You're reading from Metasploit 5.0 for Beginners Perform penetration testing to secure your IT environment against threats and vulnerabilities

Product type Paperback

Published in Apr 2020

Publisher

ISBN-13 9781838982669

Length 246 pages

Edition 2nd Edition

Tools

Metasploit

Concepts

Penetration Testing

Author (1):

Sagar Rahalkar

View More author details

Table of Contents (15) Chapters

Preface

1. Section 1: Introduction and Environment Setup

2. Chapter 1: Introduction to Metasploit and Supporting Tools FREE CHAPTER

3. Chapter 2: Setting Up Your Environment

4. Chapter 3: Metasploit Components and Environment Configuration

5. Section 2: Practical Metasploit

6. Chapter 4: Information Gathering with Metasploit

7. Chapter 5: Vulnerability Hunting with Metasploit

8. Chapter 6: Client-Side Attacks with Metasploit

9. Chapter 7: Web Application Scanning with Metasploit

10. Chapter 8: Antivirus Evasion and Anti-Forensics

11. Chapter 9: Cyber Attack Management with Armitage

12. Chapter 10: Extending Metasploit and Exploit Development

13. Chapter 11: Case Studies

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

What this book covers

Chapter 1, Introduction to Metasploit and Supporting Tools, introduces the reader to concepts such as vulnerability assessment and penetration testing. Then, it explains the need for a penetration testing framework along with a brief introduction to the Metasploit Framework. Moving ahead, the chapter explains how the Metasploit Framework can be effectively used across all stages of the penetration testing life cycle, along with some supporting tools that extend the Metasploit Framework's capabilities. This chapter also introduces some of the new features of Metasploit 5.x.

Chapter 2, Setting up Your Environment, guides you through setting up the environment for the Metasploit Framework. This includes setting up the Kali Linux virtual machine, independently installing the Metasploit Framework on various platforms (such as Windows and Linux), and setting up exploitable or vulnerable targets in the virtual environment, along with Metasploit Vulnerable Services Emulator.

Chapter 3, Metasploit Components and Environment Configuration, covers the structure and anatomy of the Metasploit Framework, followed by an introduction to various Metasploit components. This chapter also covers the local and global variable configuration, along with how to keep the Metasploit Framework updated.

Chapter 4, Information Gathering with Metasploit, lays the foundation for information gathering and enumeration with the Metasploit Framework. It covers information gathering and enumeration for various protocols, such as TCP, UDP, FTP, SMB, HTTP, SSH, DNS, and RDP. It also covers extended usage of the Metasploit Framework for password sniffing, along with advanced search for vulnerable systems using Shodan integration.

Chapter 5, Vulnerability Hunting with Metasploit, starts with instructions on setting up the Metasploit database. Then, it provides insights on vulnerability scanning and exploiting using NMAP, Nessus, and the Metasploit Framework, concluding with the post-exploitation capabilities of the Metasploit Framework. It also provides a brief introduction to MSF utilities.

Chapter 6, Client-Side Attacks with Metasploit, introduces the key terminology related to client-side attacks. It then covers the usage of the msfvenom payload creator to generate custom payloads, along with the Social-Engineer Toolkit. The chapter concludes with advanced browser-based attacks using the browser_autopwn auxiliary module.

Chapter 7, Web Application Scanning with Metasploit, covers the procedure of setting up a vulnerable web application such as Hackazon and OWASP Juice Shop. It then covers the wmap module within the Metasploit Framework for web application vulnerability scanning, and concludes with some additional Metasploit auxiliary modules that can be useful in web application security assessment.

Chapter 8, Antivirus Evasion and Anti-Forensics, covers the various ways to prevent your payload from getting detected by various antivirus programs. These techniques include the use of encoders, binary packages, and encryptors, along with the latest evasion modules. The chapter also introduces various concepts for testing payloads and concludes with various anti-forensic features of the Metasploit Framework.

Chapter 9, Cyber Attack Management with Armitage, introduces a cyber attack management tool called Armitage, which can be used effectively along with the Metasploit Framework for complex penetration testing tasks. This chapter covers the various aspects of Armitage, including opening the console, performing scanning and enumeration, finding suitable attacks, and exploiting the target.

Chapter 10, Extending Metasploit and Exploit Development, introduces the various exploit development concepts, followed by how the Metasploit Framework can be extended by adding external exploits. The chapter concludes with an explanation of the Metasploit exploit templates and mixins that can be readily utilized for custom exploit development.

Chapter 11, Real-World Case Study, helps the reader to put all the knowledge they have learned throughout the book together to hack into targets in real-world scenarios. This will immensely help the reader to understand the practical importance of all the modules and plugins they've learned about throughout the book.