Social engineering is a method of attack that typically uses a delivery tool, like e-mail or a USB key, to induce a target to share sensitive information or to perform an action that enables an attacker to compromise the system. You perform social engineering tests to gauge how well the members of an organization adhere to security policies or to identify the security vulnerabilities created by people and processes in an organization.
In Metasploit Pro, you create and run campaigns to perform social engineering attacks. A campaign contains the e-mails, web pages, and portable files that you need to run a social engineering attack against a group of human targets. You can set up campaigns to perform phishing attacks, launch client-side exploits, run Java signed applets, generate executables for USB key drops, and send out e-mails with malicious attachments.
The campaign tracks the number of human targets that fall victim to the attack and presents the results in a social engineering report. You can read the report to review the metrics for the campaign, learn about remediation recommendations, and determine the effectiveness of the campaign.Additionally, the campaign page shows real-time statistics that provide you with a high-level overview of the campaign results. For example, you can view the number of recipients who opened the e-mail or filled out the web form in a phishing campaign.