Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Cart
Close icon
You have no products in your basket yet
Save more on your purchases!
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Home > Security > Penetration Testing > Metasploit 5.0 for Beginners - Second Edition
Metasploit 5.0 for Beginners - Second Edition
Metasploit 5.0 for Beginners - Second Edition

Metasploit 5.0 for Beginners: Perform penetration testing to secure your IT environment against threats and vulnerabilities, Second Edition

By Sagar Rahalkar
$15.99 per month
Book Apr 2020 246 pages 2nd Edition
eBook
$22.99
Print
$32.99
Subscription
$15.99 Monthly
eBook
$22.99
Print
$32.99
Subscription
$15.99 Monthly

What do you get with a Packt Subscription?

Free for first 7 days. $15.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Metasploit 5.0 for Beginners - Second Edition

Chapter 1: Introduction to Metasploit and Supporting Tools

Before we take a deep dive into various aspects of the Metasploit Framework, let's first lay a solid foundation of some of the absolute basics. In this chapter, we'll conceptually understand what penetration testing is all about and where the Metasploit Framework fits in exactly. We'll also browse through some of the additional tools that enhance the Metasploit Framework's capabilities.

In this chapter, we will cover the following topics:

  • The importance of penetration testing
  • Understanding the difference between vulnerability assessments and penetration testing
  • The need for a penetration testing framework
  • Introduction to Metasploit
  • Introduction to new features in Metasploit 5.0
  • When to use Metasploit
  • Making Metasploit effective and powerful using supplementary tools

Technical requirements

The following software is required:

  • Kali Linux
  • The Metasploit Framework
  • Nessus
  • NMAP
  • w3af
  • Armitage

The importance of penetration testing

For over a decade or so, the use of technology has been rising exponentially. Almost all businesses are partially or completely dependent on the use of technology. From Bitcoins to the cloud to the Internet of Things (IoT), new technologies are popping up each day. While these technologies completely change the way we do things, they also bring along threats with them. Attackers discover new and innovative ways to manipulate these technologies for fun and profit! This is a matter of concern for thousands of organizations and businesses around the world.

Organizations worldwide are deeply concerned about keeping their data safe. Protecting data is certainly important. However, testing whether adequate protection mechanisms have been put to work is also equally important. Protection mechanisms can fail, hence, testing them before someone exploits them for real is a challenging task. Having said this, vulnerability assessments and penetration...

Understanding the difference between vulnerability assessments and penetration testing

Vulnerability assessments and penetration testing are two of the most common phrases that are often used interchangeably. However, it is important to understand the difference between the two. To understand the exact difference, let's consider a real-world scenario.

A thief intends to rob a house. To proceed with his robbery plan, he decides to recon his robbery target. He visits the house (that he intends to rob) casually and tries to gauge what security measures are in place. He notices that there is a window at the back of the house that is often open and so it's easy to break in. In our terms, the thief just performed a vulnerability assessment. Now, after a few days, the thief actually goes to the house again and enters through the back window that he had discovered earlier during his recon phase. In this case, the thief performed an actual penetration into his target house with...

The need for a penetration testing framework

Penetration testing is not just about running a set of a few automated tools against your target. It's a complete process that involves multiple stages and each stage is equally important for the success of the project. Now, for performing all the tasks throughout every stage of penetration testing, we would need to use various tools and might need to perform some tasks manually. Then, at the end, we would need to combine the results from all the different tools together to produce a single meaningful report. This is certainly a daunting task. It would be really easy and timesaving if one single tool could help us perform all the required tasks for penetration testing. This exact need is satisfied by a framework such as Metasploit.

Now let's move on to learning more about the Metasploit Framework.

Introduction to Metasploit

The birth of Metasploit dates back to 16 years ago, when H. D. Moore, in 2003, wrote a portable network tool using Perl. By 2007, it was rewritten in Ruby. The Metasploit project received a major commercial boost when Rapid7 acquired the project in 2009. Metasploit is essentially a robust and versatile penetration testing framework. It can literally perform all the tasks that are involved in a penetration testing life cycle. With the use of Metasploit, you don't really need to reinvent the wheel! You just need to focus on the core objectives, the supporting actions will all be performed through various components and modules of the framework. Also, since it's a complete framework and not just an application, it can be customized and extended as per our requirements.

Metasploit is, no doubt, a very powerful tool for penetration testing. However, it's certainly not a magic wand that can help you hack into any given target system. It's...

Introduction to new features in Metasploit 5.0

Ever since the Metasploit Framework was born 16 years ago, it has been through significant changes and improvements. In early 2019, Metasploit 5.0 was released, which is considered its first major release since 2011. While the Metasploit is commercially supported and developed by Rapid7, it also has rich community support, which enables its growth.

