The Hacker News Logo
Subscribe to Newsletter

The Social-Engineer Toolkit v1.5 Released

The Social-Engineer Toolkit v1.5 Released
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Official change log:

  • Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
  • Added shell to support Linux/OSX for SET Interactive Shell
  • Added download to support Linux/OSX for SET Interactive Shell
  • Added upload to support Linux/OSX for SET Interactive Shell
  • Added ps to support Linux/OSX for SET Interactive Shell
  • Added kill to support Linux/OSX for SET Interative Shell
  • Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
  • Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
  • Added better integer handling when running listener.py by itself without specifying a port
  • Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
  • Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
  • Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
  • Added reboot now into the SET interactive Shell
  • Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
  • Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
  • Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
  • Added dynamic packing to download/upload for persistence, better AV avoidance
  • Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
  • Added ‘clear’ and ‘cls’ in the SET Interactive Menu to remove whats in the screen, etc.
  • When using the java docbase exploit, removed ‘Client Login’ for title frame, isn’t needed
  • Added back command to the SET interactive shell to go back when in different menus
  • Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added

Download The Social Engineering Toolkit v1.5

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.