Social Engineer Toolkit(SET) 3.4! released

The Social Engineer Toolkit (SET) has been updated

“The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to armpenetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social EngineerToolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.”

Change log for Social Engineer Toolkit:

Implemented Social Engineer Toolkit debugging (turned it all on). This should allow developers and users to troubleshoot while watching SET navigate it’s ‘roadmap’…without setting up a third party debugger.

Debugging functions streamlined down into 1 in setcore.

Debugging levels increased to 6.

Began implementation of user input validation-validating web site, IP, ports, yes/no responses in ratte modules first. Fixes a bug where SET attempts to continue without a required parameter.

Added the ability to select a list of IP addresses for SQL servers and import them into Fast-Track versus CIDR notations or IP addresses – can do all three now

Streamlined the Fast-Track MSSQL bruting through multithreading – ability to attack multiple SQL servers faster

better obfuscation on SET interactive shell

better obfuscation on Social Engineer Toolkit HTTP shell

added the ability to the Java Applet to write out a logfile that can be used for the IP address and port – this will be used lateron for multiple other attacks

fixed a bug with open relays and no username and password prompt, it would issue AUTH command which is not needed – thanks Justin Alcorn!

added better obfuscation on the set interactive shell and now includes a read-in logfile so you don’t need to pass parameters to it — will be used later

recompiled the Social Engineer Toolkit HTTP shell with some new functionality and features

Cleaned up Translation for RATTE-Server Interface

Updated Main Menu

Changed ownership of Social Engineer Toolkit to TrustedSec, LLC – Don’t worry everyone its still free and nothing has changed AT ALL!

Added the MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption exploit from Metasploit

Added the Microsoft XML Core Services MSXML Uninitialized Memory Corruption exploit from Metasploit

Added the MYSQL Authentication Bypass Exploit into Fast-Track

Added the F5 Root Authentication Bypass exploit into Fast-Track

Added the Adobe Flash Player Object Type Confusion exploit from Metasploit

Fixed a bug during payload creation that could cause a list index exception.

Minor performance enhancements

This new version adds much better obfuscation and handling around payloads, a number of new exploits added to Fast-Track as well as Metasploit browser exploits. There is also a new version of RATTE that has been incorporated into Social Engineer Toolkit. Bug fixes, performance enhancements, new features are all apart of this release.

The Social-Engineer Toolkit will now be developed through TrustedSec but still 100% open-source and free.

Download Social Engineer Toolkit 3.3:

svn co http://svn.secmaniac.com/social_engineering_toolkit set/

Download the tarball (set.tar.gz) -

http://www.secmaniac.com/files/set.tar.gz
Our previous post regarding SET -
http://santoshdudhade.blogspot.in/2012/05/social-engineer-toolkit-set-33-released.html