The Social Engineer Toolkit, si aggiorna raggiungendo la versione 1.3 introducendo notevoli cambiamenti che sono riepilogati nel video introduttivo e vi riporto anche dopo il salto il changelog ufficiale.
Un ringraziamento all’amico Luca per la segnalazione dell’aggiornamento, infine vi ricordo che il kit è disponibile al download sul sito ufficiale dello sviluppatore.
* Updated the web-gui interface to reflect all new PDF exploits
* Updated the web-gui interface to reflect all new client-side exploits
* Added a new setup.py installer file for debian based systems only, will add manual install options later
* Updated all of the powershell HID attack vectors to fix bugs and support multi-language support. Thanks padzero!
* Added AES encryption to the socket communication, it requires Crypto.Cipher which is from the PyCrypto libraries.
* Added python-crypto to the installer setup.py installation
* Fixed web-gui alignment on new options so they match up properly to SET-interface
* Added better error handling around the openssl python module if it isn’t installed
* Added download_file capabilities into the SET interactive shell.
* Added upload_file capabilites into the SET interactive shell.
* Added shell capabilties into the SET interactive shell.
* Added ssh_tunneling capabilities into the SET interactive shell. You can tunnel any port you want to over ssh
* Added a teensy Gnome wget payload thanks to Hugo Caron (y0ug)!
* Fixed a bug in a menu where teensy payload return to menu would not return properly to main menu
* Fixed a bug where the Mass Mailer Menu didn’t properly return back to main menu when specified.
* Added process list in the SET interactive shell.
* Added process kill in the SET interactive shell.
* Added dsniff to set_config as an option instead of ettercap, can use either one.
* Added centralized logging in SET, log files will now be dumped to src/logs/set_logfile.log
* Added logging to main SET interface, handles main SET interactive shell errors
* Added logging to arp_cache.py file, handles arp cache errors
* Added logging to hijacking.py file, handles dll_hijacking errors
* Added logging to harvester.py file, handles credential harvesting errors
* Added logging to payloadgen.py file, handles payload generation errors
* Fixed a bug where if site wouldn’t clone properly it would just exit SET, it now just returns back to main menu.
* Fixed a bug where the new addition to dnsspoof would not properly kill dnsspoof when exiting SET, it now terminates when an exception is thrown
* Added logging to web_server.py file, handles main SET web server errors
* Added logging to spawn.py file, handles main spawn handles for SET
* Added the ability to specify high priority during emails or not, thanks Jonathan Murray!
* Added new core module libary called log(error) will centralize log messages through core function calls
* Added the new Sun Java Applet2ClassLoader Remote Code Execution Exploit from Frederic Hoguin and jduck that was recently added to Metasploit
* Moved version number to src/main/ instead of src root
* Added the new RATTE payloads to SET that was created by Thomas Werth to circumvent firewall based restrictions. Awesome addition!
* Added the new DSNIFF changes to the web gui to ensure that when the option is enabled in set_config it now gets picked up in web gui
* Fixed a bug in web gui where if HTML/Plain wasn’t specified, it would not properly run the answer file to launch the attack
* Added the SET interactive shell to the Java Applet Attack Vector on the SET web-gui
* Fixed a mishandling of OS.Error exceptions in spawn.py which caused SET to spit out a pexpect exceptions error when using KeyBoardInterrupt exceptions handler
* Deleted the database directory under src, was no longer needed
* Added the Sun Java Applet2ClassLoader Remote Code Execution by Frederic Hoguin and jduck to the web gui interface
* Added RATTE to the SET Web GUI under the payload selection area, it’s only to be used for the Java Applet attack.
* Added the Adobe Flash Player AVM Bytecode Verification Vulnerability from the Metasploit Framework to SET
* Added the Adobe Flash Player AVM Bytecode Verification Vulnerability to the SET web gui.
* Added six more spear-phishing templates that can be found under the spear-phish attack menu
* Added a new attack vector called the SET Wireless Attack Vector, this will create a fake access point and redirect all traffic to you
* Added the ability to stop all services/processes started by the SET Wireless Attack vector, it is now under the options menu
* Added the Thomas Werth RATTE module to third party modules as well as under the main payload section. Great example to tweak third party modules and add things.
* Added airbase-ng to SET in case it is not installed. Thanks to Mister-X for the approval to include it into SET!
* Added new wireless attack vector to the SET web gui, menus have been changed slightly
* Added the new templates recently added to the SET web gui, they are under the spear-phish menu
* Added a binary rewrite of UPX encoder stubs so that it randomizes a three character alphanumeric to remove UPX from the binary. A bit better obfsucation for A/V detection.
* Fixed a bug where upx encoding wasn’t working properly and wouldn’t encode the right binary
* Added a new core module called core.upx(path_to_file) which will automatically encode the file via upx and rewrite the UPX stubs with a three character alphanumeric stub
* Fixed a bug in the SET interactive shell that was causing it to fail if the pycrypto modules were not installed.