The Social-Engineer Toolkit v1.5 Released
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.Official change log:
- Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
- Added shell to support Linux/OSX for SET Interactive Shell
- Added download to support Linux/OSX for SET Interactive Shell
- Added upload to support Linux/OSX for SET Interactive Shell
- Added ps to support Linux/OSX for SET Interactive Shell
- Added kill to support Linux/OSX for SET Interative Shell
- Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
- Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
- Added better integer handling when running listener.py by itself without specifying a port
- Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
- Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
- Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
- Added reboot now into the SET interactive Shell
- Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
- Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
- Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
- Added dynamic packing to download/upload for persistence, better AV avoidance
- Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
- Added 'clear' and 'cls' in the SET Interactive Menu to remove whats in the screen, etc.
- When using the java docbase exploit, removed 'Client Login' for title frame, isn't needed
- Added back command to the SET interactive shell to go back when in different menus
- Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added
Download The Social Engineering Toolkit v1.5