Search This Blog

The Social-Engineer Toolkit (SET) v2.3 “Eclipse” released by SecManiac

SecManiac released The Social-Engineer Toolkit (SET) v2.3 with code name "Eclipse".  It is open source tool , written in python, solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

The SET is designed to make complex social engineering tasks relatively simple for you by allowing you to utilize a robust framework for penetration tests.

The official Changelog below:

version 2.3
  •  fixed a bug that would not load the menus properly when loading SET (bad return placement)
  •  fixed an annoying bug that has been around for a number of versions, finally tracked down..some occasions where it would show “Moving payload to website”, you couldn’t control-c out to exit and would have to close the console window. This has been resolved.
  •  rewrote shellcodeexec again to evade AV
  •  added the shellcodeexec.c modified source code
  •  removed improper way to mask error messages through 1> /dev/null and 2> /dev/null, pipe information through subprocess.PIPE instead
  •  fixed a bug in fast-track with the mssql bruter where if using the SET interactive shell, it wouldn’t spawn the HTTP server properly due to to site.template and attack.vector files not being found. Added better granularity on detecting files and setting defaults if its not found
  •  adjusted the repeater time to 2 seconds versus 3
  •  added additional passwords found in pentests to the wordlist
  •  removed excess code from setcore
  •  moved Signed_Update.jar that is generated through Java Applet attack it now goes through src/program_junk versus src/html
  •  rewrote large portions of SET to place cloned websites and files under src/program_junk/web_clone versus src/webattack/web_clone/site/template
  • added new config option for OSX/LINUX payload ports and removed the automatic prompt after generating metasploit payload if you want to target OSX/Linux. It will automatically target Linux/OSX and removes another prompt in setting everything up
  • added additional stability to powershell injection, it is now enabled by default. If powershell is injected, it will send a payload straight through memory versus touching disk. Note that you may get two shells back. This is intentional as its a failsafe if the one method fails through powershell. So regardless, if the powershell injection fails to compromise, the backup dropper will still execute
  • bug fix in where it would throw an error about not finding the proper payload in the fasttrack mssql bruter
Share it:

Hacking Tools

PenTesting Tools

Social Engineering Tools

Software Release