Zum Inhalt

Social Engineering Toolkit (SET) Cheat Sheet

_ _

_

Im Überblick

Das Social Engineering Toolkit (SET) ist ein offener Python-getriebener Rahmen für Social Engineering Penetration Tests. Entwickelt von TrustedSec automatisiert es komplexe Social Engineering-Angriffe, um das Sicherheitsbewusstsein und die Sicherheitsanfälligkeit einer Organisation zu testen.

ZEITSCHRIFTEN Warning: Verwenden Sie SET nur auf Systemen und gegen Ziele mit ausdrücklicher schriftlicher Genehmigung. Unberechtigte Nutzung kann Gesetze und Vorschriften verletzen.

• Installation

Das ist der Grund.

# Already pre-installed on Kali, or install/update with:
sudo apt update
sudo apt install set
sudo apt install setoolkit

# Launch SET
sudo setoolkit
```_

### Manuelle Installation (Linux)
```bash
# Clone the repository
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit

# Install dependencies
pip3 install -r requirements.txt

# Install SET
sudo python3 setup.py install

# Launch SET
sudo setoolkit
```_

### Docker Installation
```bash
# Pull the Docker image
docker pull trustedsec/social-engineer-toolkit

# Run SET in a container
docker run -it trustedsec/social-engineer-toolkit
```_

oder Basisnutzung

### Starting SET
```bash
# Launch SET with root privileges
sudo setoolkit

