Social Engineering Toolkit (SET) Cheat Sheet
"Clase de la hoja" id="copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
El Social Engineering Toolkit (SET) es un marco de código abierto impulsado por Python diseñado para pruebas de penetración de ingeniería social. Desarrollado por TrustedSec, automatiza ataques complejos de ingeniería social para probar la conciencia de seguridad de una organización y la vulnerabilidad a ataques centrados en el ser humano.
NOVEDAD Advertencia: Únicamente utilice SET en sistemas y contra objetivos con permiso explícito por escrito. El uso no autorizado puede violar leyes y reglamentos.
Instalación
Kali Linux
# Already pre-installed on Kali, or install/update with:
sudo apt update
sudo apt install set
sudo apt install setoolkit
# Launch SET
sudo setoolkit
Instalación manual (Linux)
# Clone the repository
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit
# Install dependencies
pip3 install -r requirements.txt
# Install SET
sudo python3 setup.py install
# Launch SET
sudo setoolkit
Docker Instalación
# Pull the Docker image
docker pull trustedsec/social-engineer-toolkit
# Run SET in a container
docker run -it trustedsec/social-engineer-toolkit
Uso básico
Inicio SET
# Launch SET with root privileges
sudo setoolkit
# Launch SET from source directory
cd social-engineer-toolkit
sudo python3 setoolkit
Navegación
# Use numbers to select options
# Use 99 to return to the previous menu
# Use exit or quit to exit SET
Opciones de menú principal
Social-Engineering Ataques
1) Social-Engineering Attacks
- Primary attack vectors for social engineering
Penetration Testing (Fast-Track)
2) Penetration Testing (Fast-Track)
- Quick penetration testing tools
Módulos de terceros
3) Third Party Modules
- Additional modules contributed by the community
Actualización SET
4) Update the Social-Engineer Toolkit
- Update to the latest version
Configuración de actualización
5) Update SET configuration
- Change configuration settings
Ayuda
6) Help, Credits, and About
- Information about SET
Social-Engineering Ataques
Spear-Phishing Attack Vectores
1) Spear-Phishing Attack Vectors
1) Perform a Mass Email Attack
2) Create a FileFormat Payload
3) Create a Social-Engineering Template
4) Create a Android/MacOS/Windows/iOS Payload
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) Wireless Access Point Attack Vector
8) QRCode Generator Attack Vector
9) Powershell Attack Vectors
10) SMS Spoofing Attack Vector
Vectores de ataque del sitio web
2) Website Attack Vectors
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Web Jacking Attack Method
6) Multi-Attack Web Method
7) HTA Attack Method
8) Badpdf Attack Method
Infectious Media Generator
3) Infectious Media Generator
1) USB/CD/DVD (AutoRun) Method
2) Advanced File Format Infection
Crear una carga útil y un oyente
4) Create a Payload and Listener
- Generate standalone payloads
Mass Mailer Ataque
5) Mass Mailer Attack
1) E-Mail Attack Single Email Address
2) E-Mail Attack Mass Mailer
Arduino-Based Attack Vector
6) Arduino-Based Attack Vector
- Hardware-based attacks
Vector de ataque de puntos de acceso inalámbrico
7) Wireless Access Point Attack Vector
- Create rogue access points
QRCode Generator Attack Vector
8) QRCode Generator Attack Vector
- Generate malicious QR codes
Powershell Attack Vectores
9) Powershell Attack Vectors
- PowerShell-based attacks
Vectores de ataque del sitio web
Crédential Harvester
# Select from main menu:
1) Social-Engineering Attacks
2) Website Attack Vectors
3) Credential Harvester Attack Method
# Then choose one of:
1) Web Templates
2) Site Cloner
3) Custom Import
4) Tabnabbing
# For Site Cloner:
# Enter IP for POST back: [your IP]
# Enter URL to clone: https://example.com
Plantillas web
# Available templates include:
1) Java Required
2) Google
3) Gmail
4) Facebook
5) Twitter
6) Yahoo
Multi-Attack Web Method
# Select from main menu:
1) Social-Engineering Attacks
2) Website Attack Vectors
6) Multi-Attack Web Method
# Choose attack methods to include
# Enter IP for POST back: [your IP]
# Enter URL to clone: https://example.com
Spear-Phishing Ataques
Ataque de correo electrónico masivo
# Select from main menu:
1) Social-Engineering Attacks
1) Spear-Phishing Attack Vectors
1) Perform a Mass Email Attack
# Choose payload:
1) Adobe PDF Embedded EXE
2) Custom EXE to VBA
3) Fileformat Bugs
...
