The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Overview

πŸ’Ό   The Social-Engineer Toolkit (SET)   πŸ’Ό

Copyright 2020 The Social-Engineer Toolkit (SET)

Written by: David Kennedy (ReL1K) @HackingDave

Company: TrustedSec

DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.

Please read the LICENSE under readme/LICENSE for the licensing of SET.

πŸ“–   SET Tutorial   πŸ“–

For a full document on how to use SET, visit the SET user manual.

πŸ’»   Features   πŸ’»

The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.

Bugs and enhancements

For bug reports or enhancements, please open an issue here.

Supported platforms

  • Linux 🐧
  • Mac OS X 🍎

πŸ“₯   Installation   πŸ“₯

Resolve dependencies

Ubuntu/Debian System

  • Linux
  • Mac OS X (experimental)

Installation

Install via requirements.txt

pip3 install -r requirements.txt python setup.py

Install SET

All OSs

git clone https://github.com/trustedsec/social-engineer-toolkit/ setoolkit/
cd setoolkit
pip3 install -r requirements.txt
python setup.py
Comments
  • Error while using website cloning tool

    Error while using website cloning tool

    Error message:

    Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

    Actions taken: setoolkit > Social-Engineering Attacks > Website Attack Vectors > Credential Harvester Attack Method > Web Template or Site Cloner .... gives this error

    OS: Kali Linux 2.0 : kernel: 4.6.0-kali1-amd64

    Python3 version: Python 3.5.2+ Python version: Python 2.7.12+

    opened by codejunkes 61
  • module 'cgi' has no attribute 'escape'

    module 'cgi' has no attribute 'escape'

    Expected Behaviour Print output Screenshot 2020-04-16 20:07:55

    Put here what the expected behaviour should be when reporting an issue

    Actual Behaviour Exception happened during processing of request from ('0.0.0.0', 63279)
    Traceback (most recent call last):
    File "/usr/lib/python3.8/socketserver.py", line 650, in process_request_thread
    self.finish_request(request, client_address)
    File "/usr/lib/python3.8/socketserver.py", line 360, in finish_request
    self.RequestHandlerClass(request, client_address, self)
    File "/usr/lib/python3.8/socketserver.py", line 720, in init
    self.handle()
    File "/usr/lib/python3.8/http/server.py", line 427, in handle
    self.handle_one_request()
    File "/usr/lib/python3.8/http/server.py", line 415, in handle_one_request
    method()
    File "/usr/share/set/src/webattack/harvester/harvester.py", line 334, in do_POST
    filewrite.write(cgi.escape("PARAM: " + line + "\n"))
    AttributeError: module 'cgi' has no attribute 'escape'
    Set Version 8.0.3

    Description:	Kali GNU/Linux Rolling
    Release:	2020.2
    Codename:	kali-rolling
    
    opened by DropsThose 52
  • Problem with harvesting credentials - Credential Harvester Method

    Problem with harvesting credentials - Credential Harvester Method

    I am having an issue with the CHM. Whenever someone enters their credentials into the cloned website, the page simply refreshes, and redirects them to the actual login page of the website which I cloned. After a user enters their details, they are not taken to the expected next page, and no error is shown, it simply just redirects them to the actual login page.

    How can this be fixed? Is this inevitable and is there any way to fix this?

    opened by cantthinkofanydecentname 30
  • cannot find src

    cannot find src

    Hey how r u :) trying the pdf

    after following everything towards the end:

    set:payloads>1 set> IP address for the payload listener (LHOST): 10.0.0.112 set:payloads> Port to connect back on [443]:332 [-] Generating fileformat exploit... [_] Payload creation complete. [_] All payloads get sent to the /root/.set/template.pdf directory

    [!] Something went wrong, printing the error: name 'src' is not defined root@no-limit-clan:~#

    went saw there is nothing but : fileformate.file payload.options payloadgen set.options

    under home/.set

    any assistance?

    Also tried it on windows 10 and when you open a pdf (before this error happened). it asks u to saved the pdf without opening a session.

    let me know what i must change to fix this, thanks

    opened by blackhatethicalhacking 30
  • Running SEC6.5.9 -Kali 2.0 - problem persists

    Running SEC6.5.9 -Kali 2.0 - problem persists "payoad generation" stuck

    Reading package lists... Done Building dependency tree
    Reading state information... Done build-essential is already the newest version. git is already the newest version. python-crypto is already the newest version. python-openssl is already the newest version. python-pefile is already the newest version. python-pexpect is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. [_] Moving SET into the /usr/share/ directory... mv: cannot stat β€˜social-engineer-toolkit’: No such file or directory [_] Installing setoolkit installer to /usr/bin/setoolkit...

    cp: cannot stat β€˜/usr/share/setoolkit/seupdate’: No such file or directory [_] Note you will manually need to install Core Security 'Impacket' [_] Download link: http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket [_] Once downloaded, tar -zxvf impacket_, go to the directory and run python setup.py install. [*] We are now finished! To run SET, type setoolkit...

