Adblock Detected

Read

[Kautilya v0.4.4] Pwnage with Human Interface Devices

Read

[SET v5.2] The Social-Engineer Toolkit "Urban Camping"

Read

The Social-Engineer Toolkit (SET) version 5.2 codename “Urban Camping” has been released. This version adds a complete rewrite of the PowerShell injection techniques within SET and incorporates an automatic process downgrade attack detailed here: https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/. The attack will automatically detect if PowerShell is installed, then detect what platform its running on. If 64 bit is detected, it will automatically downgrade the process to a 32 bit process for native shellcode injection.

Changelog

* incorporated the new x86 PowerShell downgrade attack. This will automatically use x86 shellcode regardless of operating system. (https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/)

* changed platform detection from if($env:PROCESSOR_ARCHITECTURE -eq “AMD64″) to [IntPtr]::Size -eq 6 (thanks Matthew Graeber)

* rewrote payload generator in powershell menu to use new process downgrade attack

* rewrote java applet to use the new process downgrade attack

* rewrote powershell generation within setcore to use the powershell downgrade attack

* changed the default Java Applet wording to “Applet verified as safe (TRUSTED)”.

* fixed a bug that would cause SQL bruter to error out when specifying a single host and the host was not alive

* fixed a bug that would allow you use web templates with webjacking and tabnabbing which it should not have

* removed old encoding methods when using standard metasploit executables

* fixed an issue that would not allow SSL and harvester to work correctly – this required manually patching socket.py and keeping a patched version in the root directory upon launch. This is due to a bug in pyopenssl and unhandled packet handling within socket.py

* added more stability to the SSL harvester when using pem certificate files

* added powershell downgrade attack to psexec powershell attack

* added ExitOnSession to false when using psexec command

* added set EnableStageEncoding true when using psexec command for stager encoding with shikata

* added better stability to the powershell injection attacks with multiple detection points

* fixed an issue that would cause an error message when reusing credential harvester

* added proper cleanup on new socket.py – has to be in SET root – weird issue when os.chdir or sys.path.append – doesn’t recognize

* removed man left in the middle from the web attacks menu

* streched the text on the menu to be full line versus manual splitting

* added new code and binary for pyinjector to evade AV

* added new code and binary for multipyinjector to evade AV

* officially removed the “set” command and moved to se-toolkit, set was a linux command and conflicted – use se-toolkit from here on out

* simplified the replace code for the shellcode powershell injection technique in setcore

* improved string encryption on the java applet attack

* added -noprofile flag option to powershell injection for x86 downgrade attack

* slimmed down the code used for the powershell injection attacks, allows more space for shellcode

Download SET v5.2

[EMET v4.0] Enhanced Mitigation Experience Toolkit

Read

The Enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Changelog v4.0

New features introduced in EMET 4: Certificate Trust, mitigations improvement hardening, and the Early Warning Program.

(Reposted from TechNet Blogs)

Redesigned User Interface: We realized that with the addition of the new features introduced in EMET 4.0 Beta, the old graphical user interface was not as effective and easy to use. For this reason, we decided to re-design EMET’s GUI to facilitate and streamline the configuration operations. We also added the possibility to select the look-and-feel of EMET from a set of skins that we included.

Configuration Wizard: We know that configuration can be challenging when installing EMET for the first time. In EMET 3.0 we added the Protection Profiles, which were used to facilitate the initial configuration for applications. With EMET 4.0 we are introducing a Configuration Wizard that will automatically configure EMET with a standard set of SSL certificate pinning rules as well as a list of applications to protect. It also can preserve existing EMET 3.0 settings, and gives the possibility to add standard configuration for the new features. The Configuration Wizard will start automatically during EMET’s installation and can also be accessed, at any time, from EMET GUI. Advanced users can choose to apply a standard configuration through the Configuration Wizard and then customize EMET’s configuration afterwards according to their needs.

