For hackers, as well as professional penetration testers, social engineering is an invaluable tool. Because hacking cannot always be done through brute force, ever since the concept of limited login and other forms of security came into play.
Penetration has to be done from within, by unwitting accomplices from within the target organization itself through social engineering. Social engineering however is a wide subject matter by itself and makes use of various tools in order to be accomplished.
There are plenty of social engineering tools available for the professional hacker or penetration tester.
By social engineering tools, we mean software solutions that make it easier to pull off most social engineering concepts. When practicing social engineering for example, it’s important to know your targets.
The people who work in the target organization, who they are, where they often go and possibly their behaviors.
Most of the work can be done through OSINT or open-source intelligence. Most people are basically open books on the internet, especially if they spend much time on social media.
OSINT itself is a tool for social engineering and there are tools to perform OSINT such as:
- PeekYou – there are plenty of sites where you can look for a particular person absent in popular social media, in order to ‘catch up’ on old times. One of them is PeekYou, a reliable but paid people finder website. If you have a career in either side of hacking, this is a valuable tool to get data such as residency location, education, age, online aliases, employer, etc.
- Buscador Investigative Operating System – an OS for OSINT that can be used by hackers, pen testers as well as private investigators.
- Maltego – there’s also Maltego. Unfortunately, it’s not completely free. The commercial version can really get you far in terms of getting the email addresses, DNS info, people addresses and infrastructure technologies of an organization.
- Metagoofil and Foca – Other personal info can be found within an organization’s files itself. Office document files can be full of raw and metadata. Getting that data is the job of Foca and Metagoofil.
- Social Engineer’s Toolkit (SET) – Once you get to know a little more about the target/s, it’s time to attack. The Social Engineer’s Toolkit is a powerful set of tools developed by TrustedSec, a popular group of cybersecurity professionals.
- HackSearch Pro Plugin – OSINT also involves info about the target organization itself. It can be difficult get to the juicier parts of a website such as gateway, DNS information but this Firefox plugin will do much of the work. Simply browse the target website and the plugin will do the rest.
- Shodan – is a powerful tool to know more about the target organization. It’s considered the Google for hackers and cybersecurity professionals. It tells you the devices used by the organization, servers used, and services subscribed, among other things.
- Unshredder – is for the serious hacker, or pen tester because it’s used to put together recovered strip-shredded documents, which often contain some juicy info. It’s for the really serious ones as this is a time-consuming process.
After finding out much about the organization and its employees, it’s time to do the actual attacks using SET or other social engineering tools, concepts, and techniques, including interacting with targets using social engineering concepts such as authority, reciprocity, flattery, and influence.
Or there’s actual spying involving physical penetration tools such as fake IDs, clothing, hidden cameras or baiting employees with random disks and USB drives. And finally engage in old-fashioned mind games through the phone or online through vhishing, phishing, spear phishing.
As mentioned, social engineering is a broad concept with many social engineering tools. Social engineering is often effective thanks to inherent bugs in the human brain that makes untrained individuals susceptible.
It’s broad but not difficult. Read more into the concepts that we mentioned and you just bagged yourself a valuable tool for both sides of the cybersecurity fence.