The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. Let’s dive into the menu and do a brief walkthrough of each attack vector.
- Spear-Phishing Attack Vector
- Java Applet Attack Vector
- Metasploit Browser Exploit Method
- Credential Harvester Attack Method
- Tabnabbing Attack Method
- Man Left in the Middle Attack Method
- Web Jacking Attack Method
- Multi-Attack Web Vector
- Infectious Media Generator
- Teensy USB HID Attack Vector
You can find some tutorials and videos on how to get up and running and use SET here:
You can download SET using SVN.
svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Or read more here.