Changes in Certificate Trust: We made a few changes to the Certificate Trust feature, based on users’ feedback, further internal investigation, and partnership with third party online services. We added a new exception to the SSL certificate pinning rules that if enabled will make EMET verify just the Public Key component of the Root CAs present in the rule without matching subject name and serial number. Additionally, we made the Certificate Trust feature available on 64-bit versions of Internet Explorer. Finally, we added to the previous default rules for Microsoft online services new rules also for Twitter, Facebook, and Yahoo!.

Updated Group Policy profiles: Enterprise customers will notice that we updated our Group Policy profiles to include not only the ability to configure system and application mitigations, but also the reporting mechanisms, the advanced mitigation configurations, and the exploit action.

Full Changelog: here

Download EMET v4.0

[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”

Read

Download SET v5.1 “Name of the Doctor”

The Social-Engineer Toolkit (SET) version 5.1 codename “Name of the Doctor” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit.

The MSSQL Bruter now incorporates UDP port 1434 quick discovery by sending a specially crafted packet to MSSQL servers and returning the port automatically. This technique eliminates the need to port scan and quickly identifies the SQL server as well as what port the SQL server is listening on. In addition, SET has moved away from the _mssql python module and towards impacket from Core Security. Main reason for this is due to some instabilities in later versions of _mssql with execute_query() being broke as well as the functionality built into impacket makes it much easier to use.

In addition to utilizing impacket, originally in SET you had two options for payload delivery, the first being POwerShell and the second the binary 2 hex debug conversion attack vector. This has been changed to automatically detect if PowerShell is installed on the victim machine, if it is – SET will automatically deploy a PowerShell injection technique that has been completely rewritten in the MSSQL module. If it does not detect PowerShell, it will automatically revert back to the debug. Lastly on the MSSQL Bruter portions, performance has been increased significantly on the brute forcing, discovery, and deploying of payloads.

For a video of the features, check out below:

Vimeo: Video

A new attack vector build into SET is the new psexec attack vector inside the Fast-Track menu. During a penetration test, often times you may have credentials to a server and want Meterpreter on a wide scale level. The psexec traditional module gets picked up by Anti-Virus due to known signatures being used. You can either use the EXE::Custom advanced feature however it still doesn’t give you the ability to select RHOSTS (multiple IP addresses) unless you custom script it or through something like railgun. The newer module “psexec_command” allows you to specify RHOSTS as well as execute a command on the operating system. Inside of SET, the psexec attack vector will automatically created a meterpreter backdoor through PowerShell and deploy it to systems you have permission to (RHOSTS). You can either use a username and password that you’ve decrypted or the hash for the pass the hash attack vector.

In addition to the new attack vectors, a number of other improvements, bug fixes, and enhancements have been made in this release. For more on all of the changes, check out the changelog before:

Changelog v5.1

when specifying a custom wordlist in SET – added the ability for ports to be specified ipaddr:portnum for example 192.168.5.5:2052 just in case a SQL server is not listening on 1433
incorporated udp port 1434 enumeration instead of portscanning – much more faster and efficent – also finds ports that are not on port 1433 (thanks Larry Spohn)
removed the src/core/portscan.py it is no longer needed
added impacket as a dependacy – will be used for psexec command execution and TDS connections via mssql
fixed an issue that would cause the import modules to not load properly when relaunching the MSSQL Brute attack
improved the speed of the MSSQL brute attack on initial brute force
completely rewrote MSSQL Brute to incorporate impacket – SET no longer uses the _mssql module – highly buggy in the latest versions
improved udp 1434 detection capability by piping through the printCIDR function which will utilize CIDR notations when scanning
incorporated new function called capture which will take stdout from function calls and present them as a string – important when doing regex in impacket
streamlined the MSSQL bruter to automatically profile the system to determine if Powershell is installed, if so it will automatically do powershell injection, if not it will fall back to the Windows debug method for payload delivery
rewrote the entire powershell deployment module – it now ties in to standard powershell shell payload delivery system
added dynamic shellcode patching to the MSSQL bruter – now generates shellcode automatically, cast it unicode, then base64 encoding for EncodedCommand powershell bypass technique
rewrote the hex2binary deployment method to support the new impacket method – it will now automatically deliver a binary based on the attack vector that you want to use
shrunk the powershell injection code to fit properly within MSSQL xp_cmdshell one call
added one line for xp_cmdshell disable which works on later versions of Windows
removed the portscan functionality completely out of the MSSQL payload
rewrote all portions of the MSSQL bruter to be fully impacket and removed the dependacy for _mssql from fast-track
added new attack vector within the Fast-Track menu “PSEXEC Powershell Injection” which will allow you to specify psexec_command and compromise via direct memory injection
added ability to set threads within the new PSEXEC PowerShell Injection technique
added quick dynamic patching for the powershell injection technique for payloads
added a new trustedsec intro ascii art that has the TS logo on it
updated rid_enum to the latest github version inside SET

