David Kennedy and the Trusted Sec crew have recently released yet another update to the very impressive Social Engineering Toolkit.
“This version has a number of new enhancements including the ability to natively use Apache with the multiattack combining the Java Applet Attack and the Credential Harvester. Traditionally speaking, the credential harvester attack could only be used by the native SET HTTP server. We recently developed a php hook that gets copied over to the web root along with the standard Java Applet attack. If the Java Applet fails, the backup for credential harvester can be used. In addition, a number of stability updates were given to the standard Credential Harvester attack.
The harvester now supports multi-threading for faster response times when hitting the website. All-in-all this release adds a ton of new functionality and features. In addition to these changes, the Metasploit Meterpreter ALLPORTS payload is now supported through the PyInjector and ShellCode Injection techniques for the Java Applet. Lastly, we’ve added a new Java Applet that has been redesigned and heavily obfuscated. Enjoy!”
SET is one of our favorite computer security tools here at CyberArms.I can not think of an easier to use tool that allows you to check the security of your network against social engineering attacks.
We are just so grateful that David Kennedy and his team spend so much time tweaking and updating it.
Nice job guys!