The latest Metasploit 5.0 version brings in a lot more features and improvements:

  • Database and automation API's: The latest Metasploit 5.0 now allow users to run the database as a RESTful service. It also introduces the new JSON-RPC API, which would be of significant help to users who wish to integrate Metasploit with other tools. The API interface can be extremely handy in several automation and orchestration scenarios. It thus makes the framework even more agile and powerful.
  • Evasion modules and libraries: In 2018, a new evasion module was introduced that allowed users...

When to use Metasploit

There are literally tons of tools available for performing various tasks related to penetration testing. However, most of the tools serve only one unique purpose. Unlike these tools, Metasploit can perform multiple tasks throughout the penetration testing life cycle. Before we check the exact use of Metasploit in penetration testing, let's have a brief overview of the various phases of penetration testing.

The following diagram shows the typical phases of the penetration testing life cycle:

Figure 1.1 – Phases of the Penetration testing life cycle

Figure 1.1 – Phases of the penetration testing life cycle

Now let's move on to understanding the phases in detail:

  • Information gathering: Though the information gathering phase may look very trivial, it is one of the most important phases for the success of a penetration testing project. The more you know about your target, the higher the chances are that you will find the right vulnerabilities and exploits to work...

Making Metasploit effective and powerful using supplementary tools

So far, we have seen that Metasploit is a really powerful framework for penetration testing. However, it can be made even more useful if integrated with some other tools. This section covers a few tools that complement Metasploit's capability to perform more precise penetration on the target system. We'll start with the Nessus tool.

Nessus

Nessus is a product from Tenable Network Security and is one of the most popular vulnerability assessment tools. It belongs to the vulnerability scanner category. It is quite easy to use, and it quickly identifies infrastructure-level vulnerabilities in the target system. Once Nessus tells us what vulnerabilities exist on the target system, we can then feed those vulnerabilities to Metasploit to see whether they can be exploited for real.

Its official website is https://www.tenable.com/.

The following screenshot shows the Nessus homepage:

Figure 1.3 – Nessus homepage ...

Summary

We started this chapter with understanding the relevance of penetration testing and then glanced at the practical difference between vulnerability assessment and penetration testing. We then tried to understand the exact need of a penetration testing framework and got introduced to the Metasploit Framework. We also covered the new features introduced as part of latest Metasploit 5.x Framework.

We also got an overview on when to use the Metasploit Framework in the penetration testing life cycle along with some other useful tools like Nessus, NMAP, and so on.

Now that we have got a high-level overview of what Metasploit is all about and the new features in the latest Metasploit 5.0 version, its applicability in penetration testing, and supporting tools, we'll browse through the installation and environment setup for Metasploit in the next chapter.

Exercise

You can try the following exercises:

  • Visit Metasploit's official website and try to learn about the differences in various editions of Metasploit.
  • Try to explore more on how Nessus and NMAP can help us during a penetration test.
  • Install Nessus and w3af on your Kali Linux system.

Further reading

More information on the Metasploit Framework along with various versions can be found at https://metasploit.help.rapid7.com/docs.

Left arrow icon

Page 1 of 12

Right arrow icon

Key benefits

  • Perform pentesting in highly secured environments with Metasploit 5.0
  • Become well-versed with the latest features and improvements in the Metasploit Framework 5.0
  • Analyze, find, exploit, and gain access to different systems by bypassing various defenses

Description

Securing an IT environment can be challenging, however, effective penetration testing and threat identification can make all the difference. This book will help you learn how to use the Metasploit Framework optimally for comprehensive penetration testing. Complete with hands-on tutorials and case studies, this updated second edition will teach you the basics of the Metasploit Framework along with its functionalities. You’ll learn how to set up and configure Metasploit on various platforms to create a virtual test environment. Next, you’ll get hands-on with the essential tools. As you progress, you’ll learn how to find weaknesses in the target system and hunt for vulnerabilities using Metasploit and its supporting tools and components. Later, you'll get to grips with web app security scanning, bypassing anti-virus, and post-compromise methods for clearing traces on the target system. The concluding chapters will take you through real-world case studies and scenarios that will help you apply the knowledge you’ve gained to ethically hack into target systems. You’ll also discover the latest security techniques that can be directly applied to scan, test, ethically hack, and secure networks and systems with Metasploit. By the end of this book, you’ll have learned how to use the Metasploit 5.0 Framework to exploit real-world vulnerabilities.

