Social-Engineer Toolkit (SET) 4.1.3 Released

TrustedSec Release the latest version of Social-Engineer Toolkit (SET) as 4.1.3. As most of us know that, It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing.

It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

Change version 4.1.3:

* Added multiple checks when importing file, no longer exits the entire application

Download Social Engineer Toolkit 4.1.3:

svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit version 4.1 released

The Social Engineering Toolkit (SET) updated to version 4.1 . It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

Toolkit change log

• Removed the Java Exploit from being built into the Java Applet. Being detected by to many AV vendors.
• Added core libraries to the scraper, needed for check_config and apache mode checks
• Added check for apache mode within harvester, will move new php customize script to apache directory and extract under different directory
• Rewrote new check mechanism in scraper for config checks and cleaned up code
• Fixed a bug that would cause the verified signature import to error out when selecting number 9 in the web attack menu
• Added a custom php script into harvester that allows you to check harvested credentials through apache
• Added compatibility with multiattack and apache mode for credential harvester and java applet combined
• Fixed the allports payload, really buggy at first with powershell injection, got it more stable
• Added better stability for the credential harvester to handle exceptions when being passed certain pieces of data including null connections
• Added better stability on the multiattack credential harvester php and applet attack
• Fixed a bug that would cause payload selection to not work correctly when using pyInjector
• Added so the peensy attack will prompt for an IP address and rewrite the pde file for the appropriate IP addresses
• Added datetime on teensy devices so they don’t overwrite the teensy.pde files anymore
• Added better encoding into the java applet attack vector
• Added better packing and encryption on the pyinjector attack, loads super fast now when executing applet
• Added better reliability in the Java Applet
• Even more improved load times for the Java Applet and executable execution
• Added anti debugger and encryption to the initial staged downloader which is used for fast loading of payloads

Download Social Engineer Toolkit 4.0:

svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit 4.0 Released

Social Engineer Toolkit or SET updated to V4.0 . The latest version code named is “Balls of Steel.” The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing.

It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

In New version the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. Additionally, all of the payloads have been heavily encrypted with a number of heavy anti-debugging tools.

The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder).

.

Download Social Engineer Toolkit 4.0:
svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

PwnSTAR 0.7 - bash script to launch a Soft AP with various attacks

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts. It Can act as multi-client captive portal using php and iptables. Launches classic exploits such as evil-PDF.

New Features in PwnSTAR V0.6:

• advanced menu (big plans for filling this over time)
• captive portal using iptables and php:
• accepts/denies based on MAC
• can track multiple clients (your hardware permitting!)
• writes sslstrip iptables rules per client/MAC

General Features :

• manage interfaces and MACspoofing
• set up sniffing
• serve up phishing or malicious web pages
• launch karmetasploit
• grab WPA handshakes
• de-auth clients
• manage IPtables

Download PwnSTAR 0.7

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Android Network Spoofer - Pwn WiFi Networks

Developed by Digitalsquid, Network Spoofer is a powerful networking app for Android devices that lets you spoof people on your network. It comes with over a dozen “hacks” such as redirecting all websites to your chosen URL, redirect all YouTube videos to the famous Never Gonna Give You Up music video, blur all images on websites, flip images, change all images on a website to a troll face etc.

Network Spoofer lets you change websites on other people’s computers from an Android phone. After downloading simply log onto a Wifi network, choose a spoof to use and press start.Please note that there is no intention for Network Spoofer to include any malicious features. This application is a fun demonstration of how vulnerable home networks are to simple attacks, with permission of the network owner - DO NOT attempt to use Network Spoofer on any corporate or other non-residential networks (eg. at school, university). It becomes very obvious when Network Spoofer is being used on a Network, and use of Network Spoofer will be considered malicious hacking by network administrators.

Download Network Spoofer or Android Market

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Ghost-phisher - GUI suite for phishing and penetration attacks

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database.

The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks.

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
       dpkg -i ghost-phisher_1.3_all.deb

To get the source code for this project from SVN, here's the checkout link:
      svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit 3.3 Released

The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineeringpenetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. SET leverages multiple attackvectors that take advantage of the human element of security in an effort to target attackers.

Official change log for Social Engineer Toolkit:

• Added new menu powershell attack vectors  will be used for powershell based attacks
• Added new payload powerdump to the powershell attack vectors
• Added new payload bind shell to the powershell attack vectors
• Added new payload powershell shellcode injection to the powershell attack vectors
• New core routine added for powershell_convert (powershell_command) which will do all the proper unicode + base64 encoding needed for powershell -EncodedCommand bypass
• New core routine added powershell_generate_payload(payload,ipaddr,port,powershell_command). This will create the necessary alphanumeric shellcode needed through metasploit in order to successfully create the powershell injection attack
• Added ms12-027 to the spear phishing attack vectors – MSCOMCTL ActiveX Buffer Overflow (from Metasploit)
• Added new payload reverse shell to powershell attack vectors
• Fixed a bug in Metasploit browser exploits where the numbers were off and would not properly parse the exploit (thanks for the report Dale Pearson)
• Added a pause when using the Apache menu so it doesn’t automatically exit
• Added a pause when something is on port 80 for credential harvester to display the error message
• Added a new phishing template provided by chap0, thanks for the contribution!
• Fixed a wording issue within Fast-Track exploit selection, it was asking for a nmap range, it should read which exploit do you want
• Added the Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit exploit by muts into Fast-Track
• Added the RDP use after free DoS into Social Engineer Toolkit in the Fast-Track custom exploits section
• Added new subroutine for powershell conversion
• Added automatic convert for powershell alphanumeric shellcode to automatically encode the commands
• Added the menu system for the new powershell menu
• Added ability to leverage msf payloads in the alphnaumeric shellcode
• Added metasploit listener option for the powershell attack
• Added a new native python socket listener for a standard reverse shell routine in setcore socket_listener(port)
• Added powershell bind shell into the new powershell interpreter attack vector
• Added new core routine for powershell alphanumeric injection and conversion with msfvenom
• Added functionality through powershell.py to dynamically generate payloads and inject through powershell
• Removed large portion of prep.py and centralized through setcore routines
• Added powershell powerdump to the attack vectors for powershell attacks
• Fixed a bug that would prompt twice for an IP address in the new powershell attack

Download Social Engineer Toolkit 3.3

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email