Close Modal
0 0
Download high-resolution image Look inside

Metasploit, 2nd Edition

Author David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham
Look inside
Paperback
$59.99 US
No Starch | No Starch Press
7.13"W x 9.31"H x 0.61"D   (18.1 x 23.6 x 1.5 cm) | 19 oz (539 g) | 24 per carton
On sale Jan 28, 2025 | 288 Pages | 9781718502987
Sales rights: World
Add to cart Add to list Exam Copies

View on Edelweiss
Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread
The new and improved guide to penetration testing using the legendary Metasploit Framework.

Metasploit: The Penetration Tester’s Guide has been the definitive security assessment resource for over a decade. The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless, but using it can be challenging for newcomers.

Written by renowned ethical hackers and industry experts, this fully updated second edition includes:

  • Advanced Active Directory and cloud penetration testing
  • Modern evasion techniques and payload encoding
  • Malicious document generation for client-side exploitation
  • Coverage of recently added modules and commands 

Starting with Framework essentials—exploits, payloads, Meterpreter, and auxiliary modules—you’ll progress to advanced methodologies aligned with the Penetration Test Execution Standard (PTES). Through real-world examples and simulated penetration tests, you’ll:

  • Conduct network reconnaissance and analyze vulnerabilities
  • Execute wireless network and social engineering attacks
  • Perform post-exploitation techniques, including privilege escalation
  • Develop custom modules in Ruby and port existing exploits
  • Use MSFvenom to evade detection
  • Integrate with Nmap, Nessus, and the Social-Engineer Toolkit

Whether you’re a cybersecurity professional, ethical hacker, or IT administrator, this second edition of Metasploit: The Penetration Tester’s Guide is your key to staying ahead in the ever-evolving threat landscape.
"Metasploit, 2nd Edition is a solid update to a book that’s been a staple in the infosec community."
—Help Net Security

"This is an excellent book to help familiarize testers with one of the most popular security tools ever created. It will help guide you through familiar concepts and how they integrate into the broader security framework of Metasploit. An absolutely fantastic addition to any penetration tester's bookshelf."
—Menachem Rothbart, Principal Security Consultant, Hacker, OSCE3

"The Metasploit Framework has enrichments and features that can enhance your offensive security journey, and they're all covered in this book. Many users are acquainted with the pre-built exploitation and initial access use cases covered in the first edition, but this update includes new vulnerabilities, their associated modules, and the new frontier of cloud penetration testing. A practitioner's toolkit and environment may change, but the methodology remains the same."
—Billy Trobbiani, @billycontra, Red Team Engineer at Toast, Inc.

"Not just another Metasploit tutorial. The second edition of this comprehensive book walks you through each stage of a simulated penetration test, and shows you how to use Metasploit to its full potential. Plus, it is logically ordered and easy to follow."
—Andy “ApexPredator” Poole, OSEE, GSE

"[P]rovides invaluable insights for penetration testers seeking to enhance their skills and understanding using Metasploit. However, its benefits extend beyond penetration testers. In contrast, blue teamers can also leverage the same techniques and knowledge in this book to go behind enemy lines and identify gaps in their own security controls before they can be exploited by attackers using the same toolset."
—Josh Tristram, @jdtristram, Healthcare Blue Teamer