What you will learn

Set up the environment for Metasploit Understand how to gather sensitive information and exploit vulnerabilities Get up to speed with client-side attacks and web application scanning using Metasploit Leverage the latest features of Metasploit 5.0 to evade anti-virus Delve into cyber attack management using Armitage Understand exploit development and explore real-world case studies

Product Details

Country selected
Publication date : Apr 10, 2020
Length 246 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781838982669
Category :
Security
Concepts :
Penetration Testing
Tools :
Metasploit (Beginner)

What do you get with a Packt Subscription?

Free for first 7 days. $15.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Apr 10, 2020
Length 246 pages
Edition : 2nd Edition
Language : English
ISBN-13 : 9781838982669
Category :
Security
Concepts :
Penetration Testing
Tools :
Metasploit (Beginner)

Table of Contents

15 Chapters
Preface Chevron down icon Chevron up icon
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
1. Section 1: Introduction and Environment Setup Chevron down icon Chevron up icon
Section 1: Introduction and Environment Setup
2. Chapter 1: Introduction to Metasploit and Supporting Tools Chevron down icon Chevron up icon
Chapter 1: Introduction to Metasploit and Supporting Tools
Technical requirements
The importance of penetration testing
Understanding the difference between vulnerability assessments and penetration testing
The need for a penetration testing framework
Introduction to Metasploit
Introduction to new features in Metasploit 5.0
When to use Metasploit
Making Metasploit effective and powerful using supplementary tools
Summary
Exercise
Further reading
3. Chapter 2: Setting Up Your Environment Chevron down icon Chevron up icon
Chapter 2: Setting Up Your Environment
Using Metasploit on a Kali Linux virtual machine
Installing Metasploit on Windows
Installing Metasploit on Linux
Setting up Docker
Setting up vulnerable targets in a VM
Summary
Exercises
4. Chapter 3: Metasploit Components and Environment Configuration Chevron down icon Chevron up icon
Chapter 3: Metasploit Components and Environment Configuration
Technical requirements
Anatomy and structure of Metasploit
Metasploit components and environment configuration
Getting started with msfconsole
Variables in Metasploit
Updating the Metasploit Framework
Summary
Exercise
Further reading
5. Section 2: Practical Metasploit Chevron down icon Chevron up icon
Section 2: Practical Metasploit
6. Chapter 4: Information Gathering with Metasploit Chevron down icon Chevron up icon
Chapter 4: Information Gathering with Metasploit
Technical requirements
Information gathering and enumeration on various protocols
Password sniffing with Metasploit
Advanced search using Shodan
Summary
Exercises
Further reading
7. Chapter 5: Vulnerability Hunting with Metasploit Chevron down icon Chevron up icon
Chapter 5: Vulnerability Hunting with Metasploit
Technical requirements
Managing the database
Vulnerability detection with Metasploit auxiliaries
Auto-exploitation with db_autopwn
Exploring post exploitation
Introduction to msf utilities
Summary
Exercises
Further reading
8. Chapter 6: Client-Side Attacks with Metasploit Chevron down icon Chevron up icon
Chapter 6: Client-Side Attacks with Metasploit
Understanding the need for client-side attacks
Exploring the msfvenom utility
Using MSFvenom Payload Creator (MSFPC)
Social engineering with Metasploit
Using browser autopwn
Summary
Exercises
9. Chapter 7: Web Application Scanning with Metasploit Chevron down icon Chevron up icon
Chapter 7: Web Application Scanning with Metasploit
Technical requirements
Setting up a vulnerable web application
Web application scanning using WMAP
Metasploit auxiliaries for web application enumeration and scanning
Summary
Exercise
10. Chapter 8: Antivirus Evasion and Anti-Forensics Chevron down icon Chevron up icon
Chapter 8: Antivirus Evasion and Anti-Forensics
Technical requirements
Using encoders to avoid antivirus detection
Using the new evasion module
Using packagers and encrypters
Understanding what a sandbox is
Using Metasploit for anti-forensics
Summary
Exercises
Further reading
11. Chapter 9: Cyber Attack Management with Armitage Chevron down icon Chevron up icon
Chapter 9: Cyber Attack Management with Armitage
Technical requirements
What is Armitage?
Starting the Armitage console
Scanning and enumeration
Finding and launching attacks
Summary
Exercise
Further reading
12. Chapter 10: Extending Metasploit and Exploit Development Chevron down icon Chevron up icon
Chapter 10: Extending Metasploit and Exploit Development
Technical requirements
Understanding exploit development concepts
Understanding exploit templates and mixins
Understanding Metasploit mixins
Adding external exploits to Metasploit
Summary
Exercises
Further reading
13. Chapter 11: Case Studies Chevron down icon Chevron up icon
Chapter 11: Case Studies
Case study 1
Case study 2
Summary
Exercises
Further reading
14. Other Books You May Enjoy Chevron down icon Chevron up icon
Other Books You May Enjoy
Leave a review - let other readers know what you think

