Published on August 10th, 2012 | by NJ Ouchn


The Social-Engineer Toolkit (SET) v3.6 available

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 9 months since its release,“Metasploit: The Penetrations Testers Guide” written by TrustedSec’s President and CEO.

SET is included in the latest version of the most popular Linux distribution focused on security, Back|Track. It can also be downloaded through subversion using the following command:

svn co http://svn.trustedsec.com/social_engineering_toolkit set/


* adds the new SCCM attack vector to the social-engineer toolkit – allows you to patch SCCM servers to deploy backdoors
* updated the web gui interface to add updates to exploits
* fixed a menu bug in the web interface that would repeater numbers
* added the MSCOMCTL ActiveX Buffer Overflow (ms12-027) exploit to the web interface
* added the shellcodeexec alphanumeric shellcode paylaod to the web interface
* added Java Applet Field Bytecode Verifier Cache Remote Code Execution to the web interface
* added MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption to the web interface
* added Microsoft XML Core Services MSXML Uninitialized Memory Corruption to the web interface
* added Adobe Flash Player Object Type Confusion to the web interface
* fixed a menu bug that would not allow you to return to the previous menu in the java applet
* fixed a bug that would cause the multiattack metasploit, java applet, and cred harvester to not work on the right ports and raise a exceptions
* added background listener to credential harvester and multiattack — allows credential harvester to continue to run even if metapsloit has been exited
* fixed a bug that would still flag any website as cloned successfully. The new code fixes that by checking to ensure the site was properly cloned.
* fixed a cloning web bug that would error out then continue with payload selection
* added a cleanup routine to the web cloner for post completion on the cloner, this fixes a repetitive issue when launching multiple attacks in the menu system

Get it

svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Tags: , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