Social Engineering Toolkit (SET) Cheat Sheet
Überblick
Das Social Engineering Toolkit (SET) ist ein offener Python-getriebener Rahmen für Social Engineering Penetration Tests. Entwickelt von TrustedSec automatisiert es komplexe Social Engineering-Angriffe, um das Sicherheitsbewusstsein und die Sicherheitsanfälligkeit einer Organisation zu testen.
ZEIT Warning: Verwenden Sie SET nur auf Systemen und gegen Ziele mit ausdrücklicher schriftlicher Genehmigung. Unberechtigte Nutzung kann Gesetze und Vorschriften verletzen.
Installation
Das ist der Grund.
# Already pre-installed on Kali, or install/update with:
sudo apt update
sudo apt install set
sudo apt install setoolkit
# Launch SET
sudo setoolkit
```_
### Manuelle Installation (Linux)
```bash
# Clone the repository
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit
# Install dependencies
pip3 install -r requirements.txt
# Install SET
sudo python3 setup.py install
# Launch SET
sudo setoolkit
```_
### Docker Installation
```bash
# Pull the Docker image
docker pull trustedsec/social-engineer-toolkit
# Run SET in a container
docker run -it trustedsec/social-engineer-toolkit
```_
## Basisnutzung
### Beginn der SET
```bash
# Launch SET with root privileges
sudo setoolkit
# Launch SET from source directory
cd social-engineer-toolkit
sudo python3 setoolkit
```_
### Navigation
Use numbers to select options
Use 99 to return to the previous menu
Use exit or quit to exit SET
## Hauptmenü Optionen
### Sozial-Engineering Angriffe
1) Social-Engineering Attacks - Primary attack vectors for social engineering
### Penetration Testing (Fast-Track)
2) Penetration Testing (Fast-Track) - Quick penetration testing tools
### Module der dritten Partei
3) Third Party Modules - Additional modules contributed by the community
### Update SET
4) Update the Social-Engineer Toolkit - Update to the latest version
### Konfiguration aktualisieren
5) Update SET configuration - Change configuration settings
### Hilfe
6) Help, Credits, and About - Information about SET
## Sozial-Engineering Angriffe
### Spear-Phishing Angriffsvektoren
1) Spear-Phishing Attack Vectors 1) Perform a Mass Email Attack 2) Create a FileFormat Payload 3) Create a Social-Engineering Template 4) Create a Android/MacOS/Windows/iOS Payload 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) Wireless Access Point Attack Vector 8) QRCode Generator Attack Vector 9) Powershell Attack Vectors 10) SMS Spoofing Attack Vector
### Website Angriff Vektoren
2) Website Attack Vectors 1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Web Jacking Attack Method 6) Multi-Attack Web Method 7) HTA Attack Method 8) Badpdf Attack Method
### Infektiöser Mediengenerator
3) Infectious Media Generator 1) USB/CD/DVD (AutoRun) Method 2) Advanced File Format Infection
### Payload und Listener erstellen
4) Create a Payload and Listener - Generate standalone payloads
### Masse Mailer Angriff
5) Mass Mailer Attack 1) E-Mail Attack Single Email Address 2) E-Mail Attack Mass Mailer
### Arduino-basierter Angriffsvektor
6) Arduino-Based Attack Vector - Hardware-based attacks
### Wireless Access Point Angriff Vektor
7) Wireless Access Point Attack Vector - Create rogue access points
### QRCode Generator Attack Vector
8) QRCode Generator Attack Vector - Generate malicious QR codes
### Powershell Angriffsvektoren
9) Powershell Attack Vectors - PowerShell-based attacks
## Website Angriff Vektoren
### Credential Harvester
Select from main menu:
1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method
Then choose one of:
1) Web Templates 2) Site Cloner 3) Custom Import 4) Tabnabbing
For Site Cloner:
Enter IP for POST back: [your IP]
Enter URL to clone: https://example.com
### Web-Vorlagen
Available templates include:
1) Java Required 2) Google 3) Gmail 4) Facebook 5) Twitter 6) Yahoo
### Multi-Attack-Webmethode
Select from main menu:
1) Social-Engineering Attacks 2) Website Attack Vectors 6) Multi-Attack Web Method
Choose attack methods to include
Enter IP for POST back: [your IP]
Enter URL to clone: https://example.com
## Speer-Phishing Angriffe
### Masse E-Mail-Angriff
Select from main menu:
1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 1) Perform a Mass Email Attack
Choose payload:
1) Adobe PDF Embedded EXE 2) Custom EXE to VBA 3) Fileformat Bugs ...
