The Social-Engineer Toolkit, better known as SET, is a set of tools specifically designed for social engineering attacks on security auditing processes, is programmed in Python by David Kennedy (ReL1K), who recently released its version 1.0 with great changes and for this reason, we decided it was time to dedicate an article to this excellent tool within our community.
El kit de herramientas sociales-Ingeniero, más conocido como SET, es un conjunto de herramientas diseñadas específicamente para el desarrollo sociallos ataques de ingeniería en los procesos de auditoría de seguridad, está programado en Python por David Kennedy (ReL1K), que recientemente lanzó su versión 1.0 con grandes cambios
Starting The Social-Engineer Toolkit
SET is cross platform, and only need to have installed the Python interpreter to run and run with. / Python set or set in the folder where you have saved (the units do not have, the download automatically).
Phishing System at The Social-Engineer Toolkit
The creation of phishing system at the SET is quite complete, we can automatically generate a fake site with which to deceive the recipient or send send bulk emails with malicious attachments that allow remote access to your machine.
Attack Vector Web at The Social-Engineer Toolkit
SET also allows users to auto-attack to enter (through social engineering) to an address you specify your (now do this is much easier thanks to the shortening of addresses), SET is responsible for the server and make up the attack that specify (a java applet, multiple attacks, or tabnabbing among others ...) that will return a shell on the victim machine.
Infected Media Creation at The Social-Engineer Toolkit
Creates a file that connects remotely to our machine, offering a system shell and runs on the remote computer by introducing a memory / USB hard drive or a DVD / CD exploiting the "autorun" of windows.
Generate executable Payload at The Social-Engineer Toolkit
SET also allows (with the help of metasploit framework) to generate an executable to connect remotely to your machine, once you open on the victim machine, allowing us to set up a large quantity of shells, including the famous meterpreter, windows blind shells, remote shells and all this at 32 and 64bit processors
Ataques por Correo en The Social-Engineer Toolkit
En esta completa suite para hacer ataques de ingeniería social, se incluye una sección especialmente dedicada al correo electrónico, permitiendo enviar correos falsos o desde una cuenta gmail, a una o muchas personas.
Custom device attacks in The Social-Engineer Toolkit
Teensy devices are those devices in which the tablet was used in its preparation programmable Teensy, being highly customizable and programmable can be used in processes such as safety audits and has shown us in the defcon IronGeek SET 18 and give us the task to program these devices offer routines that connecting this device we could put off an external application or admission to a specific site and accept a Java applet, infected in the process.
Faking text messages in The Social-Engineer Toolkit
One of the most efficient attack vectors that we have access to the SET, is to send SMS (text messages) false, with which we can replace the phone number that sends the message, the recipient into thinking that actually person is who he has written, also includes an option to send bulk SMS, so we could send the message to a larger number of recipients without problem (the ability to send picture outside the United States depends on the availability of service by providing companies Soho, Lleida.net, SMSGANG).
Updating Metasploit and The Social-Engineer Toolkit
The SET is linked strongly to the Metasploit Framework, as many of its features taken out of this, therefore includes the ability to upgrade from its own interface and includes an updater for the same (recommended that you do every time you start the program .)
The web interface of The Social-Engineer Toolkit
In version 1.0 of the SET has an integrated web interface to launch all types of attack mentioned above, to start this interface, just run. / Python set-set-web or web.
Open the address xxx.xxx: xxxxx in your browser and the graphical interface will appear in the SET, where we can launch any of their attacks
Downloads : http://www.secmaniac.com/download/
SET Official Website http://www.social-engineer.org/
Official Manual SET http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29
Manual SET in the Metasploit Unleashed http://www.offensive-security.com/metasploit-unleashed/SET
