Social-Engineer Toolkit v2.5 released (Rippin and Tearin)

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.

Changelog v2.5

rehaul of site cloner, it now injects into body properly and leverages unc, redirection, and others properly
redid a few options on repeater.database, unc.database to make more streamline
fixed bugs with java repeater
added more granularity around how repeater operates and functions when on different webpages
added ability to inject into tags first and if not found then it injects into tags
added ability to render even when flag is being used versus
added more stability to the Java Applet.jar and backup routine for redirect to websites
bug fix in website cloner
rewrote portions of java applet to gain more stability around java repeater as a fallback
added better handling around unc database and fixed a bug when in the wrong loop within cloner.py
established a baseline fallback for java applet