The social engineering toolkit (SET)
The social engineering toolkit (SET) is a suite of tools that allows you to focus on the human element while conducting penetration testing. The main purpose of the social engineering toolkit is to create social engineering attacks that you can use. The tool is a Python-driven tool that's currently supported on Linux. At the time of writing, it's under the experimental phase for macOS.
The social engineering toolkit allows you to create a number of social engineering attacks. Attacks that are currently included at the time of writing are as follows:
- Spear-phishing attacks: Allows you to create email phishing campaigns.
- Website attacks: Allows you to create attacks such as website cloning and more.
- Infectious media generator: Enables the creation of an autorun, which can be used on a USB device.
- Create a payload and listener: Creates a reverse shell payload, allowing access to the target machine.
- Mass mailer attack: Creates a phishing email that can be sent to a large audience.
- Arduino-based attacks: Allows you to create attacks by leveraging Arduino devices such as the Teensy. When inserted into a PC, it's detected as a keyboard, allowing exploits to be delivered to the target machine.
- Wireless access point attacks: Enables a malicious wireless access point to be created and allows you to intercept traffic as it passes.
- QRCode generator attacks: Generates a QRCode to any URL you specify. This is good for redirecting your targets to a malicious URL.
- Powershell attacks: Creates Powershell-based attacks, which can be used to perform a blind shell or dump a SAM database.
- SMS spoofing attacks: Creates an SMS, which can be used to social engineer your target.
At the time of writing, the current version of the social engineering toolkit was 8.0. The pre-installed version in Kali Linux 2019.1 is 7.7.9:
In order to update to the latest version, you will need to download the latest version from the TrustedSec GitHub repository, which is located at https://github.com/trustedsec/social-engineer-toolkit.
Once the download is completed, you can extract the contents of the folder within the .zip file to /usr/share/set to overwrite the necessary files. Once this is completed, you will be able to launch the latest version by running the setoolkit command from a Terminal window within Kali Linux.
The social engineering toolkit has a ton of features that can be used in your penetration tests. Exploring the various techniques that it offers will help you craft a phishing campaign that is effective. The social engineering toolkit is pre-installed in Kali Linux 2019.1. You can access it using the setoolkit command from a Terminal window.