Welcome back my social engineers/hackatarians! Today we’ll be looking into a fantastic piece of software, The Social-Engineer Toolkit or just SET for short. SET is designed, Developed and used by several Social-engineers. So… Let’s get started!
– – Download SET – –
When you boot up SET you’ll see this screen:
Now we are able to pick one of the options listed above
- Social engineering attacks
- Fast-track penetration testing
The other options are not important. So what happens when we press 1 We’ll get this screen:
Now there are numerous of things here so let’s look into that!
- Spear-Phishing Attack Vectors
This tool allows you to send e-mails with a malicious file as payload.
- Website Attack Vectors
This tool allows you to create a malicious website link.
- Infectious Media Generator
This tool creates a payload and a .ini file for a usb,cd or dvd injection.
- Create a Payload and Listener
Straightforward just creates a .exe file and opens a listener.
- Mass Mailer Attack
This tool will send e-mails to the target.
- Arduino-Based Attack Vector
For use with a “teensy usb.”
- SMS Spoofing Attack Vector
With this tool you’ll be able to craft sms messages and send them.
- Wireless Access Point Attack Vector
Should be straightforward.
- QRCode Generator Attack Vector
Generates a QRCode to a specific URL.
- Powershell Attack Vectors
This will allow you to use Powershell exploits (powershell is available on windows vista and above.)
- Third Party Modules
Will allow you to browse for more add-ons.
Step 1: Getting Started!
I won’t create a whole tutorial about the different options available in SET because it’s just to much. Also SET is pretty straightforward. For example, in metasploit you’ll need to use set RHOST:xxx.xxx.xxx.xxx. SET just asks: What is the remote host? ==> xxx.xxx.xxx.xxx
So go ahead and try to social engineer someone, and I hope this helps.