"An easy read that is more than a metasploit book. It covers beginner and intermediate concepts anyone interested in the offensive side of security should understand."
—Dave Curtin, security consultant, LRQA
Dave Kennedy, founder of Binary Defense and TrustedSec, is a cybersecurity leader who advised on the Emmy-winning series Mr. Robot. Mati Aharoni, OffSec founder, is a veteran penetration tester who has uncovered major security flaws. Devon Kearns co-founded the Exploit Database and Kali Linux. Jim O’Gorman heads the Kali Linux project at OffSec. Daniel G. Graham is a professor of computer science at the University of Virginia and a former program manager at Microsoft.
David Kennedy View titles by David Kennedy
Mati Aharoni View titles by Mati Aharoni
Devon Kearns View titles by Devon Kearns
Jim O'Gorman View titles by Jim O'Gorman
Daniel G. Graham View titles by Daniel G. Graham
Available for sale exclusive:
•     Afghanistan
•     Aland Islands
•     Albania
•     Algeria
•     Andorra
•     Angola
•     Anguilla
•     Antarctica
•     Antigua/Barbuda
•     Argentina
•     Armenia
•     Aruba
•     Australia
•     Austria
•     Azerbaijan
•     Bahamas
•     Bahrain
•     Bangladesh
•     Barbados
•     Belarus
•     Belgium
•     Belize
•     Benin
•     Bermuda
•     Bhutan
•     Bolivia
•     Bonaire, Saba
•     Bosnia Herzeg.
•     Botswana
•     Bouvet Island
•     Brazil
•     Brit.Ind.Oc.Ter
•     Brit.Virgin Is.
•     Brunei
•     Bulgaria
•     Burkina Faso
•     Burundi
•     Cambodia
•     Cameroon
•     Canada
•     Cape Verde
•     Cayman Islands
•     Centr.Afr.Rep.
•     Chad
•     Chile
•     China
•     Christmas Islnd
•     Cocos Islands
•     Colombia
•     Comoro Is.
•     Congo
•     Cook Islands
•     Costa Rica
•     Croatia
•     Cuba
•     Curacao
•     Cyprus
•     Czech Republic
•     Dem. Rep. Congo
•     Denmark
•     Djibouti
•     Dominica
•     Dominican Rep.
•     Ecuador
•     Egypt
•     El Salvador
•     Equatorial Gui.
•     Eritrea
•     Estonia
•     Ethiopia
•     Falkland Islnds
•     Faroe Islands
•     Fiji
•     Finland
•     France
•     Fren.Polynesia
•     French Guinea
•     Gabon
•     Gambia
•     Georgia
•     Germany
•     Ghana
•     Gibraltar
•     Greece
•     Greenland
•     Grenada
•     Guadeloupe
•     Guam
•     Guatemala
•     Guernsey
•     Guinea Republic
•     Guinea-Bissau
•     Guyana
•     Haiti
•     Heard/McDon.Isl
•     Honduras
•     Hong Kong
•     Hungary
•     Iceland
•     India
•     Indonesia
•     Iran
•     Iraq
•     Ireland
•     Isle of Man
•     Israel
•     Italy
•     Ivory Coast
•     Jamaica
•     Japan
•     Jersey
•     Jordan
•     Kazakhstan
•     Kenya
•     Kiribati
•     Kuwait
•     Kyrgyzstan
•     Laos
•     Latvia
•     Lebanon
•     Lesotho
•     Liberia
•     Libya
•     Liechtenstein
•     Lithuania
•     Luxembourg
•     Macau
•     Macedonia
•     Madagascar
•     Malawi
•     Malaysia
•     Maldives
•     Mali
•     Malta
•     Marshall island
•     Martinique
•     Mauritania
•     Mauritius
•     Mayotte
•     Mexico
•     Micronesia
•     Minor Outl.Ins.
•     Moldavia
•     Monaco
•     Mongolia
•     Montenegro
•     Montserrat
•     Morocco
•     Mozambique
•     Myanmar
•     Namibia
•     Nauru
•     Nepal
•     Netherlands
•     New Caledonia
•     New Zealand
•     Nicaragua
•     Niger
•     Nigeria
•     Niue
•     Norfolk Island
•     North Korea
•     North Mariana
•     Norway
•     Oman
•     Pakistan
•     Palau
•     Palestinian Ter
•     Panama
•     PapuaNewGuinea
•     Paraguay
•     Peru
•     Philippines
•     Pitcairn Islnds
•     Poland
•     Portugal
•     Puerto Rico
•     Qatar
•     Reunion Island
•     Romania
•     Russian Fed.
•     Rwanda
•     S. Sandwich Ins
•     Saint Martin
•     Samoa,American
•     San Marino
•     SaoTome Princip
•     Saudi Arabia
•     Senegal
•     Serbia
•     Seychelles
•     Sierra Leone
•     Singapore
•     Sint Maarten
•     Slovakia
•     Slovenia
•     Solomon Islands
•     Somalia
•     South Africa
•     South Korea
•     South Sudan
•     Spain
•     Sri Lanka
•     St Barthelemy
•     St. Helena
•     St. Lucia
•     St. Vincent
•     St.Chr.,Nevis
•     St.Pier,Miquel.
•     Sth Terr. Franc
•     Sudan
•     Suriname
•     Svalbard
•     Swaziland
•     Sweden
•     Switzerland
•     Syria
•     Tadschikistan
•     Taiwan
•     Tanzania
•     Thailand
•     Timor-Leste
•     Togo
•     Tokelau Islands
•     Tonga
•     Trinidad,Tobago
•     Tunisia
•     Turkey
•     Turkmenistan
•     Turks&Caicos Is
•     Tuvalu
•     US Virgin Is.
•     USA
•     Uganda
•     Ukraine
•     Unit.Arab Emir.
•     United Kingdom
•     Uruguay
•     Uzbekistan
•     Vanuatu
•     Vatican City
•     Venezuela
•     Vietnam
•     Wallis,Futuna
•     West Saharan
•     Western Samoa
•     Yemen
•     Zambia
•     Zimbabwe
Foreword by HD Moore
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Fundamentals
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Analysis
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Client-Side Attacks
Chapter 9: Auxiliary Modules
Chapter 10: Social Engineering
Chapter 11: Wireless Attacks
Chapter 12: Porting Exploits to the Framework
Chapter 13: Building Your Own Modules
Chapter 14: Creating Your Own Exploits
Chapter 15: Simulated Penetration Test
Chapter 16: Pentesting the Cloud
Appendix A: Configuring Your Lab Environment
Appendix B: Cheat Sheet

