Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from The Complete Metasploit Guide Explore effective penetration testing techniques with Metasploit

Product type Course

Published in Jun 2019

Publisher Packt

ISBN-13 9781838822477

Length 660 pages

Edition 1st Edition

Languages

Ruby

Tools

Metasploit

Concepts

Penetration Testing

Authors (2):

Sagar Rahalkar

Nipun Jaswal

View More author details

Table of Contents (28) Chapters

Title Page

The Complete Metasploit Guide

About Packt

Contributors

Preface

1. Introduction to Metasploit and Supporting Tools FREE CHAPTER

2. Setting up Your Environment

3. Metasploit Components and Environment Configuration

4. Information Gathering with Metasploit

5. Vulnerability Hunting with Metasploit

6. Client-side Attacks with Metasploit

7. Web Application Scanning with Metasploit

8. Antivirus Evasion and Anti-Forensics

9. Cyber Attack Management with Armitage

10. Extending Metasploit and Exploit Development

11. Approaching a Penetration Test Using Metasploit

12. Reinventing Metasploit

13. The Exploit Formulation Process

14. Porting Exploits

15. Testing Services with Metasploit

16. Virtual Test Grounds and Staging

17. Client-Side Exploitation

18. Metasploit Extended

19. Evasion with Metasploit

20. Metasploit for Secret Agents

21. Visualizing with Armitage

22. Tips and Tricks

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Setting up a vulnerable application

Before we start exploring various web application scanning features offered by the Metasploit Framework, we need to set up a test application environment in which we can fire our tests. As discussed in the initial chapters, Metasploitable 2 is a Linux distribution that is deliberately made vulnerable. It also contains web applications that are intentionally made vulnerable, and we can leverage this to practice using Metasploit's web scanning modules.

In order to get the vulnerable test application up and running, simply boot into metasploitable 2; Linux and access it remotely from any of the web browsers, as shown in the following screenshot:

There are two different vulnerable applications that run by default on the metasploitable 2 distribution, Mutillidae and Damn Vulnerable Web Application (DVWA). The vulnerable application can be opened...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

Sagar Rahalkar

Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a masters degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.

See other products by Sagar Rahalkar

Nipun Jaswal

Nipun Jaswal is an international cybersecurity author and an award-winning IT security researcher with more than a decade of experience in penetration testing, Red Team assessments, vulnerability research, RF, and wireless hacking. He is presently the Director of Cybersecurity Practices at BDO India. Nipun has trained and worked with multiple law enforcement agencies on vulnerability research and exploit development. He has also authored numerous articles and exploits that can be found on popular security databases, such as PacketStorm and exploit-db. Please feel free to contact him at @nipunjaswal.

See other products by Nipun Jaswal