How to Use "SET", the Social-Engineer Toolkit

Welcome back my social engineers/hackarians! Today we'll be looking

into a fantastic piece of software, The Social-Engineer Toolkit or just SET for short. SET is designed, Developed and used by several Social-engineers. So... Let's get started!

Getting Familiar

When you boot up SET you'll see this screen:

Now we are able to pick one of the options listed above

We'll use:

>1) Social engineering attacks

>2) Fast-track penetration testing

The other options are not important. So what happens when we press 1 We'll get this screen:

Now there are numerous of things here so let's look into that!

Spear-Phishing Attack Vectors

This tool allows you to send e-mails with a malicious file as payload.

Website Attack Vectors

This tool allows you to create a malicious website link.

Infectious Media Generator

This tool creates a payload and a .ini file for a usb,cd or dvd injection.

Create a Payload and Listener

Straightforward just creates a .exe file and opens a listener.

Mass Mailer Attack

This tool will send e-mails to the target.

Arduino-Based Attack Vector

For use with a "teensy usb."

SMS Spoofing Attack Vector

With this tool you'll be able to craft sms messages and send them.

Wireless Access Point Attack Vector

Should be straightforward.

QRCode Generator Attack Vector

Generates a QRCode to a specific URL.

Powershell Attack Vectors

This will allow you to use Powershell exploits (powershell is available on windows vista and above.)

Third Party Modules

Will allow you to browse for more add-ons.

Step 1: Getting Started!

I won't create a whole tutorial about the different options available in SET because it's just to much. Also SET is pretty straightforward. For example, in metasploit you'll need to use set RHOST:xxx.xxx.xxx.xxx. SET just asks: What is the remote host? ==> xxx.xxx.xxx.xxx

So go ahead and try to social engineer someone, and i hope this helps.