// Comparison
Hacking vs Metasploit: Which Should You Read?
Two cybersecurity books on Offensive, compared honestly: who each is for, what each does best, and which to read first.
Un labo virtuel pour auditer et mettre en place des contre-mesures
Franck Ebel, Jérôme Hennecart
A hands-on French guide to building a virtual lab (Proxmox) and using it to audit application, web and system flaws — then implement countermeasures.
The Penetration Tester's Guide
David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Read this if
Skip this if
Key takeaways
- A practical French guide to building your own vulnerability lab and auditing it end to end.
- Covers application, web and system flaws with the matching countermeasures — attack and defence together.
- From 2013: the method holds, but expect to modernise the specific tools and lab stack.
- Metasploit's value is workflow integration: payloads, post-exploitation modules, sessions, pivoting all wired together. The book teaches you to use the framework as a force multiplier, not as a list of exploits.
- Custom modules (auxiliary, exploit, post) are how you turn Metasploit into your toolkit; the book's chapters on module development are the highest-leverage material.
- The 2nd edition (2025) is updated for the modern Framework, mainstream Linux, and the current model of Meterpreter; the original 2011 edition is now dated.
How they compare
We rate Metasploit higher (4/5 against 3/5 for Hacking). For most readers, that means Metasploit is the primary pick and Hacking is a useful follow-up.
Both books target intermediate-level readers, so the choice is about topic, not difficulty.
Hacking and Metasploit both cover Offensive, Pentesting, Tooling, so reading them in sequence reinforces the same material from different angles.