Tools no image

Published on December 9th, 2011 | by MaxiSoler


Social-Engineer Toolkit v2.5 released (Rippin and Tearin)

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.

Changelog v2.5

  • rehaul of site cloner, it now injects into body properly and leverages unc, redirection, and others properly
  • redid a few options on repeater.database, unc.database to make more streamline
  • fixed bugs with java repeater
  • added more granularity around how repeater operates and functions when on different webpages
  • added ability to inject into tags first and if not found then it injects into tags
  • added ability to render even when flag is being used versus
  • added more stability to the Java Applet.jar and backup routine for redirect to websites
  • bug fix in website cloner
  • rewrote portions of java applet to gain more stability around java repeater as a fallback
  • added better handling around unc database and fixed a bug when in the wrong loop within cloner.py
  • established a baseline fallback for java applet

Tags: , , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