Social Engineering Toolkit (SET) PI

DISCLAIMER

Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question. Cyber Security Associates Limited, will not be held responsible for any criminal charges brought against any individuals misusing the information in these projects to break the law.  

Please ensure you are using the latest SD Card image which is available here.

 

Teacher Overview

Kali Linux is an operating system (OS) used for ethical hacking and digital forensics. It is loaded with numerous tools such as nmap and metasploit. Kali Linux also has a range of security tools and digital forensic applications that can be applied to many situations and currently is one of the most popular OS for cyber security specialists. There are other OS made for penetration testing such as Parrot OS and Black Arch but generally it is easier to access Kali Linux than these alternatives.

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human target. SET was designed to be released with the https://www.social-engineer.org launch and quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with assistance from the online community it has incorporated attacks never before seen in an exploitation toolset. It is an open-source Python-driven tool and the attacks built into the toolkit are designed to be targeted and focused attacks against a person or organisation used during a penetration test.

SET has been presented at large-scale conferences including: Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, it is the standard for social-engineering penetration tests and is supported heavily within the security community. Social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The SET has been featured in a number of books including the number one best seller in security books for 12 months since its release, “Metasploit: The Penetrations Tester’s Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.

In this project the students will be learning the basics of SET and how to perform a website generated attack where login details get harvested.

Suggested Year Group

The suggested age group is 16+, due to the nature of this project and the skills it is developing.

 

Learning Outcomes

  • Explain the basic principles of SET;

  • Explain how to perform website generator attack;

  • Teach the different uses of SET.

 

Hardware Required

Component Number (Box Case)

(Base) 9

(Base) 10 Bag 16

(Base) 8

(Level 1) 1

(Level 1) 1

(Level 1) 5

(Level 1) 4

Component Number (Peli Case)

Slot 1

Slot 11

Slot 2

Slot 11

Slot 11

Slot 12

Slot 13

Component

Raspberry Pi + Case

Kali Linux SD Card

TFT Screen

HDMI

Wireless Keyboard

Wireless Mouse

Power Supply Unit

 

VIDEO GUIDE

 

Conclusion

This project is designed to introduce the students to SET and the applications this technology has in IT and cyber security. The students have used the Raspberry Pi to run SET, which has then been used to run a website generated attack tricking people to think they’re on the google login page, so they sign in and then once they have done this they get redirected to google, and they might not even realise the attack has happened. SET is an extremely powerful toolkit, and this tutorial is just scratching the surface of what you can do with it. Keep in mind that the Raspberry is limited in processing power and will not be able to handle large volumes of traffic accurately.