Chapter ten of Metasploit: The Penetration Tester’s Guide moves into Social Engineering, which is a topic I’ve yet to explore. It transpires that one of the author’s of the above book – David “SacMan” Kennedy – developed the Social-Engineer Toolkit (SET) to coincide with the release of Social-Engineer.org.
The site offers a centralised location for social-engineering tutorials and explains terminologies, definitions, and scenarios that can help you prepare for hacking the human mind.
I like the website’s reference to exploiting the “HumanOS”
Here’s a snippet from the above book relating to SET:
The purpose of SET is to fill a gap in the penetration testing community and bring awareness to social-engineering attacks. And it has succeeded – SET has been downloaded 1 million times and is now an industry standard for deploying social-engineering attacks. The toolkit attacks human weakness, exploiting curiosity, credibility, avarice, and simple human stupidity. Social-engineering attacks are at an all-time high and have always been a large risk for many organisations.
Backtrack and Kali Linux come with SET as default. In Kali you can find SET in “Exploitation Tools”.