Recommendations for you

Left arrow icon
CompTIA Security+ SY0-701 Certification Guide
CompTIA Security+ SY0-701 Certification Guide
Read more
Jan 2024 622 pages
print
Print
  • print Print $44.99
$44.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Read more
Apr 2024 828 pages
ebook
eBook
  • ebook eBook $43.99
  • print Print $54.99
$43.99
$54.99
Mastering Microsoft Intune
Mastering Microsoft Intune
Read more
Mar 2024 822 pages
ebook
eBook
  • ebook eBook $43.99
  • print Print $54.99
$43.99
$54.99
Cybersecurity Strategies and Best Practices
Cybersecurity Strategies and Best Practices
Read more
May 2024 252 pages
ebook
eBook
  • ebook eBook $39.99
  • print Print $49.99
$39.99
$49.99
Cybersecurity Architect's Handbook
Cybersecurity Architect's Handbook
Read more
Mar 2024 494 pages
ebook
eBook
  • ebook eBook $47.99
  • print Print $59.99
$47.99
$59.99
Endpoint Detection and Response Essentials
Endpoint Detection and Response Essentials
Read more
May 2024 170 pages
ebook
eBook
  • ebook eBook $31.99
  • print Print $39.99
$31.99
$39.99
Critical Infrastructure Security
Critical Infrastructure Security
Read more
May 2024 270 pages
ebook
eBook
  • ebook eBook $31.99
  • print Print $39.99
$31.99
$39.99
Implementing Palo Alto Networks Prisma® Access
Implementing Palo Alto Networks Prisma® Access
Read more
May 2024 346 pages
ebook
eBook
  • ebook eBook $43.99
  • print Print $54.99
$43.99
$54.99
Security Monitoring with Wazuh
Security Monitoring with Wazuh
Read more
Apr 2024 322 pages
ebook
eBook
  • ebook eBook $35.99
  • print Print $44.99
$35.99
$44.99
Mastering Windows Server 2022
Mastering Windows Server 2022
Read more
May 2023 720 pages
Full star icon 5
ebook
eBook
  • ebook eBook $39.99
  • print Print $49.99
$39.99
$49.99
Right arrow icon

Customer reviews

Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Top Reviews
  • Top Reviews
  • Most Recent
No reviews found

People who bought this also bought

Left arrow icon
Metasploit 5.0 for Beginners
Metasploit 5.0 for Beginners
Read more
Apr 2020 246 pages
ebook
eBook
  • ebook eBook $9.99
  • print Print $22.99
$9.99 $22.99
$22.99 $32.99
Privilege Escalation Techniques
Privilege Escalation Techniques
Read more
Nov 2021 340 pages
Full star icon 5
ebook
eBook
  • ebook eBook $9.99
  • print Print $37.99
$9.99 $43.99
$37.99 $54.99
Cybersecurity Career Master Plan
Cybersecurity Career Master Plan
Read more
Sep 2021 280 pages
ebook
eBook
  • ebook eBook $9.99
  • print Print $34.98
$9.99 $39.99
$34.98 $49.99
Mastering Windows Security and Hardening
Mastering Windows Security and Hardening
Read more
Aug 2022 816 pages
Full star icon 5
ebook
eBook
  • ebook eBook $9.99
  • print Print $37.99
$9.99 $43.99
$37.99 $54.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Read more
Feb 2022 742 pages
Full star icon 5
ebook
eBook
  • ebook eBook $9.99
  • print Print $37.99
$9.99 $43.99
$37.99 $54.99
Cybersecurity – Attack and Defense Strategies
Cybersecurity – Attack and Defense Strategies
Read more
Sep 2022 570 pages
Full star icon 5
ebook
eBook
  • ebook eBook $9.99
  • print Print $28.99
$9.99 $33.99
$28.99 $41.99
Right arrow icon

About the author

Left arrow icon
Profile icon Sagar Rahalkar
Sagar Rahalkar is a seasoned information security professional having more than 10 years of comprehensive experience in various verticals of IS. His domain expertise is mainly into breach detection, cyber crime investigations, digital forensics, application security, vulnerability assessment and penetration testing, compliance for mandates and regulations, IT GRC, and much more. He holds a masters degree in computer science and several industry-recognized certifications such as Certified Cyber Crime Investigator, Certified Ethical Hacker, Certified Security Analyst, ISO 27001 Lead Auditor, IBM certified Specialist-Rational AppScan, Certified Information Security Manager (CISM), and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years dealing with digital crime investigations and related training and received several awards and appreciations from senior officials of the police and defense organizations in India. Sagar has also been a reviewer and author for various books and online publications.
Read more
See other products by Sagar Rahalkar
Right arrow icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.