Security Tools

A Powerful Tool For Social Engineering

The Social-Engineer Toolkit (SET) was created and written by Dave Kennedy, founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering.

It has been presented at large-scale conferences including BlackHat, DerbyCon, Defcon, and ShmooCon and has become the standard for social-engineering penetration tests and supported heavily within the security community.

It has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. Social-engineering is one of the hardest attacks to protect against and now one of the most prevalent.

The toolkit has been featured in a number of books including the number one best seller in security books for 12 months since its release, “Metasploit: The Penetrations Tester’s Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.

To download SET, type the following command in linux:

git clone https://github.com/trustedsec/social-engineer-toolkit/set/

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing.

As pentesters, we are accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those “go to” tools that we use on a regular basis. Using the latest and greatest is important.

PTF installs all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used.

PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It’s all up to you.

To download PTF, type the following command in linux:

git clone https://github.com/trustedsec/ptf/

Shared Host Integrated Password System (SHIPS): Local Super User or Administrator Password Manager

The Shared Host Integrated Password System (SHIPS) is an open-source solution created by Geoff Walton to provide unique and rotated local super user or administrator passwords for environments where it is not possible or not appropriate to disable these local accounts.

Our goal is to make post exploitation more difficult and provide a simplistic way to manage multiple systems in an environment where Windows and Linux does not necessarily support an alternative.

Clients for Windows and Linux may be configured to rotate passwords automatically. Stored passwords can be retrieved by desktop support personnel as required, or updated when a password has to be manually changed in the course of system maintenance.

By having unique passwords on each machine and logging of password retrievals, security can be improved by making networks more resistant to lateral movement by attackers and enhancing the ability to attribute actions to individual persons.

For a full installation tutorial and to read up more on SHIPS including functionality and tweaking, visit the github link to download the PDF document:

https://github.com/trustedsec/SHIPS/raw/master/doc/SHIPS_Installation_v2.pdf

SHIPS download link:

https://github.com/trustedsec/SHIPS/archive/master.zip