The Metasploit Framework has long been one of the tools most widely used by information security professionals, but for a long time little documentation existed aside from the source code itself or comments on blogs. That situation changed significantly when Offensive-Security developed its online course, Metasploit Unleashed. Shortly after the course went live, No Starch Press contacted us about the possibly of creating a book to expand on our work with Metasploit Unleashed.
This book is designed to teach you the ins and outs of Metasploit and how to use the Framework to its fullest. Our coverage is selective—we won’t cover every single flag or exploit—but we give you the foundation you’ll need to understand and use Metasploit now and in future versions.
When we began writing this book, we had in mind a comment by HD Moore, developer of the Metasploit Framework. In a conversation with HD about the development of our Metasploit Unleashed course, one of us said to him, “I hope the course comes out good.” To this offhand comment, HD merely replied, “Then make sure it is good.” And that’s just what we’ve attempted to do with this book.
As a group, we are experienced penetration testers who use Metasploit daily to circumvent security controls, bypass protections, and attack systems methodically. We wrote this book with the intention of helping our readers become competent penetration testers. HD’s drive and focus on quality is apparent within the Metasploit Framework, and we have tried to match those characteristics in this book. We leave it up to you to judge how well we have lived up to that standard.