    I followed the corelabs download link and installed it, however the problem remains. Is there an issue with Kali?

    I added the bleeding-edge repos and they are in the config file however SEC does not update when running apt-get update && apt-get upgrade

    When I run SEC it says no bleedin-edge repos which is bit bizarre..

    I am currently running 6.5.8.

    opened by PJCA2 28
  • Site Cloner not generating index.html and unable to update setoolkit on Kali

    Site Cloner not generating index.html and unable to update setoolkit on Kali

    Hi,

    I have just reinstalled the latest Kali Linux and while trying to launch setoolkit I get this first:

    [*] Kali bleeding edge was not detected to be on...
    [*] Kali install detected. Note that if you are not using bleeding edge repositories, your version of SET will be roughly 4 months behind.
    [*] It is recommended to switch to bleeding-edge repos to ensure you are running the latest version of SET and other tools.
    Press [enter] to accept that SET is several months out of date and probably contains bugs and issues.
    

    I have added the repo by:

    echo deb http://http.kali.org/kali kali-bleeding-edge contrib non-free main >> /etc/apt/sources.list
    apt-get update
    apt-get upgrade
    

    But I still got the error message when starting setoolkit. Anyway I hit enter and try to run 3) Credential Harvester Attack Method. After I fish the wizard in my /var/www/ I got only the post.php file, no harvest.txt no index.html

    As a last hope I have tried to remove and eventually reinstal, but here I get another error:

    root@kali:~# apt-get remove setoolkit
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    E: Unable to locate package setoolkit
    

    What could be possibly wrong? Kali version is (x64):

    root@kali:~# uname -a
    Linux kali 4.3.0-kali1-amd64 #1 SMP Debian 4.3.5-1kali1 (2016-02-11) x86_64 GNU/Linux
    
    opened by vedtam 22
  • SMS Spoofing Error

    SMS Spoofing Error

    When I try to use the SMS Spoofing vector, it errors out. I've confirmed that the username/password that I'm entering is correct, I have credits on the account and internet access works on the VM I'm running this in.

    Wonder if it's because of the plus sign in the email?

    Example (redacted) output:

    [*] Okay! Moving on - SET needs some information from you in order to spoof the message.
    set:sms> Enter your email address for the spoofmytextmessage.com account:jared+spoofsms@[DOMAIN]
    set:sms> Enter your password for the spoofmytextmessage.com account:[REDACTED]
    [*] The next section requires a country code, this is the code you would use to dial to the specific country, for example if I was sending a message to 555-555-5555 to the United States (or from) you would enter +1 below.
    set:sms> Enter the country code for the number you are sending TO (for example U.S would be '+1')[+1]:
    set:sms> Enter the country code for the number you are sending FROM (for example U.S. would be '+1')[+1]:
    set:sms> Enter the number to send the SMS TO - be sure to include country code (example: +15551234567):+1##########
    set:sms> Enter the number you want to come FROM - be sure to include country code (example: +15551234567):+1##########
    set:sms> Enter the message you want to send via the text message:test
    [*] Grabbing initial ID from spoofmytextmessage.com...
    [!] Unable to authenticate and pull down from the site. Check your settings and try again.
    Press {return} to return to the previous menu.
    
    
    opened by jaredhaight 21
  • where is the template ?

    where is the template ?

    set:payloads> Port to connect back on [443]:443 [-] Generating fileformat exploit... [_] Payload creation complete. [_] All payloads get sent to the /root/.set/template.pdf directory [-] As an added bonus, use the file-format creator in SET to create your attachment. No previous payload created. set:phishing> Enter the file to use as an attachment:'/root/.set/payload.options' [!] ERROR:FILE NOT FOUND. Try Again.

    i didn't find template.pdf also

    [-] Generating fileformat exploit... [_] Payload creation complete. [_] All payloads get sent to the /root/.set/template.pdf directory

    [!] Something went wrong, printing the error: name 'src' is not defined

    i am using set toolkit version 6.5

    opened by th0m1 21
  • Java Applet attack issue with payload file not found 404

    Java Applet attack issue with payload file not found 404

    Hey,

    Dave and I discussed briefly on twitter, but running java applet attack, i have gotten this issue on 2 different kali VMs both running 6.3 #HugsforLife

    So SET options used were, 2, 1, 2, then internal no NAT, cloned google.com. I do have a signed cert that I copied to overwrite the built in applet in SET.

