Before performing the steps below, be sure to install subversion
before installing the selected tools. Subversion is simply a source
version repository that allows you to keep up to date with any
modifications or changes to SET.
The Social-Engineering Toolkit (SET) is a python-driven suite of
custom tools which solely focuses on attacking the human element of
pentesting. It’s main purpose is to augment and simulate
social-engineering attacks and allow the tester to effectively test how a
targeted attack may succeed. Currently SET has two main methods of
attack, one is utilizing Metasploit payloads and Java-based attacks by
setting up a malicious website (which you can clone whatever one you
want) that ultimately delivers your payload. The second method is
through file-format bugs and e-mail phishing. The second method supports
your own open-mail relay, a customized sendmail open-relay, or Gmail
integration to deliver your payloads through e-mail. The goal of SET is
to bring awareness to the often forgotten attack vector of
social-engineering.
To download the Social-Engineer Toolkit, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Or you can download the tarball here: Download here
To download Fast-Track, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/fasttrack fasttrack/
- Metasploit Modules released at Blackhat and Defcon – Download here
- PowerShell Samples released at Blackhat and Defcon – Download here
- Download the SET Desktop Background – Background download
- Meterpreter script for Bypassing Windows 7 UAC unpatched as of Dec 31 – BypassUAC