Metasploit, 2nd Edition

The second edition of the international bestseller Metasploit is written by some of the world's best hackers and is the only introduction you'll ever need to the legendary Framework.

Fully revised to include all new chapters on attacking cloud applications, industrial control systems, and recent vulnerabilities, you'll learn Metasploit's module system, conventions, and interfaces as you launch simulated attacks.

The Metasploit Framework makes discovering, exploiting, and sharing systemic vulnerabilities quick and painless. But, this popular pentesting tool can be hard to grasp for first-time users. Written by some of the world's top hackers and security experts, Metasploit fills the gap by teaching you how to best harness the Framework and interact with its vibrant community of Metasploit open-source contributors.

This indispensable guide's updated second edition introduces modules and commands recently added to the Metasploit Framework, along with new chapters on the Cloud Lookup (and Bypass) module and attacking IoT or SCADA (industrial) systems using the Mobius client module.

You'll learn:

• Modern pentesting techniques, including network reconnaissance and enumeration
• The Metasploit Framework's conventions, interfaces, and module system
• Client-side attacks
• Wireless exploits
• Targeted social-engineering attacks

In a digital ecosystem increasingly driven by cloud-based and industrial attacks, the modern hacking techniques covered in Metasploit, 2nd Edition are essential for today's penetration testers.

《Metasploit》國際暢銷書的第二版由世界頂尖的駭客撰寫，是你對這個傳奇框架唯一需要的入門指南。全面修訂，新增了關於攻擊雲應用程式、工業控制系統和最新漏洞的全新章節，你將在發起模擬攻擊時學習Metasploit的模組系統、慣例和介面。

Metasploit Framework使發現、利用和分享系統性漏洞變得快速而輕鬆。但是，對於初次使用者來說，這個受歡迎的測試工具可能很難理解。《Metasploit》由世界頂尖的駭客和安全專家撰寫，填補了這一空白，教你如何最好地利用這個框架並與Metasploit開源貢獻者社群互動。

這本不可或缺的指南的第二版介紹了最近添加到Metasploit Framework的模組和命令，以及關於Cloud Lookup（和Bypass）模組和使用Mobius客戶端模組攻擊物聯網或SCADA（工業）系統的新章節。

你將學到：
- 現代測試技術，包括網絡偵察和列舉
- Metasploit Framework的慣例、介面和模組系統
- 客戶端攻擊
- 無線攻擊
- 針對性社交工程攻擊

在一個越來越受雲端和工業攻擊驅動的數字生態系統中，現代駭客技術在今天的滲透測試中至關重要，《Metasploit, 2nd Edition》涵蓋的內容對於今天的滲透測試人員來說是必不可少的。

David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the BackTrack and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.

Jim O'Gorman (Elwood) is a professional penetration tester, an instructor at Offensive Security, and manages Offensive Security's consulting services. Jim has lived online from the times of BBS's, to FidoNet, to when SLIP connections were the new hotness. Jim spends time on network intrusion simulation, digital investigations, and malware analysis. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.

Devon Kearns is an instructor at Offensive-Security, a BackTrack Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.

Mati Aharoni is the creator of the BackTrack Linux distribution and founder of Offensive-Security, the industry leader in security training.

Dr. Daniel G. Graham is an Assistant Professor of Computer Science at The University of Virginia in Charlottesville, Virginia. His research interests include secure embedded systems and networks. Before teaching at UVA, Dr. Graham was a Program Manager at Microsoft in Seattle, Washington. He publishes in IEEE journals relating to sensors and networks.

David Kennedy是Diebold Incorporated的首席信息安全官，也是Social-Engineer Toolkit (SET)、Fast-Track和其他開源工具的創建者。他是BackTrack和Exploit-Database開發團隊的成員，也是Social-Engineer播客和框架的核心成員。Kennedy曾在多個安全會議上發表演講，包括Black Hat、DEF CON、ShmooCon、Security B-Sides等。

Jim O'Gorman（Elwood）是一名專業的滲透測試人員，是Offensive Security的講師，並負責管理Offensive Security的咨詢服務。Jim從BBS時代開始就在線上生活，經歷了FidoNet時代，也見證了SLIP連接的興起。Jim專注於網絡入侵模擬、數字調查和惡意軟件分析。在處理各種安全問題之餘，Jim還花時間幫助孩子們對抗殭屍大軍。

Devon Kearns是Offensive-Security的講師，BackTrack Linux的開發人員，也是The Exploit Database的管理員。他貢獻了許多Metasploit的攻擊模塊，並維護著Metasploit Unleashed wiki。

Mati Aharoni是BackTrack Linux發行版的創建者，也是安全培訓領域的行業領導者Offensive-Security的創始人。

Dr. Daniel G. Graham是弗吉尼亞大學（The University of Virginia）計算機科學助理教授。他的研究興趣包括安全嵌入式系統和網絡。在加入弗吉尼亞大學之前，Graham博士曾在華盛頓州西雅圖的微軟擔任項目經理。他在IEEE期刊上發表了與傳感器和網絡相關的文章。