Zum Inhalt

Social Engineering Toolkit (SET) Cheat Sheet

generieren

Überblick

Das Social Engineering Toolkit (SET) ist ein offener Python-getriebener Rahmen für Social Engineering Penetration Tests. Entwickelt von TrustedSec automatisiert es komplexe Social Engineering-Angriffe, um das Sicherheitsbewusstsein und die Sicherheitsanfälligkeit einer Organisation zu testen.

ZEIT Warning: Verwenden Sie SET nur auf Systemen und gegen Ziele mit ausdrücklicher schriftlicher Genehmigung. Unberechtigte Nutzung kann Gesetze und Vorschriften verletzen.

Installation

Das ist der Grund.

# Already pre-installed on Kali, or install/update with:
sudo apt update
sudo apt install set
sudo apt install setoolkit

# Launch SET
sudo setoolkit
```_

### Manuelle Installation (Linux)
```bash
# Clone the repository
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit

# Install dependencies
pip3 install -r requirements.txt

# Install SET
sudo python3 setup.py install

# Launch SET
sudo setoolkit
```_

### Docker Installation
```bash
# Pull the Docker image
docker pull trustedsec/social-engineer-toolkit

# Run SET in a container
docker run -it trustedsec/social-engineer-toolkit
```_

## Basisnutzung

### Beginn der SET
```bash
# Launch SET with root privileges
sudo setoolkit

