.

Review - Metasploit Toolkit for Penetration Testing

<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Aug 07, 2009 3:25 am

Review - Metasploit Toolkit for Penetration Testing

I did a review on the book Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research..hope you like it.


Image


The book is divided into 5 chapters (Introduction to Metasploit, Architecture, Environment, and Installation, Metasploit Framework and Advanced Environment Configurations, Advanced Payloads and Add-on Modules and Adding new Payloads) and 5 case studies.


The first chapter gives an introduction to Metasploit for those who are not familiar with it yet. The reader will know after reading this how it is structured, Metasploit's history, short description of some payloads etc. Unfortunately the authors did not explain why to use one over the other payload or give a more detailed explanation on them.


Chapter two explains how to actually install Metasploit and advices to keep your system up to date.


Chapter three is as short as chapter two (11 pages versus 5 pages) and only covers some basic knowledge about the content of your Metasploit framework installation directory and how to use the setg-command.


The fourth chapter covers meterpreter, VNC inject and PassiveX payloads, auxiliary modules and automation of a pen-test with autopwn. As this chapter is again very short (18 pages) it is lacking in detail and only provides a brief overview of the mentioned topics although it is not that bad at all.


Adding new Payloads which is the title of the fifth and last chapter, finally gives a good explanation on MSF 3.x (which the whole book should have covered) and how to add new exploit and auxiliary payloads as well as building a SIP invite auxiliary module. Although a short chapter too it is well written and explains the tasks in an easy to follow way.



Full review can be read at www.awesec.com.

I know that this book is already outdated and many reviews are already available, but as I had the opportunity to get my hands on a copy of it, i still decided to read through it and write a little review.

More reviews to come. :)
Last edited by UNIX on Wed Aug 12, 2009 5:10 am, edited 1 time in total.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Aug 09, 2009 8:21 pm

Re: Review - Metasploit Toolkit for Penetration Testing

Any idea at what point in time the book was written? MSF changes so fast
thanks so HD Moore and crew.
twitter.com/timmedin | http://blog.securitywhole.com
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Mon Aug 10, 2009 4:33 am

Re: Review - Metasploit Toolkit for Penetration Testing

Book is from 2007 if I remember currently, I have not read / reviewed the book myself but I dont think there are any current alternatives.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Aug 10, 2009 4:57 am

Re: Review - Metasploit Toolkit for Penetration Testing

The book was written/ published on September 1, 2007. I haven't found any good alternatives covering metasploit, though I am quite sure that one will come sooner or later, hopefully from Moore himself.

However, there are some resources available at the internet which are in my opinion better than the book from above.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Mon Aug 10, 2009 5:03 am

Re: Review - Metasploit Toolkit for Penetration Testing

awesec wrote:However, there are some resources available at the internet which are in my opinion better than the book from above.


Any links in particular you're willing to share?
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Aug 10, 2009 5:20 am

Re: Review - Metasploit Toolkit for Penetration Testing

Sure. I will check my booksmarks when I am at home and update this post. If I remember correctly I had a few ones where I thought that are good to read.
Should I forget it please feel free to remind me via PM.
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Sun Aug 23, 2009 6:23 pm

Re: Review - Metasploit Toolkit for Penetration Testing

Offsec should have some stuff coming along soon for free MSF training, also The Academy pro has a metasploit category, and Rob fuller will be doing their trianing on pentesting w/BT4 which has plenty of practical MSF =)
<<

TalioGladius

Newbie
Newbie

Posts: 5

Joined: Mon Oct 08, 2007 9:11 am

Post Wed Aug 26, 2009 2:45 pm

Re: Review - Metasploit Toolkit for Penetration Testing

I wish they'd release a new version of this one.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Aug 26, 2009 3:01 pm

Re: Review - Metasploit Toolkit for Penetration Testing

Totally forgot about this one. Seems I can't find the correct bookmarks I made some time ago. Guess I will have to go through all bookmarks I have and sort them out a little, already lost the overview of them.
<<

Stocky

Newbie
Newbie

Posts: 2

Joined: Sat Sep 26, 2009 3:38 pm

Post Sat Sep 26, 2009 3:46 pm

Re: Review - Metasploit Toolkit for Penetration Testing

<<

3PIL0GU3

Newbie
Newbie

Posts: 38

Joined: Tue Aug 18, 2009 7:48 am

Post Thu Oct 01, 2009 3:09 am

Re: Review - Metasploit Toolkit for Penetration Testing

While im still in the process of completing this Hackerdemia disc for Heorot.net, i had a gander at some of the powerpoint archieves that HDM had prepared on the future of the MSF sounds interesting can't wait to see how it continues in its development lifecycle over the next few years/
----------------------------
CEH

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software