Configure email settings:
Enter email address to send from: attacker@example.com
Enter the gmail password: password
Enter the recipient: victim@example.com
### Datei Format Payloads
Select from main menu:
1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 2) Create a FileFormat Payload
Choose payload:
1) Adobe PDF Embedded EXE 2) Adobe PDF Embedded PowerShell 3) Microsoft Word Macro ...
## Infektiöser Mediengenerator
### USB/CD/DVD AutoRun Methode
Select from main menu:
1) Social-Engineering Attacks 3) Infectious Media Generator 1) USB/CD/DVD (AutoRun) Method
Choose payload:
1) Windows Reverse_TCP Meterpreter 2) Windows Reverse_TCP VNC 3) Windows Bind_TCP Meterpreter ...
### Erweiterte Datei Format Infektion
Select from main menu:
1) Social-Engineering Attacks 3) Infectious Media Generator 2) Advanced File Format Infection
Choose file format:
1) Adobe PDF 2) Microsoft Word ...
## Erstellung von Nutzlasten
### Standalone Payloads
Select from main menu:
1) Social-Engineering Attacks 4) Create a Payload and Listener
Choose payload:
1) Windows Reverse_TCP Meterpreter 2) Windows Meterpreter Reverse_TCP X64 3) Windows Reverse_TCP VNC ...
### Android Payloads
Select from main menu:
1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 4) Create a Android/MacOS/Windows/iOS Payload 1) Android Meterpreter
## Erweiterte Techniken
### Zoll-Website Import
Select from main menu:
1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method 3) Custom Import
Enter the path to your website: /path/to/website
Enter IP for POST back: [your IP]
### PowerShell Angriffe
Select from main menu:
1) Social-Engineering Attacks 9) Powershell Attack Vectors
Choose attack:
1) Powershell Alphanumeric Shellcode Injector 2) Powershell Reverse Shell 3) Powershell Bind Shell ...
### QRCode Generator
Select from main menu:
1) Social-Engineering Attacks 8) QRCode Generator Attack Vector
Enter the URL: https://malicious-example.com
Enter path to save QRCode: /path/to/save/qrcode.png
## Integration mit Metasploit
### Verwendung von Metasploit Payloads
When selecting payloads, choose Metasploit options
SET will automatically integrate with Metasploit
### Hörer einrichten
After creating a payload:
Do you want to start the listener now? yes
## Konfiguration
### Update SET Konfiguration
Select from main menu:
5) Update SET configuration
Edit configuration settings in the text editor
### Webvorlagen konfigurieren
Templates are stored in:
/usr/share/set/src/webattack/web_clone/
### E-Mail-Vorlagen konfigurieren
Templates are stored in:
/usr/share/set/src/templates/
## Fehlerbehebung
### Gemeinsame Themen
Fix permission issues:
sudo chmod -R 755 /usr/share/set/
Fix Python dependency issues:
pip3 install -r requirements.txt
Fix database issues:
rm /usr/share/set/config/set_config.db
### Debugging
Run SET with debug output:
sudo setoolkit --debug
## Best Practices
### Sicherheitsüberlegungen
Run in isolated environment
Document permission and scope
Avoid causing harm or disruption
Report findings responsibly
### Leistungsspitzen
Test attacks in isolated environments first
Use realistic scenarios
Customize templates for specific targets
Monitor and document all activities
```_
Ressourcen
- Official GitHub Repository
- [TrustedSec Website](LINK_4 -%20SET-Dokumentation
- [Social Engineering Framework](__LINK_4___
--
*Dieses%20Betrügereiblatt%20bietet%20eine%20umfassende%20Referenz%20für%20die%20Nutzung%20des%20Social%20Engineering%20Toolkit%20(SET). Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Genehmigung haben, bevor Sie irgendwelche Social Engineering-Tests durchführen. *