# Launch SET from source directory
cd social-engineer-toolkit
sudo python3 setoolkit
```_

### Navigation

Use numbers to select options

Use 99 to return to the previous menu

Use exit or quit to exit SET

## Hauptmenü Optionen

### Sozial-Engineering Angriffe
1) Social-Engineering Attacks - Primary attack vectors for social engineering 
### Penetration Testing (Fast-Track)
2) Penetration Testing (Fast-Track) - Quick penetration testing tools 
### Module der dritten Partei
3) Third Party Modules - Additional modules contributed by the community 
### Update SET
4) Update the Social-Engineer Toolkit - Update to the latest version 
### Konfiguration aktualisieren
5) Update SET configuration - Change configuration settings 
### Hilfe
6) Help, Credits, and About - Information about SET 
## Sozial-Engineering Angriffe

### Spear-Phishing Angriffsvektoren
1) Spear-Phishing Attack Vectors 1) Perform a Mass Email Attack 2) Create a FileFormat Payload 3) Create a Social-Engineering Template 4) Create a Android/MacOS/Windows/iOS Payload 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) Wireless Access Point Attack Vector 8) QRCode Generator Attack Vector 9) Powershell Attack Vectors 10) SMS Spoofing Attack Vector 
### Website Angriff Vektoren
2) Website Attack Vectors 1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Web Jacking Attack Method 6) Multi-Attack Web Method 7) HTA Attack Method 8) Badpdf Attack Method 
### Infektiöser Mediengenerator
3) Infectious Media Generator 1) USB/CD/DVD (AutoRun) Method 2) Advanced File Format Infection 
### Payload und Listener erstellen
4) Create a Payload and Listener - Generate standalone payloads 
### Masse Mailer Angriff
5) Mass Mailer Attack 1) E-Mail Attack Single Email Address 2) E-Mail Attack Mass Mailer 
### Arduino-basierter Angriffsvektor
6) Arduino-Based Attack Vector - Hardware-based attacks 
### Wireless Access Point Angriff Vektor
7) Wireless Access Point Attack Vector - Create rogue access points 
### QRCode Generator Attack Vector
8) QRCode Generator Attack Vector - Generate malicious QR codes 
### Powershell Angriffsvektoren
9) Powershell Attack Vectors - PowerShell-based attacks 
## Website Angriff Vektoren

### Credential Harvester

Select from main menu:

1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method

Then choose one of:

1) Web Templates 2) Site Cloner 3) Custom Import 4) Tabnabbing

For Site Cloner:

Enter IP for POST back: [your IP]

Enter URL to clone: https://example.com

### Web-Vorlagen

Available templates include:

1) Java Required 2) Google 3) Gmail 4) Facebook 5) Twitter 6) Yahoo 

### Multi-Attack-Webmethode

Select from main menu:

1) Social-Engineering Attacks 2) Website Attack Vectors 6) Multi-Attack Web Method

Choose attack methods to include

Enter IP for POST back: [your IP]

Enter URL to clone: https://example.com

## Speer-Phishing Angriffe

### Masse E-Mail-Angriff

Select from main menu:

1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 1) Perform a Mass Email Attack

Choose payload:

1) Adobe PDF Embedded EXE 2) Custom EXE to VBA 3) Fileformat Bugs ...

Configure email settings:

Enter email address to send from: attacker@example.com

Enter the gmail password: password

Enter the recipient: victim@example.com

### Datei Format Payloads

Select from main menu:

1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 2) Create a FileFormat Payload

Choose payload:

1) Adobe PDF Embedded EXE 2) Adobe PDF Embedded PowerShell 3) Microsoft Word Macro ... 

## Infektiöser Mediengenerator

### USB/CD/DVD AutoRun Methode

Select from main menu:

1) Social-Engineering Attacks 3) Infectious Media Generator 1) USB/CD/DVD (AutoRun) Method

Choose payload:

1) Windows Reverse_TCP Meterpreter 2) Windows Reverse_TCP VNC 3) Windows Bind_TCP Meterpreter ... 

### Erweiterte Datei Format Infektion

Select from main menu:

1) Social-Engineering Attacks 3) Infectious Media Generator 2) Advanced File Format Infection

Choose file format:

1) Adobe PDF 2) Microsoft Word ... 

## Erstellung von Nutzlasten

### Standalone Payloads

Select from main menu:

1) Social-Engineering Attacks 4) Create a Payload and Listener

Choose payload:

1) Windows Reverse_TCP Meterpreter 2) Windows Meterpreter Reverse_TCP X64 3) Windows Reverse_TCP VNC ... 

### Android Payloads

Select from main menu:

1) Social-Engineering Attacks 1) Spear-Phishing Attack Vectors 4) Create a Android/MacOS/Windows/iOS Payload 1) Android Meterpreter 

## Erweiterte Techniken

### Zoll-Website Import

Select from main menu:

1) Social-Engineering Attacks 2) Website Attack Vectors 3) Credential Harvester Attack Method 3) Custom Import

Enter the path to your website: /path/to/website

Enter IP for POST back: [your IP]

### PowerShell Angriffe

Select from main menu:

1) Social-Engineering Attacks 9) Powershell Attack Vectors

Choose attack:

1) Powershell Alphanumeric Shellcode Injector 2) Powershell Reverse Shell 3) Powershell Bind Shell ... 

### QRCode Generator

Select from main menu:

1) Social-Engineering Attacks 8) QRCode Generator Attack Vector

Enter the URL: https://malicious-example.com

Enter path to save QRCode: /path/to/save/qrcode.png

## Integration mit Metasploit

### Verwendung von Metasploit Payloads

When selecting payloads, choose Metasploit options

SET will automatically integrate with Metasploit

### Hörer einrichten

After creating a payload:

Do you want to start the listener now? yes

## Konfiguration

### Update SET Konfiguration

Select from main menu:

5) Update SET configuration

Edit configuration settings in the text editor

### Webvorlagen konfigurieren

Templates are stored in:

/usr/share/set/src/webattack/web_clone/ 

### E-Mail-Vorlagen konfigurieren

Templates are stored in:

/usr/share/set/src/templates/ 

## Fehlerbehebung

### Gemeinsame Themen

Fix permission issues:

sudo chmod -R 755 /usr/share/set/

Fix Python dependency issues:

pip3 install -r requirements.txt

Fix database issues:

rm /usr/share/set/config/set_config.db 

### Debugging

Run SET with debug output:

sudo setoolkit --debug 

## Best Practices

### Sicherheitsüberlegungen

Run in isolated environment

Document permission and scope

Avoid causing harm or disruption

Report findings responsibly

### Leistungsspitzen

Test attacks in isolated environments first

Use realistic scenarios

Customize templates for specific targets

Monitor and document all activities

```_

Ressourcen

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Nutzung des Social Engineering Toolkit (SET). Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Genehmigung haben, bevor Sie irgendwelche Social Engineering-Tests durchführen. *