[ShellNoob v1.0] Shellcode Writing Toolkit

Read

ShellNoob is a writing toolkit, that helps you to writting some shellcodes, converting to different formats, resolving some boring steps.

Features:

convert shellcode between different formats (currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty)
interactive opcode-to-binary conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode.
resolve syscall numbers and constants (not exactly implemented yet)
portable and easily deployable (it only relies on gcc/as/objdump and python). And it just one python file!
in-place development: you run ShellNoob directly on the target architecture!
other options: prepend breakpoint, 32bit/64bit switch.
read from stdin / write to stdout support (use “-” as filename)

Use Cases

$ ./shellnoob.py -h
./shellnoob.py [--from-INPUT] (input_file_path | - ) [--to-OUTPUT] [output_file_path | - ]
./shellnoob.py -i (for interactive mode)
./shellnoob.py -c (insert a breakpoint at the beginning of the shellcode)
./shellnoob.py --64 (64bits mode)
./shellnoob.py --get-const 
./shellnoob.py --get-sysnum

supported INPUT format: asm, obj, bin, hex
supported OUTPUT format: asm, obj, exe, bin, hex, C, python, bash, ruby, pretty

Download ShellNoob v1.0

[IPv6 Toolkit v1.3.4] A security assessment and troubleshooting tool for the IPv6 protocols

Read

[EMET v4.0 Beta] Enhanced Mitigation Experience Toolkit

Read

The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system.

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:

1. No source code needed: Until now, several of the available mitigations (such as Data Execution Prevention) have required for an application to be manually opted in and recompiled. EMET changes this by allowing a user to opt in applications without recompilation. This is especially handy for deploying mitigations on software that was written before the mitigations were available and when source code is not available.

2. Highly configurable: EMET provides a higher degree of granularity by allowing mitigations to be individually applied on a per process basis. There is no need to enable an entire product or suite of applications. This is helpful in situations where a process is not compatible with a particular mitigation technology. When that happens, a user can simply turn that mitigation off for that process.

3. Helps harden legacy applications: It’s not uncommon to have a hard dependency on old legacy software that cannot easily be rewritten and needs to be phased out slowly. Unfortunately, this can easily pose a security risk as legacy software is notorious for having security vulnerabilities. While the real solution to this is migrating away from the legacy software, EMET can help manage the risk while this is occurring by making it harder to hackers to exploit vulnerabilities in the legacy software.

4. Ease of use: The policy for system wide mitigations can be seen and configured with EMET’s graphical user interface. There is no need to locate up and decipher registry keys or run platform dependent utilities. With EMET you can adjust setting with a single consistent interface regardless of the underlying platform.

5. Ease of deploy: EMET comes with built-in support for enterprise deployment and configuration technologies. This enables administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.

