Published on February 9th, 2016 📆 | 7808 Views ⚑0
The Social-Engineer Toolkit (SET) version 7.0
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET has quickly became a standard tool in a penetration testers arsenal. SET is written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be focused attacks against a person or organization used during a penetration test.
SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target.
The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.
The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 12 months since its release, “Metasploit: The Penetrations Tester’s Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.
The Social-Engineer Toolkit Supported platforms
- Windows (experimental)
The next major revision of The Social-Engineer Toolkit (SET) v7.0 has just been released.
SET version 7.0 [Changes]
- fixed an issue that would cause payload creation to halt if .msf5 was a path instead of .msf4
- fixed an issue when reimporting modules or re-selecting options that would cause it to not work properly
- updated config option to use most recent user agent string
- massive re-haul for pep8
- massive re-haul for python3
- added more words to mssql wordlist
- major refactoring of python codebase to support both python2 and python3
- restructured HTA attack vector and improved codebase to redirect after 3 seconds to the legitimate website while still launching the HTA file, this makes it very easy to coax victim into beleiving the HTA they are running is from a legitimate link
- rewrote alphanumeric shellcode injector to be python3 compliant and optimized
- added module_rewrite function instead of reload() for python3
- added Metasploit MS15-100 Microsoft Windows Media Center MCL Vulnerability to fileformat attacks
- added Fedora automatic install thanks to whoismath PR