S.E.F. is a framework to make social engineering easier for pentesters. This framework provides several tools to automate many of the mundane tasks that need to be performed when performing social engineering. It includeds the following tools:
- sefemails – generate a list of email addresses based on a list of names and email scheme
- sefphish – sending out a large number of phishing emails
- sefnames – generate a list of names based on email addresses
- sefpayload – generate a metasploit meterpreter payload
The first step in social engineering is to gather a list of email addresses for your targets. Sefemails can be used to generate email addresses based on email schemes. This is a fair more effective method than scrapping google.
Once you have a list of victims, it is important to have a repeatable process that is flexible for performing phishing attacks. Sefphish uses a configuration file so that the phishing attack can be customized for each target.
Sefpayload and sefnames provide some additonality functionality that maybe helpful depending on your needs. Sefpayload is a tool to generate Metasploit reverse_tcp meterpreter payloads for use during social engineering. Sefnames is a tool to extract names from email addresses.