Introduction
xxiii
Following a complete rewrite in the Ruby programming language,
the Metasploit team released Metasploit 3.0 in 2007. The migration of the
Framework from Perl to Ruby took 18 months and resulted in over 150,000
lines of new code. With the 3.0 release, Metasploit saw widespread adoption
in the security community and a big increase in user contributions.
In fall 2009, Metasploit was acquired by Rapid7, a leader in the
vulnerability-scanning field, which allowed HD to build a team to focus
solely on the development of the Metasploit Framework. Since the acquisi-
tion, updates have occurred more rapidly than anyone could have imagined.
Rapid7 released two commercial products based on the Metasploit Frame-
work: Metasploit Express and Metasploit Pro. Metasploit Express is a lighter
version of the Metasploit Framework with a GUI and additional functionality,
including reporting, among other useful features. Metasploit Pro is an expanded
version of Metasploit Express that touts collaboration and group penetration
testing and such features as a one-click virtual private network (VPN) tunnel
and much more.
About This Book
This book is designed to teach you everything from the fundamentals of
the Framework to advanced techniques in exploitation. Our goal is to pro-
vide a useful tutorial for the beginner and a reference for practitioners. How-
ever, we won’t always hold your hand. Programming knowledge is a definite
advantage in the penetration testing field, and many of the examples in this
book will use either the Ruby or Python programming language. Still, while
we suggest that you learn a language like Ruby or Python to aid in advanced
exploitation and customization of attacks, programming knowledge is not
required.
As you grow more comfortable with Metasploit, you will notice that the
Framework is frequently updated with new features, exploits, and attacks.
This book was developed with the knowledge that Metasploit is continually
changing and that no printed book is likely to be able to keep pace with this
rapid development. Therefore, we focus on the fundamentals, because once
you understand how Metasploit works you will be able to ramp up quickly
with updates to the Framework.
What’s in the Book?
How can this book help you to get started or take your skills to the next level?
Each chapter is designed to build on the previous one and to help you build
your skills as a penetration tester from the ground up.
z
Chapter 1, “The Absolute Basics of Penetration Testing,” establishes the
methodologies around penetration testing.
z
Chapter 2, “Metasploit Basics,” is your introduction to the various tools
within the Metasploit Framework.
z
Chapter 3, “Intelligence Gathering,” shows you ways to leverage Meta-
sploit in the reconnaissance phase of a penetration test.