Showing posts with label Social Engineer Toolkit. Show all posts
Showing posts with label Social Engineer Toolkit. Show all posts
The Social-Engineer Toolkit (SET) v4.7 released
Change log for version 4.7
- removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
- began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
- moved all port.options to the central routine file set.options
- moved all ipaddr.file to the central routine file set.options
- changed spacing on when launching the SET web server
- changed the wording to reflect what operating systems this was tested on versus browsers
- removed an un-needed print option1 within smtp_web that was reflecting a message back to user
- added the updated java bean jmx exploit that was updated in Metasploit
- added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
- added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
- enabled multi-pyinjection through java applet attack vector, it is configured through set config
- removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
- fixed a bug that would cause linux and osx payloads to be selected even when disabled
- fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
- added automatic check for Kali Linux to detect the default moved Metasploit path
- removed a tail comma from the new multi injector which was causing it to error out
- added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
- added new check to remove duplicates into multi powershell injection
- made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
- added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
- rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
- added signed and unsigned jar files to the java applet attack vector
- removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
- fixed a payload duplication issue in create_payload.py, will now check to see if port is there
- removed a pefile check unless backdoored executable is in use
- turned digital signature stealing from a pefile to off in the set_config file
- converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly
It can also be downloaded through github using the following command:
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Social-Engineer Toolkit (SET) 4.1.3 Released
Labels:
Hacking Tools,
Metasploit,
Network Hacking,
penetration testing,
Scanners,
Social Engineer Toolkit,
Social Engineering,
TrustedSec,
Vulnerability Assessment,
vulnerability scanner
TrustedSec Release the latest version of Social-Engineer Toolkit (SET) as 4.1.3. As most of us know that, It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing.
It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.
Change version 4.1.3:
* Added multiple checks when importing file, no longer exits the entire application
Download Social Engineer Toolkit 4.1.3:
svn co http://svn.trustedsec.com/social_engineering_toolkit set/
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Social Engineer Toolkit version 4.1 released
Labels:
Linux,
penetration testing,
Scanners,
Social Engineer Toolkit,
Social Engineering,
Vulnerability Assessment,
vulnerability scanner,
Wi-Fi Hacking
The Social Engineering Toolkit (SET) updated to version 4.1 . It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.
Toolkit change log
- Removed the Java Exploit from being built into the Java Applet. Being detected by to many AV vendors.
- Added core libraries to the scraper, needed for check_config and apache mode checks
- Added check for apache mode within harvester, will move new php customize script to apache directory and extract under different directory
- Rewrote new check mechanism in scraper for config checks and cleaned up code
- Fixed a bug that would cause the verified signature import to error out when selecting number 9 in the web attack menu
- Added a custom php script into harvester that allows you to check harvested credentials through apache
- Added compatibility with multiattack and apache mode for credential harvester and java applet combined
- Fixed the allports payload, really buggy at first with powershell injection, got it more stable
- Added better stability for the credential harvester to handle exceptions when being passed certain pieces of data including null connections
- Added better stability on the multiattack credential harvester php and applet attack
- Fixed a bug that would cause payload selection to not work correctly when using pyInjector
- Added so the peensy attack will prompt for an IP address and rewrite the pde file for the appropriate IP addresses
- Added datetime on teensy devices so they don’t overwrite the teensy.pde files anymore
- Added better encoding into the java applet attack vector
- Added better packing and encryption on the pyinjector attack, loads super fast now when executing applet
- Added better reliability in the Java Applet
- Even more improved load times for the Java Applet and executable execution
- Added anti debugger and encryption to the initial staged downloader which is used for fast loading of payloads
Download Social Engineer Toolkit 4.0:
svn co http://svn.trustedsec.com/social_engineering_toolkit set/
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Subscribe to:
Posts (Atom)