The Social-Engineer Toolkit v1.5 Released
The Hacker News
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Official change log:

  • Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
  • Added shell to support Linux/OSX for SET Interactive Shell
  • Added download to support Linux/OSX for SET Interactive Shell
  • Added upload to support Linux/OSX for SET Interactive Shell
  • Added ps to support Linux/OSX for SET Interactive Shell
  • Added kill to support Linux/OSX for SET Interative Shell
  • Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
  • Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
  • Added better integer handling when running listener.py by itself without specifying a port
  • Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
  • Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
  • Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
  • Added reboot now into the SET interactive Shell
  • Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
  • Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
  • Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
  • Added dynamic packing to download/upload for persistence, better AV avoidance
  • Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
  • Added 'clear' and 'cls' in the SET Interactive Menu to remove whats in the screen, etc.
  • When using the java docbase exploit, removed 'Client Login' for title frame, isn't needed
  • Added back command to the SET interactive shell to go back when in different menus
  • Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added

Download The Social Engineering Toolkit v1.5

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.