Social engineering has enjoying an increasingly effective and prominent role in effective online attacks. The term itself is a big one, encompassing targeted surveillance and information-gathering techniques that early hacking stars such as Kevin Mitnick mastered (and went on to write about), down to the ubiquitous phishing and spam email message.
“The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.”
This release adds new Metasploit-based client-side attacks (4 in total), many optimizations on the SET web server including proper threading to make it run faster as well as an overall of optimizations through the entire code base. The next version 1.2 will be an overhaul of function calls and centralization of modules to allow easier additions for third party contributions.
Also added in this release is a new set_config option that will automatically disable the auto redirection on the Java Applet so in examples with Multi-Attack where you use Java Applet + Credential Harvester it will now only redirect once the credential harvester is executed. This is especially useful when you get your payload execution and harvest credentials all within one attack.
Lastly, another great option is I’ve added UPX support for the Java Applet and Payload Generator attacks. In the set_config is a new option called “UPX_ENCODE=ON”, this is on by default and checks to see if UPX is in the default Back|Track path. If it’s not it will automatically disable the UPX packing, otherwise it will automatically pack the executable with the UPX packer. You can turn this off in the set_config by specifying UPX_ENCODE=OFF. Enjoy the latest version of SET, there is more to come with the next 1.2 release which is currently under development.
To get The Social Engineering Toolkit v1.1 you can find it over here.
make sure you subscribe to my RSS feed!