The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. Let’s dive into the menu and do a brief walkthrough of each attack vector.
This is an extremely complete and advanced toolkit, which also harnessed the power of Metasploit and Ettercap and it provides following attack vectors:
- Spear-Phishing Attack Vector
- Java Applet Attack Vector
- Metasploit Browser Exploit Method
- Credential Harvester Attack Method
- Tabnabbing Attack Method
- Man Left in the Middle Attack Method
- Web Jacking Attack Method
- Multi-Attack Web Vector
- Infectious Media Generator
- Teensy USB HID Attack Vector
Social Engineering Resources
You can download SET using SVN.
svn co http://svn.secmaniac.com/social_engineering_toolkit set/
0 comments:
Post a Comment