6. Ongoing improvement: EMET is a living tool designed to be updated as new mitigation technologies become available. This provides a chance for users to try out and benefit from cutting edge mitigations. The release cycle for EMET is also not tied to any product. EMET updates can be made dynamically as soon as new mitigations are ready

The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques

New enhancements with v4 (from Microsoft Blog)

The feature set for this new version of the tool was inspired by our desire for EMET to be an effective mitigation layer for a wider variety of potential software exploit scenarios, to provide stronger protections against scenarios where EMET protection already exists, and to have a way to respond to 0day exploits as soon as possible. Here are the highlights of the EMET 4.0 feature set:

EMET 4.0 detects attacks leveraging suspicious SSL/TLS certificates
EMET 4.0 strengthens existing mitigations and blocks known bypasses
EMET 4.0 addresses known application compatibility issues with EMET 3.0
EMET 4.0 enables an Early Warning Program for enterprise customers and for Microsoft
EMET 4.0 allows customers to test mitigations with “Audit Mode”

SSL/TLS Certificate Trust features

EMET 4.0 allows users to configure a set of certificate pinning rules to validate digitally signed certificates (SSL/TLS certificates) while browsing with Internet Explorer. This option allows users to configure a set of rules able to match specific domains (through their SSL/TLS certificates) with the corresponding known Root Certificate Authority (RootCA) that issued the certificate. When EMET detects the variation of the issuing RootCA for a specific SSL certificate configured for a domain, it will report this anomaly as an indicator of a potential man-in-the-middle attack.

Advanced users can also add exceptions for each pinning rule. This will allow EMET to accept SSL/TLS certificates even if the pinning rule doesn’t match. Exceptions are related to some properties of the RootCA certificate, such as key size, hashing algorithm, and issuer country.

Strengthened mitigations, blocking bypasses

We learned a great deal during the “Technical Preview” phase of EMET 3.5. We saw researchers poking and presenting clever tricks to bypass EMET’s anti-ROP mitigations. EMET 4.0 blocks these bypasses. For example, instead of hooking and protecting only functions at the kernel32!VirtualAlloc layer of the call stack, EMET 4.0 will additional hook lower level functions such as kernelbase!VirtualAlloc and ntdll!NtAllocateVirtualMemory. These “Deep Hooks” can be configured in EMET’s Advanced Configuration. We have seen exploits attempt to evade EMET hooks by executing a copy of the hooked function prologue and then jumping to the function past the prologue. With EMET 4.0’s “Anti detours” option enabled, common shellcode using this technique will be blocked. Finally, EMET 4.0 also includes a mechanism to block calls to banned API’s. For example, a recent presentation at CanSecWest 2013 presented a method of bypassing ASLR and DEP via ntdll!LdrHotPatchRoutine. EMET 4.0’s “Banned API” feature blocks this technique.

Application compatibility fixes

Users of previous versions of EMET had encountered isolated compatibility issues when enabling mitigations on both Microsoft and third party software. EMET 4.0 addresses all these known app-compat issues. That list includes issues in the following areas:

- Internet Explorer 9 and the Snipping Tool

- Internet Explorer 8’s Managed Add-ons dialog

- Office software through SharePoint

- Access 2010 with certain mitigations enabled

- Internet Explorer 10 on Windows 8

The EMET 4.0 installer also opts-in protection rules with certain mitigations disabled where we know a mitigation interacts poorly with certain software. Examples include Photoshop, Office 2013’s Lync, GTalk, wmplayer, and Chrome.

Early Warning Program for enterprise customers and for Microsoft

When an exploitation attempt is detected and blocked by EMET, a set of information related to the attack is prepared with the Microsoft Error Reporting (MER) functionality. For enterprise customers collecting error reports via tools like Microsoft Desktop Optimization Package or the Client Monitoring feature of System Center Operations Manager, these error reports can be triaged locally and used as an early warning program indicating possible attacks again the corporate network. For organizations that typically send all error reports to Microsoft, this information will add to the set of indicators we use to hunt attacks in the wild, and will facilitate the remediation of issues with security updates before vulnerabilities become a large scale threat. The EMET Privacy Statement (available also via the main EMET window) includes more information about the type of data that will be sent in the error report via Microsoft Error Reporting. The Early Warning Program is enabled by default for the EMET 4.0 Beta and can be disabled in the EMET UI or via the EMET command line component. We are eager to hear customer feedback about this feature to help shape the Early Warning Program for the EMET 4.0 final release.

