The Social Engineer Toolkit (SET) has been updated to version 1.0! We wrote about the Social Engineer's Toolkit in our old post here. This release is called the Devolution Release.
"The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed."
This is the huge changelog for this version:
* Added the new set-automate functionality which will allow you to use SET answer files to automate setting up the toolkit
* Added bridge mode to Ettercap if you want to utilize that capability within Ettercap
* Fixed an issue where multiple meterpreter shells would spawn on a website with multiple HEAD sections in the HTML site
* Added the Metasploit Browser Autopwn functionality into the Metasploit Attack Vector section
* Fixed the dates on DerbyCon, suppose to be September 30 – Oct 2 2011 instead of Septemeber 29 – Oct 2 2011
* Added the ability to utilize templates or import your own websites when using credential harvester, tabnabbing, or webjacking
* Fixed an integer error issue with Java Applet when exiting SET
* Changed the timing for the wscript payload from 15 seconds to 10 seconds to minimize delay
* Added a custom written DLL for SET and the DLL Hijacking, user has to extract the zip file for it to work properly
* Redid the report templates for credential harvester to reflect the new look for secmaniac.com
* Removed the modified calc.exe and replaced with a modified version of putty.exe to get better AV detection
* Redid the dll hijacking attack to include rar and zip files, rar is better to use winzip compatible and will execute
* Added an additional dll hijacking dll that will be used for the main attack, uses a purely C++ native method for downloading and executing payloads
* Fixed the defaulting application for the Client-Side attack vector, it was defaulting to PDF when it should be an IE exploit
* Fixed a bug where hitting enter at the web attack vector would cause an integer base 10 error message
* Added the Adobe Shockwave browser exploit that I wrote for the Metasploit Framework.
* Moved all of the SET menu mode source to main/set.py, the main set loader is just a small import now. More clean.
* Changed some spacing issues in the client-side attack vectors
* In spear-phishing, cleaned up excess messages being presented back to the user when PDF was created or files were moved
* Fixed a bug in the web cloner where certain ASPX sites wouldn't clone and register properly, thanks for the patch Craig! Added you to credits.
* Added the SMS attack vector which can spoof SMS messages to a victim, it will be useful in nature if you want them to click a link or go somewhere you have a malicious site. Thanks to the TB-Security.com for the addition.
* Added the Metasploit Sun Java Runtime New Plugin docbase Buffer Overflow universal client side attack
* Added the parameter for the java applet called separate_jvm, this will spawn a new jvm instance so cache does not need to be cleaned
* Fixed a bug where the SET Python web server would not properly shut down in certain circumstances
* Added a repeatitive refresh flash for the java applet, so if a user hits cancel, it will prompt over and over until run is hit. Better way of getting the user to hit run.
* Added the configuration option to turn off the java repeater, so if your using something like multi-attack you can specify so it doesn't keep nagging the user if you want multiple attack vectors
* Fixed a bug where spear phishing attack would not spawn meterpreter listener when yes was specified, this was caused by the new dll hijacking addition.
* Added better connection handling through the spear-phishing and gmail integration, it wasn't properly closing the connection per request
* Fixed bug where using infectious media and file format would prompt you to use the spear-phishing mailer option afterwards, it no longer prompts for that during infectious media creation
* Removed the option to include how many times to include, automatically defaults to 4, option is configurable in set_config now
* Added the Metasploit Adobe FlashPlayer "Button" Remote Code Execution exploit to the spear-phishing/file format attack vectors
* Added the ability to hit enter on yes or no payload selection default to the infectious usb method, enter would just return you to the menu, it now spawns a listener
* Removed the return to continue prompt in the Teensy HID USB attack vector, it wasn't needed and added additional steos
* Added the new SET web interface, it primarily utilizes the new set-automate functionality based on responses for a payload, will improve as time goes on
* Added the reverse DNS meterpreter payload to both client-side attacks as well as payload generators for things like Java Applet, Teensy, attacks, etc.
* Fixed an issue where the Adobe 'Button' exploit was not properly loading and exporting the PDF through Metasploit
* Added the Internet Explorer CSS Tags Memory Corruption exploit to the Metasploit Client-Side attack vector through web attack.
* Fixed a large bug within mass mailer, if you were using Google Mail with multiple targets, there was a mis-matched counter that would only send one email, not to the rest of the list. It now functions correctly
* Fixed a bug where if you turned sendmail to off and you used open mail relays, the email wouldn't be delivered properly. It now sends as expected
* Added javascript replacement of the ipaddress under name in Java Applet, this is configurable under set_config, it defaults now to Secure Java Applet instead of your IP Address (more believable)
* Added the ability to change the bind interface for the command center. By default its on localhost only, but you can configure to listen on all interfaces and hit the web interface remotely.
* Updated the SET User Manual to reflect the changes of version 1.0, it incorporates the web interface, set-automate, SMS spoofing, new configuration options, and much more.
* Fixed a bug where you would leave SET or still be in and a stale HTTP web server process would still be there. SET now checks to see if the process is stale and terminates it.
* Added the ability to toggle different shell terminal windows within the command-center. For example you can select XTERM, KONSOLE, SOLO, and GNOME through the set_config. XTERM will be the default.
So, as you can see, this version fixes a lot of bugs and adds several key components including new attack vectors, a web GUI interface, a way to automate SET behavior, and a slew of bug fixes.