    For payload I chose, 1, then 8443 for the reverse connection and 1 for reverse tcp.

    So all is ready. Files in /var/www/ are: index.html index.html.bak qOtpFwyv.jar

    Load the page in Win7 VM, see legit applet popup, hit run, then nothing. no reverse shell, no traffic at all on kali VM over port 8443(was running tcpdump)

    Ran wireshark on windows system and noticed 404 error when accessing the payload. in this case: /gTdruKMP7

    Here is what my apache logs look like:

    192.168.0.173 - - [02/Jun/2015:14:51:29 -0400] "GET / HTTP/1.1" 200 40612 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:29 -0400] "GET /xjs/_/js/k=xjs.hp.en_US.rK_Zjounm-w.O/m=sb_he,jsa,d,csi/rt=j/d=1/t=zcms/rs=ACT90oGvjGvhFoVVg2T75EKd_DoS_Rfa1Q HTTP/1.1" 404 581 "http://192.168.0.170/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:30 -0400] "GET /images/nav_logo199.png HTTP/1.1" 404 513 "http://192.168.0.170/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:31 -0400] "GET /favicon.ico HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:33 -0400] "GET /qOtpFwyv.jar HTTP/1.1" 304 188 "-" "Mozilla/4.0 (Windows 7 6.1) Java/1.8.0_45" 192.168.0.173 - - [02/Jun/2015:14:51:34 -0400] "GET /gTdruKMP7 HTTP/1.1" 404 526 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2" 192.168.0.173 - - [02/Jun/2015:14:52:21 -0400] "GET /gTdruKMP7 HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"

    opened by betoatx 20
  • Python OpenSSL wasn't detected

    Python OpenSSL wasn't detected

    set:webattack> Select a template:4

    [_] Cloning the website: http://www.twitter.com [_] This could take a little bit... Python OpenSSL wasn't detected or has an installation issue, note that SSL compatibility is now turned off

    The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [_] Apache is set to ON - everything will be placed in your web root directory of apache. [_] Files will be written out to the root directory of apache. [*] ALL files are within your Apache directory since you specified it to ON. [!] Apache may be not running, do you want SET to start the process? [y/n]:

    opened by codejunkes 19
  • "Waiting for payload generation to complete..." doesn't stop -- No payload generation

    Hello, I'm writing here because I'm having a problem in generating payload with setoolkit. setoolkit's version is 7.1 on both my KaliLinux and Mac OS X ElCapitan machines and, on both machines, I got the same trouble: the message "Waiting for payload generation to complete" ( that appears after you chose the payload and set the options) doesn't stop to appear and the payload is not generated. The metasploit's path in set.config file is correct (I don't see any warning message at the start).

    What can I do? Any suggestion?

    p.s.: sorry my English, it's not the best!

    opened by ghost 19
  • QR code

    QR code

    Downloading qrcode-7.3.1.tar.gz (43 kB) ━━━━━━━━━━━━━━━━━━━━ 0.0/43.5 kB ? eta -:--:-- My Linux freezes every time I have got to this stage, where am I going wrong?

    opened by 1BXP 0
  • SET generate no report

    SET generate no report

    XML report file showing website domain instead of credentials

    This is the first time am using SET but Setoolkit is expected to return with harvested credentials in an xml file instead get this

    URL=http://subdomain.webdomain.com

    In the xml report file instead of the password and username I entered. I don't know how this works but am testing on localhost and it's running on port 80. Any idea of what is going on will be appropriated. Thanks. # # # # #

    opened by Peter-omereyone 0
  • Something went wrong, printing the error: [Errno 11] Resource temporarily unavailable

    Something went wrong, printing the error: [Errno 11] Resource temporarily unavailable

    I am using Mass Mailer Attack and after my smtp sends to 4 users i get this error i have all softs of updates and i dont know what could be the problem . i would appreciate it if anyone here would help

    opened by carlsmallzz 0
Owner
trustedsec
trustedsec
This repository contains a testing script for nmigen-boards that tries to build blinky for all the platforms provided by nmigen-boards.

Introduction This repository contains a testing script for nmigen-boards that tries to build blinky for all the platforms provided by nmigen-boards.

