Installation & Getting Started
Main -> 1. Social-Engineering Attacks
set:infectious (SE Attack Option #3)
The Infectious USB/CD/DVD module will create an autorun.inf file and a Metasploit payload. When the DVD/USB/CD is inserted, it will automatically run if autorun is enabled.
Pick the attack vector you wish to use: fileformat bugs or a straight executable.
set:mailer (SE Attack - Option #5)
Social Engineer Toolkit Mass E-Mailer
There are two options on the mass e-mailer, the first would be to send an email to one individual person. The second option will allow you to import a list and send it to as many people as you want within that list.
set:arduino (SE Attack Option #6)
The Arduino-Based Attack Vector utilizes the Arduin-based device to program the device. You can leverage the Teensy's, which have onboard storage and can allow for remote code execution on the physical system. Since the devices are registered as USB Keyboard's it will bypass any autorun disabled or endpoint protection on the
To purchase a Teensy, visit: http://www.pjrc.com/store/teensy.html
Select a payload to create the pde file to import into Arduino:
set:powershell - (SE Attacks - Option #9)
The Powershell Attack Vector module allows you to create PowerShell specific attacks. These attacks will allow you to use PowerShell which is available by default in all operating systems Windows Vista and above. PowerShell provides a fruitful landscape for deploying payloads and performing functions that do not get triggered by preventative technologies.
set:phishing menu (SE Attack Option #1)
The Spearphishing module allows you to specially craft email messages and send them to a large (or small) number of people with attached fileformat malicious payloads. If you want to spoof your email address, be sure "Sendmail" is installed (apt-get install sendmail) and change the config/set_config SENDMAIL=OFF flag to SENDMAIL=ON.
set:webattack (SE Attack Option #2)
set:payloads (SE Attacks - Option #4)
set:wireless (SE Attack - Option #7)
The Wireless Attack module will create an access point leveraging your wireless card and redirect all DNS queries to you. The concept is fairly simple, SET will create a wireless access point, dhcp server, and spoof DNS to redirect traffic to the attacker machine. It will then exit out of that menu with everything running as a child process.
This attack vector requires AirBase-NG, AirMon-NG, DNSSpoof, and dhcpd3.
QR Code - (SE Attacks Option #8)
The QRCode Attack Vector will create a QRCode for you with whatever URL you want.
When you have the QRCode Generated, select an additional attack vector within SET and deploy the QRCode to your victim. For example, generate a QRCode of the SET Java Applet and send the QRCode via a mailer.
Main 2 --> Penetration Testing (Fast-Track)
Main --> 3. Third Party Modules
[-] Please read the readme/modules.txt for information on how to create your own modules.
Social Engineering Toolkit Cheat Sheet Cheat Sheet by jopey_meow
Cheet Sheet detailing the menu options and important config options of the Social Engineering Toolkit