Chapter 1, Metasploit Quick Tips for Security Professionals, contains recipes covering how to install Metasploit on different platforms, building a penetration testing lab, configuring Metasploit to use a PostgreSQL database, and using workspaces.Â
Chapter 2, Information Gathering and Scanning, discusses passive and active information gathering with Metasploit, port scanning, scanning techniques, enumeration, and integration with scanners such as Nessus, NeXpose, and OpenVAS.
Chapter 3, Server-Side Exploitation, includes Linux and Windows server exploitation, SQL injection, backdoor installation, and Denial of Service attacks.
Chapter 4, Meterpreter, covers all of the commands related to Meterpreter, communication channels, keyloggers, automation, loading framework plugins, using Railgun, and much more.
Chapter 5, Post-Exploitation, covers post-exploitation modules, privilege escalation, process migration, bypassing UAC, pass the hash attacks, using Incognito and Mimikatz, backdooring Windows binaries, pivoting, port forwarding, credential harvesting, and writing a post-exploitation module.
Chapter 6, Using MSFvenom, discusses MSFvenom payloads and payload options, encoders, output formats, templates, and how to use Meterpreter payloads with trusted certificates.
Chapter 7, Client-Side Exploitation and Antivirus Bypass, explains how to exploit a Windows 10 machine, antivirus and IDS/IPS bypasses, macro exploits, Human Interface Device attacks, HTA attacks, how to backdoor executables using a MITM attack, and how to create a Linux trojan and an Android backdoor.
Chapter 8, Social-Engineer Toolkit, includes how to get started with the Social-Engineer Toolkit, spear-phishing attack vectors, website attack vectors, working with the multiattack web method, and infectious media generation.
Chapter 9, Working with Modules for Penetration Testing, covers auxiliary modules, DoS attack modules, post-exploitation modules, and module analyzing and building.
Chapter 10, Exploring Exploits, covers common exploit mixins, generating shellcode with MSFvenom, converting exploits to Metasploit modules, fuzzing with Metasploit, and how to write a simple fuzzer.
Chapter 11, Wireless Network Penetration Testing, Metasploit and wireless, includes evil twin attacks, Karmetasploit, wireless MITM attacks, and SMB relay attacks.
Chapter 12, Cloud Penetration Testing, covers how to use Metasploit in the cloud, Metasploit PHP Hop, performing phishing attacks from the cloud, and setting up a cloud penetration testing lab.
Chapter 13, Best Practices, includes using Metasploit over the Tor network, Metasploit logging, documentation, and cleaning up.
