September 13, 2010
SET v0.7 "Swagger Wagon" Released with Updated Tutorials!
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
I'm proud to release the latest version of SET v0.7, this release has two new attack vectors (multi attack and web jacking), three new Teensy HID payloads and a number of bug fixes and additions. SET really has taken off to be a standard tool within a penetration testers arsenal and really appreciate the communities backing with the progress of this. SET is done purely on my spare time and for free, with twins and a 2 1/2 year old time is precious :) I don't want donations, this is for fun and a passion...but am always looking for new ideas or enhancements to SET. If you have an idea that you wanted incorporated, ping me anytime, there is a good chance it could be incorporated! With this release I decided to put together a SET v0.7 tutorial that will be updated with each version. It can be found in the readme/User_Manual.pdf or you can find the online versions at social-engineer.org and on the Metasploit Unleashed course:
http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29http://www.offensive-security.com/metasploit-unleashed/SET
For a video of SET version 0.7 head over to here: http://www.vimeo.com/14837669 or to the tutorials section on this site.
Here is a list of bug fixes and new additions into SET v0.7:
* Fixed the NAT/Port FWD descriptions to be a little bit more descriptive
* Bug fixes on payload gen with x64 bit payloads in Metasploit
* Added new Multi-Attack Payload option to utilize multiple attack vectors
* Incorporated Multi-Attack into each web attack vector
* Added a PID management system in SET for stray processes
* Cleaned up payloadgen code and SET code to reflect new multiattack changes
* Added the web jacking attack vector by white_sheep, emgent, and the Back|Track team
* Fixed an issue with ARP Cache defaulting, it should now poison everyone
* Added better error handling within the SET menus, still needs a bit more work
* Cleaned up color schema and removed old code
* Added the Adobe CoolType SING Table 'uniqueName' Overflow zero day from Metasploit in spear phishing
* Added two more Teensy based payloads, thanks Garland!
* Added HTML support for Spear-Phishing Attack Vector
* Added HTML support when WEBATTACK_EMAIL=ON for web attack vector
* Added the Adobe Cooltype SING Table Overflow zero day for browser exploit
* Added the new SET User Manual to readme/. This is a big update and has updated content for 0.7
* Fixed a simple yes or no answer when requirements for SET were not met