Penetration testers favorite tool – Social Engineer Toolkit (SET)

http://svn.thepentest.com/social_engineering_toolkit/

 

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.

 

The SET is designed to make complex social engineering tasks relatively simple for you by allowing you to utilize
a robust framework for penetration tests. This tool was designed to be released around the same time as the release for the Social Engineering Framework campaign.

Computer Based Social Engineering Tools: Social Engineer Toolkit (SET) works with metasploit and basicaly targets on automatic mail and website attack.

The beauty with the current version of SET is it does not require any external python modules. If you notice, the overall format of SET is very similar to that of Fast-Track’s interactive menu. This was intentional as it will probably become a module in Fast-Track eventually. In the soon to be released Metasploit Framework Unleashed Course by Offensive Security there will be a whole module on how to use this awesome tool. It will cover both email and web attack how-to’s.

Check out Video tutorial about sending malicious e-mails with the help of metasploit here.

Download Social Engineer Toolkit here.