Secmaniac released Social-Engineering Toolkit Version 2.0

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.

This is the official change log:

  • Removed un-needed assignment in core around create random string
  • Added the Binary2Teensy option in the Teensy menu, this will allow you to create a payload and inject alphanumeric shellcode through shellcodeexec in a new technique released at BSIDESLV
  • Changed the path of metasploit to be /opt/msf3/framework3 versus /pentest/exploits/framework3
  • Added the ability for multiple payloads in binary2teensy attack
  • Added the ability to leverage the SDCard mounted Teensy device with payload generation without mounting the SDCard to the victim machine
  • Fixed a bug where webattack_email turned on would not trigger based on a wrong path
  • Updated the phishing attacks in the infectious media site and phishing site in the web GUI interface
  • Updated the Wireless Access Point Attack to choose the monitor interface that is most recently created
  • Changed the menu output, this is the first of many changes on how the menu interacts
  • Added an X10 Sniffer into the Arduino based attack vectors
  • Added an X10 Jammer into the Arduino based attack vectors
  • Changed the menu option to reflect Arduino based attack vector versus Teensy
  • Added a starttls check for authentication around sendmail
  • Fixed a bug in mass mailer that would cause gmail to be set versus smtp relay
  • Added the SD2Teensy OSX attack vector which targets OSX machines by dumping from the converts.txt storage drive on the teensy
  • Added additional exploits into client-side attacks for the browser exploits
  • Added additional exploits into the spear-phishing attacks