# Configure email settings:
# Enter email address to send from: attacker@example.com
# Enter the gmail password: password
# Enter the recipient: victim@example.com
File Format Payloads
# Select from main menu:
1) Social-Engineering Attacks
1) Spear-Phishing Attack Vectors
2) Create a FileFormat Payload
# Choose payload:
1) Adobe PDF Embedded EXE
2) Adobe PDF Embedded PowerShell
3) Microsoft Word Macro
...
Infectious Media Generator
USB/CD/DVD AutoRun Method
# Select from main menu:
1) Social-Engineering Attacks
3) Infectious Media Generator
1) USB/CD/DVD (AutoRun) Method
# Choose payload:
1) Windows Reverse_TCP Meterpreter
2) Windows Reverse_TCP VNC
3) Windows Bind_TCP Meterpreter
...
Infección de formato de archivo avanzado
# Select from main menu:
1) Social-Engineering Attacks
3) Infectious Media Generator
2) Advanced File Format Infection
# Choose file format:
1) Adobe PDF
2) Microsoft Word
...
Creación de carga
Carga de pago independiente
# Select from main menu:
1) Social-Engineering Attacks
4) Create a Payload and Listener
# Choose payload:
1) Windows Reverse_TCP Meterpreter
2) Windows Meterpreter Reverse_TCP X64
3) Windows Reverse_TCP VNC
...
Android Payloads
# Select from main menu:
1) Social-Engineering Attacks
1) Spear-Phishing Attack Vectors
4) Create a Android/MacOS/Windows/iOS Payload
1) Android Meterpreter
Técnicas avanzadas
Importación de sitios web personalizados
# Select from main menu:
1) Social-Engineering Attacks
2) Website Attack Vectors
3) Credential Harvester Attack Method
3) Custom Import
# Enter the path to your website: /path/to/website
# Enter IP for POST back: [your IP]
PowerShell Attacks
# Select from main menu:
1) Social-Engineering Attacks
9) Powershell Attack Vectors
# Choose attack:
1) Powershell Alphanumeric Shellcode Injector
2) Powershell Reverse Shell
3) Powershell Bind Shell
...
QRCode Generator
# Select from main menu:
1) Social-Engineering Attacks
8) QRCode Generator Attack Vector
# Enter the URL: https://malicious-example.com
# Enter path to save QRCode: /path/to/save/qrcode.png
Integración con Metasploit
Utilizando Metasploit Payloads
# When selecting payloads, choose Metasploit options
# SET will automatically integrate with Metasploit
Configuración de escuchas
# After creating a payload:
# Do you want to start the listener now? yes
Configuración
Actualización SET Configuración
# Select from main menu:
5) Update SET configuration
# Edit configuration settings in the text editor
Configurar plantillas web
# Templates are stored in:
/usr/share/set/src/webattack/web_clone/
Configurar plantillas de correo electrónico
# Templates are stored in:
/usr/share/set/src/templates/
Solución de problemas
Cuestiones comunes
# Fix permission issues:
sudo chmod -R 755 /usr/share/set/
# Fix Python dependency issues:
pip3 install -r requirements.txt
# Fix database issues:
rm /usr/share/set/config/set_config.db
Debugging
# Run SET with debug output:
sudo setoolkit --debug
Buenas prácticas
Consideraciones de seguridad
# Run in isolated environment
# Document permission and scope
# Avoid causing harm or disruption
# Report findings responsibly
Consejos de rendimiento
# Test attacks in isolated environments first
# Use realistic scenarios
# Customize templates for specific targets
# Monitor and document all activities
Recursos
-...
*Esta hoja de trampolín proporciona una referencia completa para el uso del Herramienta de Ingeniería Social (SET). Siempre asegúrese de tener la autorización adecuada antes de realizar cualquier prueba de ingeniería social. *