Caleb Coffie

Information Security and Forensics Major at RIT

S.E.T. – Social-Engineer Toolkit

August 3rd, 2013

SET is a basic sets of tools that will make socially engineering a target much easier. It has many features that are great when pen-testing an organization. So I just plan on guiding you guys through an attack and how SET could be used. SET is really simple to use but I’ll explain how to use it anyway for the people out there that are new to this stuff. This is how you will setup up SET. First you’re going to need git. To install git just go here http://git-scm.com/ and follow the the instruction on how to install git. If you’re using a form of linux/unix you can just use your favorite package manager to install git. Once git is install you will want to open a Terminal/Command Prompt/Shell(Whatever else you might call it). Then you will clone the git repo for SET with the command below.

git clone https://github.com/trustedsec/social-engineer-toolkit/ set/

This will download SET for you. Now you will have to have the metasploit framework. I will not cover this because it can be complicated on certain systems. If you google it you should be able to find detailed instructions online. There are also installers for Windows and Linux on the Rapid7 website.

Once Metasploit is install, you will want to go back to your set folder and issue the following command.

sudo python setup.py

After this start up SET with the following command.

sudo ./se-toolkit

This will launch the toolkit and after a couple things like agreeing to the end user agreement. You will be prompted with the main main that looks like the picture below. There is a possibility though if your installation of metasploit isn’t in the default directory you will have to specify it in config file located in the config folder.

SET_Main_Menu

I would recommend looking through the all of the menus and checking out all of the features. My favorite menu currently is the Social-Engineering Attacks > Arduino-Based Attack Vector. This includes payloads for things like the teensy(Posted about earlier). There are also a bunch of other really cool social engineering attacks like a feature to make email attachment payloads, etc. I would also recommend checking out the videos on the SET website(Really cool).

I would love to see what cool feature you guys find. So if you see some cool feature just comment about it. I think most others would enjoy reading it as well.

 

Your email address will not be published. Required fields are marked *

*

Caleb Coffie

Information Security and Forensics Major at RIT