I’m proud to release the latest version of SET v0.7, this release has two new attack vectors (multi attack and web jacking), three new Teensy HID payloads and a number of bug fixes and additions. SET really has taken off to be a standard tool within a penetration testers arsenal and really appreciate the communities backing with the progress of this. SET is done purely on my spare time and for free, with twins and a 2 1/2 year old time is precious 🙂 I don’t want donations, this is for fun and a passion…but am always looking for new ideas or enhancements to SET. If you have an idea that you wanted incorporated, ping me anytime, there is a good chance it could be incorporated! With this release I decided to put together a SET v0.7 tutorial that will be updated with each version. It can be found in the readme/User_Manual.pdf or you can find the online versions at social-engineer.org and on the Metasploit Unleashed course:



For a video of SET version 0.7 head over to here: http://www.vimeo.com/14837669 or to the tutorials section on this site.

Here is a list of bug fixes and new additions into SET v0.7:

* Fixed the NAT/Port FWD descriptions to be a little bit more descriptive
* Bug fixes on payload gen with x64 bit payloads in Metasploit
* Added new Multi-Attack Payload option to utilize multiple attack vectors
* Incorporated Multi-Attack into each web attack vector
* Added a PID management system in SET for stray processes
* Cleaned up payloadgen code and SET code to reflect new multiattack changes
* Added the web jacking attack vector by white_sheep, emgent, and the Back|Track team
* Fixed an issue with ARP Cache defaulting, it should now poison everyone
* Added better error handling within the SET menus, still needs a bit more work
* Cleaned up color schema and removed old code
* Added the Adobe CoolType SING Table ‘uniqueName’ Overflow zero day from Metasploit in spear phishing
* Added two more Teensy based payloads, thanks Garland!
* Added HTML support for Spear-Phishing Attack Vector
* Added HTML support when WEBATTACK_EMAIL=ON for web attack vector
* Added the Adobe Cooltype SING Table Overflow zero day for browser exploit
* Added the new SET User Manual to readme/. This is a big update and has updated content for 0.7
* Fixed a simple yes or no answer when requirements for SET were not met