Audit Mode

When previous versions of EMET detected exploitation attempts, it would report the attack via the EMET agent and then terminate the program to block the attack. For EMET 4.0, in response to customer feedback, we provided an option to configure EMET’s behavior when it detects an exploitation attempt. The default option remains to terminate the application. However, customers wanting to test EMET in a production environment can instead switch to “Audit Mode” to report the exploitation attempt but not terminate the process. This setting is not applicable for all mitigations but we provide this option whenever possible.

Other Improvements

EMET 4.0 includes a bunch of other improvements. The quantity of new features and volume of work put into this release is the reason we skipped the EMET 3.5 full release and jumped straight to EMET 4.0. Please refer to the EMET 4.0 Beta Users Guide for the full set of features but here are several other highlights:

- EMET Notifier becomes EMET Agent, with new duties and functionalities

- More granular reporting options (tray icon, event log, both, or none)

- New default profiles for both mitigations and Certificate Trust

- Registry configuration to customize the EMET Agent’s messaging

- Optimized RopCheck for significantly better performance

- Numerous UI tweaks to make EMET easier to use

- Enable wildcard support when adding applications to be protected

- Allow processes to be protected even if they do not have .exe extension

- Switched to .NET Framework 4.0

- EMET is an officially supported Microsoft tool with support available for customers with Premier contract

Download EMET v4.0 Beta

[SET Version 5.0] The Social-Engineer Toolkit "The Wild West"

Read

Download The Social-Engineer Toolkit (SET) v5.0

Social-Engineer Toolkit (SET) v5.0 codename: The Wild West is a culmination of six months of development, bug squashing, and user feedback. New with this version includes a completely redesigned multiprocessing web server that handles non-rfc compliant HTTP information. The builtin SET web server would on occasion crash when receiving unexpected characters. The new version of the web server is stable, and significantly faster. This version if Kali Linux compliant (FSH) where all information is now moved and removed from src/program_junk and to your ~/.set home directory.

In addition to FSH structuring of SET, we have also added some significant performance and stability updates. For example, traditionally if you launched an attack, you would have to exit out of SET completely then relaunch. The dynamic importing has now changed to fix this and improve the ability to reuse modules.

For a full list of changes, the changelog can be found below:

~~~~~~~~~~~~~~~~

version 5.0

~~~~~~~~~~~~~~~~

* fixed a bug that would cause tabnabbing to throw an exceptions around check_options

* added setcore modules into tabnabbing to allow centralized routines

* fixed a bug that would cause webjacking to throw an exeptions around check_options

* added git clean -fd prior to set update, this will force a clean when pulling the latest files

* fixed a bug that would cause a system not setup properly when installing in setup.py

* fixed a bug on start_dns() upon launch will cause errors on certain systems

* added installation script for putting SET into /usr/bin and /usr/share for FSH compliant installer

* added set-update to the installation path, can type that anywhere now

* added set-automate to the list to be typed in anywhere

* fixed a bug that would cause the java applet method to not work a second time in use (reload)

* rewrote MASSIVE amounts of code to no longer use src/program_junk for storage of applications, its now all under ~./set

* fixed a os.chdir issue when using it to spawn a web server during java applet, moved to multi processing instead of threading.thread

* fixed a bug that caused credential harvester to throw an exceptions with the new ~./.set directory structure

* centralized setdir into the main repository to handle it through there and to call the ~/.set directory

* added additional passwords to wordlist.txt used for fast-track mssql brute forcing

* fixed a mssql access bug that would cause fast-track to error out if unspecified IP was added

* removed the pymssql check from the initial SET start and onto Fast-Track since it’s only used there

* turned java repeater to ON by default, much better success rate in SE pentesting

* rewrote large portions of payloadgen to incorporate the changes to the new ~/.set path variables

* added a new file structure to launch set called se-toolkit. The set executable is now depricated and should no longer be used – to launch set just type ./se-toolkit

* updated the setup.py installation to be more robust when performing installations (windows, etc.)

