Metasploit: The Penetration Tester's Guide (Paperback) (Metasploit:滲透測試者指南)

David Kennedy, Jim O'Gorman, Devon Kearns, Mati Aharoni

買這商品的人也買了...

相關主題

商品描述

"The best guide to the Metasploit Framework." —HD Moore, Founder of the Metasploit Project

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.

Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Learn how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts

You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

商品描述(中文翻譯)

「Metasploit: 渗透测试员指南」—— HD Moore,Metasploit项目创始人

Metasploit Framework使发现、利用和分享漏洞变得快速且相对轻松。但是,虽然Metasploit被安全专业人士广泛使用,但对于初次使用者来说,这个工具可能很难理解。《Metasploit: 渗透测试员指南》填补了这一空白,教会您如何利用该框架并与Metasploit贡献者社区互动。

一旦您建立了渗透测试的基础,您将学习框架的约定、接口和模块系统,同时发起模拟攻击。您将进一步学习高级渗透测试技术,包括网络侦察和枚举、客户端攻击、无线攻击和有针对性的社交工程攻击。

学习如何:
- 查找和利用未维护、配置错误和未打补丁的系统
- 进行侦察并找到有关目标的有价值信息
- 绕过防病毒技术和规避安全控制
- 将Nmap、NeXpose和Nessus与Metasploit集成,以自动发现
- 使用Meterpreter shell从内部网络发起进一步攻击
- 利用独立的Metasploit实用程序、第三方工具和插件
- 学习如何编写自己的Meterpreter后渗透模块和脚本

您甚至将接触到零日研究的漏洞发现,编写模糊测试器,将现有的漏洞利用移植到框架中,并学习如何隐藏自己的踪迹。无论您的目标是保护自己的网络还是测试他人的网络,「Metasploit: 渗透测试员指南」都将带您超越目标。