Skip to Main Content
February 03, 2010 Launched, SET V0.4 Codename "Pink Pirate" Released

Written by David Kennedy
Security Testing & Analysis Social Engineering
Welcome to, my goal of this website is to create a central point for me to place new and exciting things in the information security field. Feel free to contact me with requests and updates. What would be a new blog post be without a good tutorial, or something new being posted. Let's take a look at version 0.4 of the Social-Engineer Toolkit (SET) that is/was being released at ShmooCon. The latest version incorporates a new Java Applet designed by Thomas Werth that gives SET the ability to target all Windows versions, Linux, and OSX. In addition it will also do smart browser detection and target the specific OS with the right payload. This means that the Java Applet attack now works on all flavors of operating systems. A neat little twist in addition to the universal payload options is as soon as the victim executes the payload, the user is redirected back to the originally cloned website, so for example in SET if you clone a website for the Java Applet attack lets say, the victim visits your malicious site, the payload is executed, the user is redirected back to the original without ever noticing the difference. Some additional functionality is the ability to allow you to do your own self signing now with the Java Applet. So if you clone a website, you can now sign it based on the website owner to make it look more legit. This is all done through config/set_config. Another big option is now the ability to use client-side exploits with the website attack vector. There are around 6 exploits you can now use including the latest "Aurora" attack instead of the Java Applet attack and use Metasploit exploits to perform the attacks. Overall this gives SET robust functionality to tailor to each attack you perform. There was over 32 bug fixes in this release and better error handling. I've also moved the mass mailer to spawn AFTER the website and listener have been spawned, just in case someone is super click happy (thanks Mubix). This release has seen so much adoption and help from the community, a special thanks to EVERYONE that has helped with reporting bugs or adding functionality, and a really special thanks to Thomas Worth for providing me with the Java Applet and testing, without his help this release wouldn't be the way it is. SET v0.3 received over 312,000 individual downloads and I anticipate much more with the "Pink Pirate" release.