
Jul 12, 2011
Metasploit: A Penetration Testers Guide
Offensive Security is happy to announce the availability of Metasploit, The Penetration Tester’s Guide – A new book by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts). The book is released through No Starch Press.
Offensive Security is happy to announce the availability of Metasploit, The Penetration Tester’s Guide – A new book by Dave Kennedy (ReL1K), Devon Kearns (dookie), Jim O’Gorman (_Elwood_), and Mati Aharoni (muts). The book is released through No Starch Press.
The goals of the book are to provide a single point of reference for the Metasploit Framework which doesn’t quickly become outdated and to provide an in depth resource for penetration testers who wish to understand the Framework inside out. The book covers everything from Metasploit basics to fuzzing, exploit development, custom module creation, writing post exploitation modules and meterpreter kung-fu.
In addition to the Metasploit Framework, we cover toolkits that leverage the Framework such as the Social-Engineer Toolkit (SET) and Fast-Track. The book also integrates the Penetration Testing Execution Standard (PTES) as the general methodology for performing penetration testing.
As part of this release announcement, the book is available for pre orders with a 40% discount at No Starch Press when you use the discount code of REDTEAM. This special discount code is valid until midnight on Wednesday, July 20th and if you pre-order the print book, you will immediately receive a PDF version of the book so get your copy now! Over 25% of net revenue going to the authors will be donated to the HFC group.
In addition, the authors will be appearing on the PaulDotCom Podcast this Thursday and the Infosec Daily Podcast Friday to discuss the book and give away free tickets to DerbyCon.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
Discover details about CVE-2024-39914, a critical unauthenticated command injection vulnerability in FOG Project ≤ 1.5.10.34. Learn how attackers can exploit export.php to execute system commands or deploy persistent webshells.
Jun 26, 2025
2 min read

OffSec News
What It Really Means to “Try Harder”
Discover how OffSec’s “Try Harder” mantra evolved into a mindset, and how it helps learners build grit, creativity, and real-world problem-solving skills.
Jun 23, 2025
7 min read

Research & Tutorials
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage
CVE-2025-3248 is a critical RCE vulnerability in Langflow that allows unauthenticated attackers to execute arbitrary Python code via unsanitized input to exec(). Learn how it works and how to protect your system.
Jun 18, 2025
2 min read