
Jul 12, 2011
Metasploit: A Penetration Testers Guide
Offensive Security is happy to announce the availability of Metasploit, The Penetration Tester’s Guide – A new book by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts). The book is released through No Starch Press.
Offensive Security is happy to announce the availability of Metasploit, The Penetration Tester’s Guide – A new book by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts). The book is released through No Starch Press.
The goals of the book are to provide a single point of reference for the Metasploit Framework which doesn’t quickly become outdated and to provide an in depth resource for penetration testers who wish to understand the Framework inside out. The book covers everything from Metasploit basics to fuzzing, exploit development, custom module creation, writing post exploitation modules and meterpreter kung-fu.
In addition to the Metasploit Framework, we cover toolkits that leverage the Framework such as the Social-Engineer Toolkit (SET) and Fast-Track. The book also integrates the Penetration Testing Execution Standard (PTES) as the general methodology for performing penetration testing.
As part of this release announcement, the book is available for pre orders with a 40% discount at No Starch Press when you use the discount code of REDTEAM. This special discount code is valid until midnight on Wednesday, July 20th and if you pre-order the print book, you will immediately receive a PDF version of the book so get your copy now! Over 25% of net revenue going to the authors will be donated to the HFC group.
In addition, the authors will be appearing on the PaulDotCom Podcast this Thursday and the Infosec Daily Podcast Friday to discuss the book and give away free tickets to DerbyCon.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read

Research & Tutorials
CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence
Critical RCE vulnerability (CVE-2024-21683) in Atlassian Confluence Data Center and Server (v5.2–8.9.0) allows authenticated users to execute arbitrary code via malicious code macros.
Jun 12, 2025
2 min read

Research & Tutorials
CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization
A critical RCE vulnerability (CVSS 9.9) in Roundcube Webmail (
Jun 12, 2025
3 min read