Photos

Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread
Interior Spread

About

The new and improved guide to penetration testing using the legendary Metasploit Framework.

Metasploit: The Penetration Tester’s Guide has been the definitive security assessment resource for over a decade. The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless, but using it can be challenging for newcomers.

Written by renowned ethical hackers and industry experts, this fully updated second edition includes:

  • Advanced Active Directory and cloud penetration testing
  • Modern evasion techniques and payload encoding
  • Malicious document generation for client-side exploitation
  • Coverage of recently added modules and commands 

Starting with Framework essentials—exploits, payloads, Meterpreter, and auxiliary modules—you’ll progress to advanced methodologies aligned with the Penetration Test Execution Standard (PTES). Through real-world examples and simulated penetration tests, you’ll:

  • Conduct network reconnaissance and analyze vulnerabilities
  • Execute wireless network and social engineering attacks
  • Perform post-exploitation techniques, including privilege escalation
  • Develop custom modules in Ruby and port existing exploits
  • Use MSFvenom to evade detection
  • Integrate with Nmap, Nessus, and the Social-Engineer Toolkit

Whether you’re a cybersecurity professional, ethical hacker, or IT administrator, this second edition of Metasploit: The Penetration Tester’s Guide is your key to staying ahead in the ever-evolving threat landscape.

Praise

"Metasploit, 2nd Edition is a solid update to a book that’s been a staple in the infosec community."
—Help Net Security

"This is an excellent book to help familiarize testers with one of the most popular security tools ever created. It will help guide you through familiar concepts and how they integrate into the broader security framework of Metasploit. An absolutely fantastic addition to any penetration tester's bookshelf."
—Menachem Rothbart, Principal Security Consultant, Hacker, OSCE3

"The Metasploit Framework has enrichments and features that can enhance your offensive security journey, and they're all covered in this book. Many users are acquainted with the pre-built exploitation and initial access use cases covered in the first edition, but this update includes new vulnerabilities, their associated modules, and the new frontier of cloud penetration testing. A practitioner's toolkit and environment may change, but the methodology remains the same."
—Billy Trobbiani, @billycontra, Red Team Engineer at Toast, Inc.

