Social engineering for the masses

There are several tools out there which can be used to identify “human threats”. All of them should be used by permission only (check that with your local lawyer, too) and can help to secure your company.
You will always need security knowledge and practical experience when using those tools so do not hesitate to ask for professional support.

The swiss knife “Kali”

The well known distribution for pen-testing named Kali Linux (previously named “back|track”) also has capabilities for social engineering, of course. One example is SET (see the next lines).

More details: https://www.kali.org

This is a very advanced one and have many features you may not need so checkout the other tools here.

Lucy

A currently very pronounced one is named Lucy: http://gtta.net/PS/lucy.html

Lucy is a very very good first start and can be used by everyone with average IT knowledge. It comes with wizards, predefined templates and is very easy to setup and use. Best of all you will get nice reports at the end and it is free to use for 10 campaigns (each of 50 users).

If you are new to this field Lucy will give you a very good start but as usual keep in mind that it should never be used without permission of the target.

The creators of Lucy also have an audit community edition available. if you are interested in that, too check it out here: http://www.gtta.net

Social Engineering Toolkit (SET)

One of the most known tools when it comes to this field is SET which can be found here: https://github.com/trustedsec/social-engineer-toolkit/

As mentioned earlier this and others are also included in https://www.kali.org, too.

Social Engineering Framework (SEF)

A maybe more unknown kit is SEF which can be found here: https://sourceforge.net/projects/sefbyankit

It’s main purpose is to help you setting up an easy phishing attack including attachment adding etc. It is not very recent (last updated 2013) but comes with a web based wizard and without the need to setup a full VM.

Absolutely untested tools

Facebrok

A specialized tool for faking facebook profiles. You need to host the code on your webserver and you will be guided setting it up afterwards. This is completely untested so no warranties for anything: https://sourceforge.net/projects/facebrok