December 25, 2010
SET v1.1 Codename: "Happy Holidays" Released
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
Happy Holidays everyone! This is the latest version of the Social-Engineer Toolkit codename "Happy Holidays". This release adds new Metasploit-based client-side attacks (4 in total), many optimizations on the SET web server including proper threading to make it run faster as well as an overall of optimizations through the entire code base. The next version 1.2 will be an overhaul of function calls and centralization of modules to allow easier additions for third party contributions.
Also added in this release is a new set_config option that will automatically disable the auto redirection on the Java Applet so in examples with Multi-Attack where you use Java Applet + Credential Harvester it will now only redirect once the credential harvester is executed. This is especially useful when you get your payload execution and harvest credentials all within one attack.
Lastly, another great option is I've added UPX support for the Java Applet and Payload Generator attacks. In the set_config is a new option called "UPX_ENCODE=ON", this is on by default and checks to see if UPX is in the default Back|Track path. If it's not it will automatically disable the UPX packing, otherwise it will automatically pack the executable with the UPX packer. You can turn this off in the set_config by specifying UPX_ENCODE=OFF. Enjoy the latest version of SET, there is more to come with the next 1.2 release which is currently under development.