therefore some chapters can become some confusing. But, take the references and give you the opportunity to practice with the tool and surely in the future you will manage to port exploits from other sources and develop your own code.
10 of 10 people found the following review helpful
Definitive Metasploit reference Jan. 3 2012
By Ben Rothke - Published on
Format: Paperback
People who design networks or build software applications are often oblivious to security faults that their designs may have. Those serious about information security will perform or will have an outside firm perform a penetration test--which is a way to evaluate how effective the security of a network or application is. Those performing a penetration test will imitate what an attacker would do in an adversarial situation to see how the system holds up.

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing. For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester's Guide is a valuable aid. Metasploit itself is an extremely powerful tool, but it is not an intui-tive piece of software.

While there's documentation on Metasploit available at the project Web site, the authors use the book to help the reader become more fluent in how to use the base Metasploit meth­odology to be an effective penetration tester.

The first two chapters provide an introduction to penetration testing and Metasploit. By chapter four, the reader is deep in the waters of penetration testing. The book progressively advances in complexity. And by the time the reader finishes chapter 17, he or she should have a high comfort level on how to use Metasploit.

The book is meant for someone who is technical and needs to be hands-on with Metasploit and really understand it. For firms that are looking to do their own penetration testing, Metasploit is a free open-source tool, also used by firms that charge for the service.

For those looking to jump on the Meta­sploit bandwagon, this book is a great way to do that.
4 of 4 people found the following review helpful
A must-have reference for Metasploit! March 6 2012
By George Romano - Published on
Format: Paperback
I was recently given the opportunity to review a copy of Metasploit: The Penetration Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni.

This book, which is published by No Starch Press, opens with a hearty recommendation by HD Moore, the creator of the Metasploit Framework, then continues with an introduction to penetration testing and the history of the Metasploit.

The fact that this book thoroughly covers a tool that changes daily is a credit to the authors, who as leaders in their field, strive to provide relevant information and instruction without becoming outdated before the book is purchased.

From the basics and phases of penetration testing and probing a network to building your own modules and creating your own exploits, this book has it all. Granted with such a wide base, it is difficult to really dive deep on so many topics, but this book covers different many scenarios and touches on the major features and functionality, all while showing the ease of using the tool. This is a plus, as it seems that with a tool as robust as Metasploit that it would be very easy to get caught up in the the details of individual settings and features, but luckily this is not the case here.

In addition to all of the topics covered, specific sections such as the ones on Meterpreter, the Social Engineering Toolkit and Fast-Track, help to cement the knowledge of reconnaissance, enumeration and various attack vectors and are very informative.

Lastly, the information contained in the two appendices in the back of the book puts a bow on this nicely wrapped present. Appendix A helps you get a target environment, including MS SQL Server, up and running. For me, this helps ties everything nicely together as it's impossible to understand the Metasploit Framework from a penetration testing perspective without actually having hand-on experience. Appendix B is a listing of the most frequently used commands for Metasploit's interfaces and utilities and serves as a good quick reference.

All in all, Metasploit: The Penetration Tester's Guide is an invaluable resource to get those that are new to this tool up and running while also providing experts with a great resource to turn to when help or ideas are needed. One can pick up this book and quickly gain a firm understanding of penetration testing methodology and thought processes as well as quickly come up to speed on the best security tool currently available.
4 of 4 people found the following review helpful
A Must April 28 2013
By Daniel Gligorov - Published on
Format: Paperback
This is a must book for anybody out there in security filed! You can be beginner in security to understand it, its written so simple, but you have to be advanced in Systems and Networking to understand what you are doing. No need of programing experience at all, except for a single chapter, but if you are not interested in developing exploits but just using available ones you can skip that chapter. I cant say if its better or not with Metasploit Penetration Testing Cookbook book, they are very similar, but I can say these two books are only two book you need to read to understand Metasploit Framework.