Metasploit: The Penetration Tester's Guide

Monday, January 30, 2012

Ben Rothke


People who design networks or build software applications are often oblivious to security faults that their designs may have.

Those serious about information security will perform or will have an outside firm perform a penetration test—which is a way to evaluate how effective the security of a network or application is.

Those performing a penetration test will imitate what an attacker would do in an adversarial situation to see how the system holds up.

The Metasploit Project is an open-source security project that provides information about security vulnerabilities and assists those performing the penetration tests in building a framework in which to carry out the testing.

For those looking to use the Metasploit to its fullest, Metasploit: The Penetration Tester’s Guide is a valuable aid. Metasploit itself is an extremely powerful tool, but it is not an intui-tive piece of software.

While there’s documentation on Metasploit available at the project Web site, the authors use the book to help the reader become more fluent in how to use the base Metasploit meth­odology to be an effective penetration tester.

The first two chapters provide an introduction to penetration testing and Metasploit. By chapter four, the reader is deep in the waters of penetration testing.

The book progressively advances in complexity. And by the time the reader finishes chapter 17, he or she should have a high comfort level on how to use Metasploit.

The book is meant for someone who is technical and needs to be hands-on with Metasploit and really understand it. For firms that are looking to do their own penetration testing,

Metasploit is a free open-source tool, also used by firms that charge for the service. For those looking to jump on the Meta­sploit bandwagon, this book is a great way to do that.

Cross-posted from RSA

Possibly Related Articles:
Information Security
Open Source Application Security Methodologies Tools Penetration Testing Metasploit Network Security Guidelines hackers Book Review Ben Rothke Pentesting
Post Rating I Like this!
ming liu Hi,everybody!

someone can help about metasploit common ?

msf > use post/multi/gather/dns_reverse_lookup
msf post(dns_reverse_lookup) > set RHOSTS [TARGET HOST RANGE]
msf post(dns_reverse_lookup) > set SESSION [INTEGER]

here is the Usage Information

RHOSTS IP Range to perform reverse lookup against

SESSION The session to run this module on

I know set first one : set RHOSTS or

but I don't know how to set " SESSION " someone can help?
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.