I'm proud to release The Social-Engineer Toolkit (SET) v1.3 "Artillery Edition". This is a major release and about 4 months of straight development that adds a ton of new features. For a list of changes, check out the previous blog post which has them listed and check out the new teaser video! This has a number of changes to highlight a couple of the major, a completely custom interactive SET shell and RATTE a HTTP tunneling blowfish encrypted payload. Also a new attack vector including the wireless attack vector which will setup a rogue access point, spoof DNS, and launch the different SET attack vectors. Have fun and enjoy! Changelog: * Updated the web-gui interface to reflect all new PDF exploits * Updated the web-gui interface to reflect all new client-side exploits * Added a new setup.py installer file for debian based systems only, will add manual install options later * Updated all of the powershell HID attack vectors to fix bugs and support multi-language support. Thanks padzero! * Added AES encryption to the socket communication, it requires Crypto.Cipher which is from the PyCrypto libraries. * Added python-crypto to the installer setup.py installation * Fixed web-gui alignment on new options so they match up properly to SET-interface * Added better error handling around the openssl python module if it isn't installed * Added download_file capabilities into the SET interactive shell. * Added upload_file capabilites into the SET interactive shell. * Added shell capabilties into the SET interactive shell. * Added ssh_tunneling capabilities into the SET interactive shell. You can tunnel any port you want to over ssh * Added a teensy Gnome wget payload thanks to Hugo Caron (y0ug)! * Fixed a bug in a menu where teensy payload return to menu would not return properly to main menu * Fixed a bug where the Mass Mailer Menu didn't properly return back to main menu when specified. * Added process list in the SET interactive shell. * Added process kill in the SET interactive shell. * Added dsniff to set_config as an option instead of ettercap, can use either one. * Added centralized logging in SET, log files will now be dumped to src/logs/set_logfile.log * Added logging to main SET interface, handles main SET interactive shell errors * Added logging to arp_cache.py file, handles arp cache errors * Added logging to hijacking.py file, handles dll_hijacking errors * Added logging to harvester.py file, handles credential harvesting errors * Added logging to payloadgen.py file, handles payload generation errors * Fixed a bug where if site wouldn't clone properly it would just exit SET, it now just returns back to main menu. * Fixed a bug where the new addition to dnsspoof would not properly kill dnsspoof when exiting SET, it now terminates when an exception is thrown * Added logging to web_server.py file, handles main SET web server errors * Added logging to spawn.py file, handles main spawn handles for SET * Added the ability to specify high priority during emails or not, thanks Jonathan Murray! * Added new core module libary called log(error) will centralize log messages through core function calls * Added the new Sun Java Applet2ClassLoader Remote Code Execution Exploit from Frederic Hoguin and jduck that was recently added to Metasploit * Moved version number to src/main/ instead of src root * Added the new RATTE payloads to SET that was created by Thomas Werth to circumvent firewall based restrictions. Awesome addition! * Added the new DSNIFF changes to the web gui to ensure that when the option is enabled in set_config it now gets picked up in web gui * Fixed a bug in web gui where if HTML/Plain wasn't specified, it would not properly run the answer file to launch the attack * Added the SET interactive shell to the Java Applet Attack Vector on the SET web-gui * Fixed a mishandling of OS.Error exceptions in spawn.py which caused SET to spit out a pexpect exceptions error when using KeyBoardInterrupt exceptions handler * Deleted the database directory under src, was no longer needed * Added the Sun Java Applet2ClassLoader Remote Code Execution by Frederic Hoguin and jduck to the web gui interface * Added RATTE to the SET Web GUI under the payload selection area, it's only to be used for the Java Applet attack. * Added the Adobe Flash Player AVM Bytecode Verification Vulnerability from the Metasploit Framework to SET * Added the Adobe Flash Player AVM Bytecode Verification Vulnerability to the SET web gui. * Added six more spear-phishing templates that can be found under the spear-phish attack menu * Added a new attack vector called the SET Wireless Attack Vector, this will create a fake access point and redirect all traffic to you * Added the ability to stop all services/processes started by the SET Wireless Attack vector, it is now under the options menu * Added the Thomas Werth RATTE module to third party modules as well as under the main payload section. Great example to tweak third party modules and add things. * Added airbase-ng to SET in case it is not installed. Thanks to Mister-X for the approval to include it into SET! * Added new wireless attack vector to the SET web gui, menus have been changed slightly * Added the new templates recently added to the SET web gui, they are under the spear-phish menu * Added a binary rewrite of UPX encoder stubs so that it randomizes a three character alphanumeric to remove UPX from the binary. A bit better obfsucation for A/V detection. * Fixed a bug where upx encoding wasn't working properly and wouldn't encode the right binary * Added a new core module called core.upx(path_to_file) which will automatically encode the file via upx and rewrite the UPX stubs with a three character alphanumeric stub * Fixed a bug in the SET interactive shell that was causing it to fail if the pycrypto modules were not installed.