The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element,a standard tool in a penetration testers arsenal.
The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
The brains behind SET is its configuration file. SET by default works perfect for most people however, advanced customization may be needed in order to ensure that the attack vectors go off without a hitch. First thing to do is ensure that you have updated SET.Once you’ve updated to the latest version, start tweaking your attack by editing the SET configuration file.
SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset.
Social-Engineer Toolkit (SET) – Introduction
Below is a tutorial and introduction into the Social-Engineer Toolkit, this section will give you a brief introduction into the toolkit and give a detailed explanation of the SET configuration file that can be used to customize SET to add or remove functionality within the tool.
Social-Engineer Toolkit (SET) – Credential Harvester Method
In the next tutorial you will learn how to configure SET in order to utilize the Credential Harvester Attack Method. This method allows you to clone a website and auto rewrite the post parameters to be able to successfully harvest credentials as well as go through the report exports.
Social-Engineer Toolkit (SET) – Java Applet Attack Vector
In the next tutorial you will learn how to utilize SET with the Thomas Werth Java Applet Attack Vector. This Java Applet is a universal payload for Linux/OSX/Windows and works with a fully patched system. This method is one of the most reliable methods for exploitation within the Social-Engineer Toolkit.
Social-Engineer Toolkit (SET) – Spear-Phishing Attack Method
This latest tutorial will walk you through the Spear-Phishing attack method. This method will allow you to perform advanced spear-phishing attacks utilizing E-Mail attack vectors coupled with fileformat bugs.
Social-Engineer Toolkit (SET) – Version 0.6.1 Catch-up
Instead of redoing all of the tutorials, this is a catch-up tutorial that bridges the gap between 0.5 and 0.6.1, a significant release in the Social-Engineer Toolkit. This version incorporates a number of bug fixes, new attack vectors, and new options. Included in this tutorial is the Teensy USB/HID Attack Vector, the Man Left in the Middle Attack Vector, and the TabNabbing attack vector