"Not just another Metasploit tutorial. The second edition of this comprehensive book walks you through each stage of a simulated penetration test, and shows you how to use Metasploit to its full potential. Plus, it is logically ordered and easy to follow."
—Andy “ApexPredator” Poole, OSEE, GSE

"[P]rovides invaluable insights for penetration testers seeking to enhance their skills and understanding using Metasploit. However, its benefits extend beyond penetration testers. In contrast, blue teamers can also leverage the same techniques and knowledge in this book to go behind enemy lines and identify gaps in their own security controls before they can be exploited by attackers using the same toolset."
—Josh Tristram, @jdtristram, Healthcare Blue Teamer

"An easy read that is more than a metasploit book. It covers beginner and intermediate concepts anyone interested in the offensive side of security should understand."
—Dave Curtin, security consultant, LRQA

Author

Dave Kennedy, founder of Binary Defense and TrustedSec, is a cybersecurity leader who advised on the Emmy-winning series Mr. Robot. Mati Aharoni, OffSec founder, is a veteran penetration tester who has uncovered major security flaws. Devon Kearns co-founded the Exploit Database and Kali Linux. Jim O’Gorman heads the Kali Linux project at OffSec. Daniel G. Graham is a professor of computer science at the University of Virginia and a former program manager at Microsoft.
David Kennedy View titles by David Kennedy
Mati Aharoni View titles by Mati Aharoni
Devon Kearns View titles by Devon Kearns
Jim O'Gorman View titles by Jim O'Gorman
Daniel G. Graham View titles by Daniel G. Graham