# Launch SET from source directory
cd social-engineer-toolkit
sudo python3 setoolkit
```_

### Navigation

Use numbers to select options

Use 99 to return to the previous menu

Use exit or quit to exit SET

oder Hauptmenü Optionen

### Social-Engineering Angriffe
1) Social-Engineering Attacks - Primary attack vectors for social engineering 
### Penetration Testing (Fast-Track)
2) Penetration Testing (Fast-Track) - Quick penetration testing tools 
### Third Party Modules
3) Third Party Modules - Additional modules contributed by the community 
### Update SET
4) Update the Social-Engineer Toolkit - Update to the latest version 
### Konfiguration aktualisieren
5) Update SET configuration - Change configuration settings 
### Hilfe
6) Help, Credits, and About - Information about SET 
Social-Engineering Angriffe

### Spear-Phishing Attack Vectors
1) Spear-Phishing Attack Vectors 1) Perform a Mass Email Attack 2) Create a FileFormat Payload 3) Create a Social-Engineering Template 4) Create a Android/MacOS/Windows/iOS Payload 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) Wireless Access Point Attack Vector 8) QRCode Generator Attack Vector 9) Powershell Attack Vectors 10) SMS Spoofing Attack Vector 
### Website Angriff Vektoren
2) Website Attack Vectors 1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Web Jacking Attack Method 6) Multi-Attack Web Method 7) HTA Attack Method 8) Badpdf Attack Method 
### Infectious Media Generator
3) Infectious Media Generator 1) USB/CD/DVD (AutoRun) Method 2) Advanced File Format Infection 
### Create a Payload and Listener
4) Create a Payload and Listener - Generate standalone payloads 
### Mass Mailer Angriff
5) Mass Mailer Attack 1) E-Mail Attack Single Email Address 2) E-Mail Attack Mass Mailer 
### Arduino-Based Attack Vector
6) Arduino-Based Attack Vector - Hardware-based attacks 
### Wireless Access Point Attack Vector
7) Wireless Access Point Attack Vector - Create rogue access points 
### QRCode Generator Attack Vector
8) QRCode Generator Attack Vector - Generate malicious QR codes 
### Powershell Angriffsvektoren
9) Powershell Attack Vectors - PowerShell-based attacks 
Website Angriff Vektoren

### Credential Harvester

Select from main menu:

1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method

Then choose one of:

1) Web Templates 2) Site Cloner 3) Custom Import 4) Tabnabbing

For Site Cloner:

Enter IP for POST back: [your IP]

Enter URL to clone: https://example.com

### Web Templates

Available templates include:

1) Java Required 2) Google 3) Gmail 4) Facebook 5) Twitter 6) Yahoo 

### Multi-Attack Web Method

Select from main menu:

1) Social-Engineering Attacks 2) Website Attack Vectors 6) Multi-Attack Web Method

Choose attack methods to include

Enter IP for POST back: [your IP]

Enter URL to clone: https://example.com

Spear-Phishing Angriffe

### Maß Email Attack

Select from main menu:

1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 1) Perform a Mass Email Attack

Choose payload:

1) Adobe PDF Embedded EXE 2) Custom EXE to VBA 3) Fileformat Bugs ...

Configure email settings:

Enter email address to send from: attacker@example.com

Enter the gmail password: password

Enter the recipient: victim@example.com

### Datei Format Payloads

Select from main menu:

1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 2) Create a FileFormat Payload

Choose payload:

1) Adobe PDF Embedded EXE 2) Adobe PDF Embedded PowerShell 3) Microsoft Word Macro ... 

Infektiöser Mediengenerator

### USB/CD/DVD AutoRun Methode

Select from main menu:

1) Social-Engineering Attacks 3) Infectious Media Generator 1) USB/CD/DVD (AutoRun) Method

Choose payload:

1) Windows Reverse_TCP Meterpreter 2) Windows Reverse_TCP VNC 3) Windows Bind_TCP Meterpreter ... 

### Advanced File Format Infection

Select from main menu:

1) Social-Engineering Attacks 3) Infectious Media Generator 2) Advanced File Format Infection

Choose file format:

1) Adobe PDF 2) Microsoft Word ... 

In den Warenkorb

### Standalone Payloads

Select from main menu:

1) Social-Engineering Attacks 4) Create a Payload and Listener

Choose payload:

1) Windows Reverse_TCP Meterpreter 2) Windows Meterpreter Reverse_TCP X64 3) Windows Reverse_TCP VNC ... 

### Android Payloads

Select from main menu:

1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 4) Create a Android/MacOS/Windows/iOS Payload 1) Android Meterpreter 

Fortgeschrittene Technologien

### Custom Website Import

Select from main menu:

1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method 3) Custom Import

Enter the path to your website: /path/to/website

Enter IP for POST back: [your IP]

### Power Shell Attacks

Select from main menu:

1) Social-Engineering Attacks 9) Powershell Attack Vectors

Choose attack:

1) Powershell Alphanumeric Shellcode Injector 2) Powershell Reverse Shell 3) Powershell Bind Shell ... 

### QRCode Generator

Select from main menu:

1) Social-Engineering Attacks 8) QRCode Generator Attack Vector

Enter the URL: https://malicious-example.com

Enter path to save QRCode: /path/to/save/qrcode.png

Integration mit Metasploit

### Verwenden von Metasploit Payloads

When selecting payloads, choose Metasploit options

SET will automatically integrate with Metasploit

### Einrichten von Hörern

After creating a payload:

Do you want to start the listener now? yes

Konfiguration

### Update SET Konfiguration

Select from main menu:

5) Update SET configuration

Edit configuration settings in the text editor

### Webvorlagen konfigurieren

Templates are stored in:

/usr/share/set/src/webattack/web_clone/ 

### E-Mail-Vorlagen konfigurieren

Templates are stored in:

/usr/share/set/src/templates/ 

Fehlerbehebung

### Häufige Fragen

Fix permission issues:

sudo chmod -R 755 /usr/share/set/

Fix Python dependency issues:

pip3 install -r requirements.txt

Fix database issues:

rm /usr/share/set/config/set_config.db 

### Debugging

Run SET with debug output:

sudo setoolkit --debug 

oder Best Practices

### Sicherheitsüberlegungen

Run in isolated environment

Document permission and scope

Avoid causing harm or disruption

Report findings responsibly

### Performance Tips

Test attacks in isolated environments first

Use realistic scenarios

Customize templates for specific targets

Monitor and document all activities

```_

Ressourcen

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Nutzung des Social Engineering Toolkit (SET). Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Genehmigung haben, bevor Sie irgendwelche Social Engineering-Tests durchführen. *