Tools

8.5 Tools

During the years many tools have been developed to help and improve social engineering attacks. Tools can help to generate fake links, fake pages, social sharing campaigns and much more. The one we are going to explore in the coming slides is called Social Engineer Toolkit (SET).

As stated on its website: "The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly". As you will see, it can be used to create phishing pages, bind Metasploit exploits, create fake emails and much more.

Before actually using the tool, we strongly suggest you read its user manual. You can either read it at the following link or you can find it in the installation folder of SET.

As you will see in the user manual PDF, before using SET you probably will have to configure a few settings such as: Metasploit folder, HTTP server options, SSL certificates… Once again, we strongly suggest you go through the user manual and read the "Beginning with the Social Engineer Toolkit" section.

To start using SET, we can run the following command:

$ setoolkit

As you can see form the previous screenshot, SET is very easy to use. We just need to select what to do from the menu printed in the console. The Social-Engineering Attacks menu contains all the modules that help us in configuring attacks such as spear phishing, infecting media (USB/CD/DVD), sending mass mail and much more. The Fast-Track Penetration Testing contains modules that help us in the automation of complex attack vectors.

Let us now start a social engineering attack and see what modules SET offers. In the previous menu, we will select the option number 1. The screenshot shows all the attacks that we can run.

See VID.