The Social-Engineer Toolkit (SET) v1.3.5 Released
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
This is a major release and about 4 months of straight development that adds a ton of new features. For a list of changes, check out the previous blog post which has them listed and check out the new teaser video! This has a number of changes to highlight a couple of the major, a completely custom interactive SET shell and RATTE a HTTP tunneling blowfish encrypted payload. Also a new attack vector including the wireless attack vector which will setup a rogue access point, spoof DNS, and launch the different SET attack vectors. Have fun and enjoy!
- Fixed a bug where create payload and listener wouldn’t work for the new SET interactive shell or RATTE
- Updated the SET User Manual for version 1.3.5
- Fixed the core.log(error) core library to properly log potential errors within SET
- Updated the SET interactive listener to hold over nearly unlimited connections versus the 30 it was initially limited to
- Turned the Java Repeater off by default, still a bit buggy, feel free to turn on if you want it
- Added an automatic selection for the Sun Java Applet2ClassLoader Remote Code Execution to select java meterpreter since it is specific to the java meterpreter as a payload selection
- Fixed alignment issues in the Metasploit attack vectors