Download The Social Engineering Toolkit v1.0 here.
"The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed."
This is the huge changelog for this version:
* Added the new set-automate functionality which will allow you to use SET answer files to automate setting up the toolkit
* Added bridge mode to Ettercap if you want to utilize that capability within Ettercap
* Fixed an issue where multiple meterpreter shells would spawn on a website with multiple HEAD sections in the HTML site
* Added the Metasploit Browser Autopwn functionality into the Metasploit Attack Vector section
* Fixed the dates on DerbyCon, suppose to be September 30 – Oct 2 2011 instead of Septemeber 29 – Oct 2 2011
* Added the ability to utilize templates or import your own websites when using credential harvester, tabnabbing, or webjacking
* Fixed an integer error issue with Java Applet when exiting SET
* Changed the timing for the wscript payload from 15 seconds to 10 seconds to minimize delay
* Added a custom written DLL for SET and the DLL Hijacking, user has to extract the zip file for it to work properly
* Redid the report templates for credential harvester to reflect the new look for secmaniac.com
* Removed the modified calc.exe and replaced with a modified version of putty.exe to get better AV detection
* Redid the dll hijacking attack to include rar and zip files, rar is better to use winzip compatible and will execute
* Added an additional dll hijacking dll that will be used for the main attack, uses a purely C++ native method for downloading and executing payloads
* Fixed the defaulting application for the Client-Side attack vector, it was defaulting to PDF when it should be an IE exploit
* Fixed a bug where hitting enter at the web attack vector would cause an integer base 10 error message
* Added the Adobe Shockwave browser exploit that I wrote for the Metasploit Framework.
* Moved all of the SET menu mode source to main/set.py, the main set loader is just a small import now. More clean.
* Changed some spacing issues in the client-side attack vectors
* In spear-phishing, cleaned up excess messages being presented back to the user when PDF was created or files were moved
* Fixed a bug in the web cloner where certain ASPX sites wouldn't clone and register properly, thanks for the patch Craig! Added you to credits.
* Added the SMS attack vector which can spoof SMS messages to a victim, it will be useful in nature if you want them to click a link or go somewhere you have a malicious site. Thanks to the TB-Security.com for the addition.
* Added the Metasploit Sun Java Runtime New Plugin docbase Buffer Overflow universal client side attack
* Added the parameter for the java applet called separate_jvm, this will spawn a new jvm instance so cache does not need to be cleaned
* Fixed a bug where the SET Python web server would not properly shut down in certain circumstances
* Added a repeatitive refresh flash for the java applet, so if a user hits cancel, it will prompt over and over until run is hit. Better way of getting the user to hit run.
* Added the configuration option to turn off the java repeater, so if your using something like multi-attack you can specify so it doesn't keep nagging the user if you want multiple attack vectors
* Fixed a bug where spear phishing attack would not spawn meterpreter listener when yes was specified, this was caused by the new dll hijacking addition.
* Added better connection handling through the spear-phishing and gmail integration, it wasn't properly closing the connection per request
* Fixed bug where using infectious media and file format would prompt you to use the spear-phishing mailer option afterwards, it no longer prompts for that during infectious media creation
* Removed the option to include how many times to include, automatically defaults to 4, option is configurable in set_config now
* Added the Metasploit Adobe FlashPlayer "Button" Remote Code Execution exploit to the spear-phishing/file format attack vectors
* Added the ability to hit enter on yes or no payload selection default to the infectious usb method, enter would just return you to the menu, it now spawns a listener
* Removed the return to continue prompt in the Teensy HID USB attack vector, it wasn't needed and added additional steos
* Added the new SET web interface, it primarily utilizes the new set-automate functionality based on responses for a payload, will improve as time goes on
* Added the reverse DNS meterpreter payload to both client-side attacks as well as payload generators for things like Java Applet, Teensy, attacks, etc.
* Fixed an issue where the Adobe 'Button' exploit was not properly loading and exporting the PDF through Metasploit
* Added the Internet Explorer CSS Tags Memory Corruption exploit to the Metasploit Client-Side attack vector through web attack.
* Fixed a large bug within mass mailer, if you were using Google Mail with multiple targets, there was a mis-matched counter that would only send one email, not to the rest of the list. It now functions correctly
* Fixed a bug where if you turned sendmail to off and you used open mail relays, the email wouldn't be delivered properly. It now sends as expected
* Added javascript replacement of the ipaddress under name in Java Applet, this is configurable under set_config, it defaults now to Secure Java Applet instead of your IP Address (more believable)
* Added the ability to change the bind interface for the command center. By default its on localhost only, but you can configure to listen on all interfaces and hit the web interface remotely.
* Updated the SET User Manual to reflect the changes of version 1.0, it incorporates the web interface, set-automate, SMS spoofing, new configuration options, and much more.
* Fixed a bug where you would leave SET or still be in and a stale HTTP web server process would still be there. SET now checks to see if the process is stale and terminates it.
* Added the ability to toggle different shell terminal windows within the command-center. For example you can select XTERM, KONSOLE, SOLO, and GNOME through the set_config. XTERM will be the default.
So, as you can see, this version fixes a lot of bugs and adds several key components including new attack vectors, a web GUI interface, a way to automate SET behavior, and a slew of bug fixes.
Download The Social Engineering Toolkit v1.0 here.
