Moving on, we will choose the web templates option. The custom import allows the user to simply upload their own webpage. The site cloner will allow the user to input a URL and SET will clone and spoof that webpage. The web templates option gives us some preconfigured options for what web page we want to spoof to host our malicious Java Applet: We are given 3 different options, web templates, site cloner, and custom import. The source of the applet can be found here, at SETs GitHub. Java seemed like a nice option because, well, mostly everyone has it, regardless of their OS. We will use the preconfigured Java Applet method that was written by Thomas Werth to deliver our payload. Next we will see all of the different Social Engineering options that the toolkit has. To open the Social Engineering Toolkit, open a terminal in Kali and type “ setoolkit“.Īlmost all of the navigation takes place using numerical input, for this example, I will select 1 to show the Social-Engineering Attacks.
It is free and is included on Kali Linux. The Social Engineering Toolkit is a powerful tool that allows companies to conduct penetration testing using spear-phishing, credential harvesting, web-jacking, deliver malicious scripts to victims, and much more. Instead, I found some cool stuff while playing around in the Social Engineering Toolkit (SET) that is preloaded on Kali Linux.
I had originally intended to post something about the recent Android JavaScript exploit added to Metasploit this week, but I was having some issues getting it to work with the intended versions of Android.