S.J.R. van Schaik 4 Jul 23, 2022
This is a simple software for fetching new changes to remote repositories automatically.

Git Autofetch Git Autofetch is a simple software for fetching new changes from a repo to local repositories after a set time interval. This program is

Shreyas Ashtamkar 10 Jul 21, 2022
The Good Old Days. | Testing Out A New Module-

The-Good-Old-Days. The Good Old Days. | Testing Out A New Module- Installation Asciimatics supports Python versions 2 & 3. For the precise list of tes

Syntax. 2 Jun 8, 2022
A set of pytest fixtures to test Flask applications

pytest-flask An extension of pytest test runner which provides a set of useful tools to simplify testing and development of the Flask extensions and a

pytest-dev 433 Dec 23, 2022
A set of pytest fixtures to test Flask applications

pytest-flask An extension of pytest test runner which provides a set of useful tools to simplify testing and development of the Flask extensions and a

pytest-dev 354 Feb 17, 2021
A configurable set of panels that display various debug information about the current request/response.

Django Debug Toolbar The Django Debug Toolbar is a configurable set of panels that display various debug information about the current request/respons

Jazzband 7.3k Jan 2, 2023
pywinauto is a set of python modules to automate the Microsoft Windows GUI

pywinauto is a set of python modules to automate the Microsoft Windows GUI. At its simplest it allows you to send mouse and keyboard actions to windows dialogs and controls, but it has support for more complex actions like getting text data.

null 3.8k Jan 6, 2023
Avocado is a set of tools and libraries to help with automated testing.

Welcome to Avocado Avocado is a set of tools and libraries to help with automated testing. One can call it a test framework with benefits. Native test

Ana Guerrero Lopez 1 Nov 19, 2021
Set your Dynaconf environment to testing when running pytest

pytest-dynaconf Set your Dynaconf environment to testing when running pytest. Installation You can install "pytest-dynaconf" via pip from PyPI: $ pip

David Baumgold 3 Mar 11, 2022
a socket mock framework - for all kinds of socket animals, web-clients included

mocket /mΙ”ΛˆkΙ›t/ A socket mock framework for all kinds of socket animals, web-clients included - with gevent/asyncio/SSL support ...and then MicroPytho

Giorgio Salluzzo 249 Dec 14, 2022
a socket mock framework - for all kinds of socket animals, web-clients included

mocket /mΙ”ΛˆkΙ›t/ A socket mock framework for all kinds of socket animals, web-clients included - with gevent/asyncio/SSL support ...and then MicroPytho

Giorgio Salluzzo 208 Jan 31, 2021
A rewrite of Python's builtin doctest module (with pytest plugin integration) but without all the weirdness

The xdoctest package is a re-write of Python's builtin doctest module. It replaces the old regex-based parser with a new abstract-syntax-tree based pa

Jon Crall 174 Dec 16, 2022
Implement unittest, removing all global variable and returning values

Implement unittest, removing all global variable and returning values

Placide 1 Nov 1, 2021
The evaluator covering all of the metrics required by tasks within the DUE Benchmark.

DUE Evaluator The repository contains the evaluator covering all of the metrics required by tasks within the DUE Benchmark, i.e., set-based F1 (for KI

DUE Benchmark 4 Jan 21, 2022
d4rk Ghost is all in one hacking framework For red team Pentesting

d4rk ghost is all in one Hacking framework For red team Pentesting it contains all modules , information_gathering exploitation + vulnerability scanning + ddos attacks with 12 methods + proxy scraper and wordpress vulnerability scanning and more

d4rk sh4d0w 15 Dec 15, 2022
A simple serverless create api test repository. Please Ignore.

serverless-create-api-test A simple serverless create api test repository. Please Ignore. Things to remember: Setup workflow Change Name in workflow e

Sarvesh Bhatnagar 1 Jan 18, 2022
This repository has automation content to test Arista devices.

Network tests automation Network tests automation About this repository Requirements Requirements on your laptop Requirements on the switches Quick te

Netdevops Community 17 Nov 4, 2022
This repository contnains sample problems with test cases using Cormen-Lib

Cormen Lib Sample Problems Description This repository contnains sample problems with test cases using Cormen-Lib. These problems were made for the pu

Cormen Lib 3 Jun 30, 2022
Repository for JIDA SNP Browser Web Application: Local Deployment

JIDA JIDA is a web application that retrieves SNP information for a genomic region of interest in Homo sapiens and calculates specific summary statist

null 3 Mar 3, 2022