Book Review: Metasploit Penetration Testing Cookbook by Abhinav Singh
Overview: Singh provides an introduction to the widely used Metasploit framework in the form of seventy plus recipes for various penetration testing tasks.
In a previous blog, I reviewed Dave Kennedy's Metasploit book. Both texts are well written. The format is different, however.
Singh's book is written in a cookbook style which makes it easy to refer to it when attempting specific tasks. Kennedy's book is written in a more traditional style with an introduction and then survey of various aspects of Metasploit.
The differences between these two books extends beyond format. Singh's book goes beyond a basic coverage of Metasploit and covers additional penetration testing tools such as various scanners and evasion tools.
So which book should you buy if you had to pick just one? To me it mostly comes down to personal preference. If you are just learning Metasploit, either should be a great aid in this process. If you want a book you can refer back to later, the Singh book may be slightly more convenient.
The publisher may also be a consideration. The Kennedy book is published by No Starch Press, whereas Singh's book is published by Packt. If you like eBooks you may prefer books from Packt Publishing.
Packt provides DRM-free books in both PDF and ePub formats. This can be extremely convenient if you like to read your books on multiple devices. Personally I find myself reading books on my tablet and also keeping a copy on my penetration testing platform as a reference.
Here is a brief table of contents for Singh's book:
- Chapter 1: Metasploit Quick Tips for Security Professionals covering: configuration, installation, basic use, and storing results in a database
- Chapter 2: Information Gathering and Scanning covering: passive and active gathering, social engineering, scanning, Nessus, NeXpose, and Dradis
- Chapter 3: Operating System-based Vulnerability Assessment covering: exploits, Windows XP, remote shells, Windows 2003, Windows 7, Linux, and DLL injection
- Chapter 4: Client-side Exploitation and Antivirus bypass covering: IE, Word, Adobe Reader, payloads, and killing anti-virus
- Chapter 5: Using Meterpreter to Explore the Compromised Target covering: Meterpreter commands, privilege escalation, communication channels, and snooping on Windows targets
- Chapter 6: Advanced Meterpreter Scripting covering: hash dumps, back doors, pivoting, Railgun, pivoting, and killing firewalls
- Chapter 7: Working with Modules for Penetration Testing covering: Auxiliary modules, admin modules, SQL injection, post-exploitation, and creating new modules
- Chapter 8: Working with Exploits covering: mixins, msfvenum, going from exploit to Metasploit module, and fuzzing
- Chapter 9: Working with Armitage covering: Getting started, information gathering, and targeting multiple machines
- Chapter 10: Social Engineering Toolkit covering: Installation, configuration, spear-phishing, website attacks, and infectious media generation
To summarize, if you are looking for a Metasploit book in cookbook format than this book would be a good choice.
Cross-posted from The World of Infosec According to Dr. Phil