background image



Following a complete rewrite in the Ruby programming language, 

the Metasploit team released Metasploit 3.0 in 2007. The migration of the 
Framework from Perl to Ruby took 18 months and resulted in over 150,000 
lines of new code. With the 3.0 release, Metasploit saw widespread adoption 
in the security community and a big increase in user contributions.

In fall 2009, Metasploit was acquired by Rapid7, a leader in the 

vulnerability-scanning field, which allowed HD to build a team to focus 
solely on the development of the Metasploit Framework. Since the acquisi-
tion, updates have occurred more rapidly than anyone could have imagined. 
Rapid7 released two commercial products based on the Metasploit Frame-
work: Metasploit Express and Metasploit Pro. Metasploit Express is a lighter 
version of the Metasploit Framework with a GUI and additional functionality, 
including reporting, among other useful features. Metasploit Pro is an expanded 
version of Metasploit Express that touts collaboration and group penetration 
testing and such features as a one-click virtual private network (VPN) tunnel 
and much more. 

About This Book

This book is designed to teach you everything from the fundamentals of 
the Framework to advanced techniques in exploitation. Our goal is to pro-
vide a useful tutorial for the beginner and a reference for practitioners. How-
ever, we won’t always hold your hand. Programming knowledge is a definite 
advantage in the penetration testing field, and many of the examples in this 
book will use either the Ruby or Python programming language. Still, while 
we suggest that you learn a language like Ruby or Python to aid in advanced 
exploitation and customization of attacks, programming knowledge is not 

As you grow more comfortable with Metasploit, you will notice that the 

Framework is frequently updated with new features, exploits, and attacks. 
This book was developed with the knowledge that Metasploit is continually 
changing and that no printed book is likely to be able to keep pace with this 
rapid development. Therefore, we focus on the fundamentals, because once 
you understand how Metasploit works you will be able to ramp up quickly 
with updates to the Framework.

What’s in the Book?

How can this book help you to get started or take your skills to the next level? 
Each chapter is designed to build on the previous one and to help you build 
your skills as a penetration tester from the ground up.


Chapter 1, “The Absolute Basics of Penetration Testing,” establishes the 
methodologies around penetration testing.


Chapter 2, “Metasploit Basics,” is your introduction to the various tools 
within the Metasploit Framework.


Chapter 3, “Intelligence Gathering,” shows you ways to leverage Meta-
sploit in the reconnaissance phase of a penetration test.