* moved all of the reporting structures within SET to the new ~/.set directory

* added a checkup routine in set and se-toolkit to check for the reports directory

* fixed a bug that would cause multi powershell injection to trigger even when using the powershell menu, it will just generate one now

* fixed an issue that could cause powershell injection to not work properly using the fast patch method

* fixed an issue that would cause definepath to not be specified when using the SE Toolkit Interactive shell

* fixed relative path issues in sccm_main and powershell teensy vectors to point to new .set directory

* fixed an issue that would cause the SE toolkit to hang on a weird bug when importing binascii – moved binascii to main import above and no longer hung

* fixed a before assignment error when using the windows debug conversion in the fast-track mssql menu (meta_path reference)

* changed reports directory within the teensy side to move to ~/.set/reports

* moved the report_generator in harvester to pull and report on the new ~/.set reports structure

* fixed an issue where webjacking would not post properly on certain websites (index2.html conflict issue)

* added the Metasploit MS13-009-IE SLayoutrun Use After Free Exploit to the Metasploit Brwoser Exploit attacks

* fixed a parsing issue with the JMX bean exploit in the SET menu text from appearing to be on one line

* added a new description on setting up sendmail for Kali Linux

* added a check for multi powershell injection and check for solo instances through powershell teensy and not to generate a ton

* changed the email handler from control-c to END instead. Control-C will break multiprocessing within src.html.spawn and this is the proper way to do it

* cleaned up setcore with old code and optimized other areas of the code base

* reduced the description of the allports payload when selecting in web attack method

* added a completely new and redesigned multi threaded and multiprocessing web server – should be significantly faster with less bugs and crashing when handling non-rfc compliant HTTP requests

* optimized applet load time to be much more efficent when being loaded into the web attack vector (about 4 seconds improvement)

* rewrote exceptions handler for the new web server to check to see if anything is running on port 80 when starting

* turned java repeater to on by default – more stable and tested on multiple platforms

* fixed an issue that would cause the java applet web cloner to fail upon running it twice – added reload(module) option to fix the bug

* fixed an issue that caused powershell.prep to not load if used twice

* fixed an import error when using powershell injection through the main menu

* changed initial set menu in powershell to be the standard setprompt

* changed the default port to 443 on powershell delivery in the set option number 10

* fixed an issue that would cause the powershell injection to spawn on port 22 versus 443 as specified

* removed the man left in the middle attack – no longer in use, outdated and not maintained

* removed beautifulsoup as a dependancy for SET due to the removal of man left in the middle

* added the ability to call the web server and stop it based on stop_server()

[SET v4.7] The Social-Engineer Toolkit

Read

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should never trigger anything like anti-virus or whitelisting/blacklisting tools. In addition to multi-powershell injector, there are a total of 30 new features and a large rewrite of how SET handles passing information within different modules.

Change log for version 4.7

removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
moved all port.options to the central routine file set.options
moved all ipaddr.file to the central routine file set.options
changed spacing on when launching the SET web server
changed the wording to reflect what operating systems this was tested on versus browsers
removed an un-needed print option1 within smtp_web that was reflecting a message back to user
added the updated java bean jmx exploit that was updated in Metasploit
added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
enabled multi-pyinjection through java applet attack vector, it is configured through set config
removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
fixed a bug that would cause linux and osx payloads to be selected even when disabled
fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
added automatic check for Kali Linux to detect the default moved Metasploit path
removed a tail comma from the new multi injector which was causing it to error out
added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
added new check to remove duplicates into multi powershell injection
made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
added signed and unsigned jar files to the java applet attack vector
removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
fixed a payload duplication issue in create_payload.py, will now check to see if port is there
removed a pefile check unless backdoored executable is in use
turned digital signature stealing from a pefile to off in the set_config file
converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly

It can also be downloaded through github using the following command:
git clone https://github.com/trustedsec/social-engineer-toolkit/set/

[ADHD v.0.4.1] Active Defense Harbinger Distribution

Read

[IPv6 Toolkit v1.3] Security Assessment and Troubleshooting Tool for the IPv6 Protocols

Read

[Zexplo] Penetration Testing Toolkit

Read

[SET] Social-Engineer Toolkit v4.3 "Turbulence"

Read