Back
Blog

Metasploit The Penetration Tester’s Guide Book Review

Automation Testing Published on:
Code Hacker

I'm an accomplished test automation/performance engineer, but one area of testing that I'm pretty green at is penetration testing.

Luckily, I came across Metasploit: The Penetration Tester's Guide, a book about penetration testing using the open source Metasploit Framework testing and is a great introduction to security testing in general.  Since I'm a complete novice to Metasploit, the book was great for getting me started with the basics of the framework. (A more experience Metasploit user, however, will probably want to read something a bit more advanced.)

Book review Metasploit

What you need to know before reading the Metasploit book

The book assumes the reader has zero experience and begins with a brief history of Metasploit and how to install it. Although you don't need to be a programmer to read it, most examples are written in Ruby and Python. You should also be familiar with Linux and how to set up VMs.

What's in Metasploit – The Penetration Tester’s Guide

Overall, the book is written with a hands-on, tutorial-like style that is great for people like me who prefer to learn by doing. The book is a progression, beginning by establishing the methodologies/phases and terminology of penetration testing and an intro to the utilities and functions within the Metasploit framework.

The first few chapters are a great help in getting up to speed on penetration testing and provide a nice overview of the different phases of a penetration test. The author then walks you through how to identify different types of vulnerabilities and how to exploit them using the tool. I liked the sections on how to attack MS SQL, Browser-Based & File exploits, and Social Engineering attacks. 

Many modules of the framework are covered, as well as how to create a module. The book ends with a realistic simulation of an actual penetration test.

Do no evil with Metasploit.

The author states that the book is “designed to teach you everything from the fundamentals of the Framework to advanced techniques in exploitation,” I believe the author excels in fulfilling that goal.

After reading this book, I was reminded of the old saying, “with great knowledge comes great responsibility.” The author states at the beginning of the book under Ethics: “Don't be malicious and don't be stupid.”

Note: I received a free copy of this book as part of the O'Reilly Blogger Review program. View O'Reilly Product Page

 

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
Code Hacker
AccessibilityTestingTools Man VR Wheelchair Pic
Automation Testing

Top 17 Accessibility Testing Tools for Automation (2023)

Posted on 03/21/2023

Although automation is not a silver bullet for accessibility testing, here are some ...

Python Automation Tools
Automation Testing

Best Python Automation Testing Tools (For 2023)

Posted on 03/19/2023

As a modern tester, I know you would probably say that Java is ...

Clevel Buyin Four Common Reasons Enterprise Testing Fails
Automation Testing

4 Common Reasons Enterprise Testing Fails (Tips for Success)

Posted on 03/14/2023

With the pressure to create software faster and with higher quality, teams are ...

Click to Get 10 Quick Test Automation Tips Now

I appreciate the information you send over email. It has really helped me to enhance my testing skills!

Alisha Sheikh (Test Engineering Senior Analyst at Accenture)

Thank you for all the information provided in your newsletter. I am new in automation testing; hence, it is very helpful.

Audrey Pruvot (TagPlay)