Oct 11, 2024 12:27:21 PM | What’s In A Social Engineering Toolkit?

One of the many services that White Oak Security offers is Onsite Social Engineering. As a pentester, I have performed 50+ physical onsite social engineering engagements over my professional career […]

One of the many services that White Oak Security offers is Onsite Social Engineering. As a pentester, I have performed 50+ physical onsite social engineering engagements over my professional career and I always bring my social engineering toolkit. This post will discuss the items I have in my toolkit bag and potentially introduce you to some helpful, handy tools.

Social Engineering Testing Tools

Now the following items are what I have included (but not limited to) MY toolkit, these can vary from pentester to pentester. 

Under The Door Tool

The Under The Door Tool (UTDT) can be used to open level handle doors from the outside via reaching under the door. This tool is super easy to use, just slide it under the door and work it up over the latch. Once in place, pulling down on the cable will move the handle and open the door. The UTDT is very inexpensive – roughly $30, which makes it a no-brainer for anyone doing social engineering engagements. The one caveat is that it can be fairly big, however, I have gotten it to fit within a larger laptop bag!

this image shows White Oak Security's social engineering toolkit item that looks similar to a fishing pole, it's called the under the door tool used for opening doors.

Lock Pick Tools

I tend to keep a standard set of various lock picks on hand, but also like to include the following:

  • Shove knife
  • Bump hammer with bump keys
  • 7 & 8 pin tubular picks
  • Plug spinner

There are a ton of different companies that offer different setups – but one that comes with most of the items needed is this Tactical Entry Kit from Lock Pick Tools (shown below).

White Oak Security displays the tactical entry lock picking tool kit with various types of lock pick tools.

RFID

On the RFID side of the house, I like to keep a spare Proxmark3 RDv2 setup. It allows me to clone, emulate, and even brute force RFID cards. Taking it even further – I also include White Oak Security’s own Skim Job toolset if I am targeting low-frequency HID Prox style cards. I also have a couple of blog posts on utilizing this specific Proxmark3.

Image by White Oak Security shows a device for RFID, it's the Proxmark3 RDv2 setup for skimming.

Network Access

Other items I tend to consider keeping on hand include (but again, are not limited to the following lists.

  • Mini wireless access point
  • Ethernet cables
  • HAK5 toolkit
  • Laptop

Identification

  • Legitimate identification (driver’s license)
  • Get out of jail letter (client authorization letter)
  • Personal business card
  • Fake business cards
  • Fake employee badges w/lanyards

Miscellaneous

  • Flashlight
  • Scissors
  • Pen
  • Clipboard
  • Canned air
  • Tape

THE Bag

I try to keep all of these tools within a larger laptop carrying bag (shown below). 

this image is a large laptop bag that White Oak Security's pentester uses to keep all this social engineering testing toolkit in.

What’s In Your Bag?

Depending on the engagement and what the client considers to be in-scope the items contained within my social engineering toolkit bag can differ all the time. Typically, when attempting to gain access into a building – I try to keep my setup light, just for quick moving around. Once I establish consistent access, I tend to bring more items in to start testing different controls within the building. 

 

Written By: Brett DeWall