Rights

Available for sale exclusive:
•     Afghanistan
•     Aland Islands
•     Albania
•     Algeria
•     Andorra
•     Angola
•     Anguilla
•     Antarctica
•     Antigua/Barbuda
•     Argentina
•     Armenia
•     Aruba
•     Australia
•     Austria
•     Azerbaijan
•     Bahamas
•     Bahrain
•     Bangladesh
•     Barbados
•     Belarus
•     Belgium
•     Belize
•     Benin
•     Bermuda
•     Bhutan
•     Bolivia
•     Bonaire, Saba
•     Bosnia Herzeg.
•     Botswana
•     Bouvet Island
•     Brazil
•     Brit.Ind.Oc.Ter
•     Brit.Virgin Is.
•     Brunei
•     Bulgaria
•     Burkina Faso
•     Burundi
•     Cambodia
•     Cameroon
•     Canada
•     Cape Verde
•     Cayman Islands
•     Centr.Afr.Rep.
•     Chad
•     Chile
•     China
•     Christmas Islnd
•     Cocos Islands
•     Colombia
•     Comoro Is.
•     Congo
•     Cook Islands
•     Costa Rica
•     Croatia
•     Cuba
•     Curacao
•     Cyprus
•     Czech Republic
•     Dem. Rep. Congo
•     Denmark
•     Djibouti
•     Dominica
•     Dominican Rep.
•     Ecuador
•     Egypt
•     El Salvador
•     Equatorial Gui.
•     Eritrea
•     Estonia
•     Ethiopia
•     Falkland Islnds
•     Faroe Islands
•     Fiji
•     Finland
•     France
•     Fren.Polynesia
•     French Guinea
•     Gabon
•     Gambia
•     Georgia
•     Germany
•     Ghana
•     Gibraltar
•     Greece
•     Greenland
•     Grenada
•     Guadeloupe
•     Guam
•     Guatemala
•     Guernsey
•     Guinea Republic
•     Guinea-Bissau
•     Guyana
•     Haiti
•     Heard/McDon.Isl
•     Honduras
•     Hong Kong
•     Hungary
•     Iceland
•     India
•     Indonesia
•     Iran
•     Iraq
•     Ireland
•     Isle of Man
•     Israel
•     Italy
•     Ivory Coast
•     Jamaica
•     Japan
•     Jersey
•     Jordan
•     Kazakhstan
•     Kenya
•     Kiribati
•     Kuwait
•     Kyrgyzstan
•     Laos
•     Latvia
•     Lebanon
•     Lesotho
•     Liberia
•     Libya
•     Liechtenstein
•     Lithuania
•     Luxembourg
•     Macau
•     Macedonia
•     Madagascar
•     Malawi
•     Malaysia
•     Maldives
•     Mali
•     Malta
•     Marshall island
•     Martinique
•     Mauritania
•     Mauritius
•     Mayotte
•     Mexico
•     Micronesia
•     Minor Outl.Ins.
•     Moldavia
•     Monaco
•     Mongolia
•     Montenegro
•     Montserrat
•     Morocco
•     Mozambique
•     Myanmar
•     Namibia
•     Nauru
•     Nepal
•     Netherlands
•     New Caledonia
•     New Zealand
•     Nicaragua
•     Niger
•     Nigeria
•     Niue
•     Norfolk Island
•     North Korea
•     North Mariana
•     Norway
•     Oman
•     Pakistan
•     Palau
•     Palestinian Ter
•     Panama
•     PapuaNewGuinea
•     Paraguay
•     Peru
•     Philippines
•     Pitcairn Islnds
•     Poland
•     Portugal
•     Puerto Rico
•     Qatar
•     Reunion Island
•     Romania
•     Russian Fed.
•     Rwanda
•     S. Sandwich Ins
•     Saint Martin
•     Samoa,American
•     San Marino
•     SaoTome Princip
•     Saudi Arabia
•     Senegal
•     Serbia
•     Seychelles
•     Sierra Leone
•     Singapore
•     Sint Maarten
•     Slovakia
•     Slovenia
•     Solomon Islands
•     Somalia
•     South Africa
•     South Korea
•     South Sudan
•     Spain
•     Sri Lanka
•     St Barthelemy
•     St. Helena
•     St. Lucia
•     St. Vincent
•     St.Chr.,Nevis
•     St.Pier,Miquel.
•     Sth Terr. Franc
•     Sudan
•     Suriname
•     Svalbard
•     Swaziland
•     Sweden
•     Switzerland
•     Syria
•     Tadschikistan
•     Taiwan
•     Tanzania
•     Thailand
•     Timor-Leste
•     Togo
•     Tokelau Islands
•     Tonga
•     Trinidad,Tobago
•     Tunisia
•     Turkey
•     Turkmenistan
•     Turks&Caicos Is
•     Tuvalu
•     US Virgin Is.
•     USA
•     Uganda
•     Ukraine
•     Unit.Arab Emir.
•     United Kingdom
•     Uruguay
•     Uzbekistan
•     Vanuatu
•     Vatican City
•     Venezuela
•     Vietnam
•     Wallis,Futuna
•     West Saharan
•     Western Samoa
•     Yemen
•     Zambia
•     Zimbabwe

Table of Contents

Foreword by HD Moore
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Fundamentals
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Analysis
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Client-Side Attacks
Chapter 9: Auxiliary Modules
Chapter 10: Social Engineering
Chapter 11: Wireless Attacks
Chapter 12: Porting Exploits to the Framework
Chapter 13: Building Your Own Modules
Chapter 14: Creating Your Own Exploits
Chapter 15: Simulated Penetration Test
Chapter 16: Pentesting the Cloud
Appendix A: Configuring Your Lab Environment
Appendix B: Cheat Sheet

Other Books by this Author

Penguin Random House International Sales

© 2025 Penguin Random House

Back to Top
0
    • 0
    Wish List (0)