Boîte à outils en génie social (SET) Feuille de chaleur
Aperçu général
Le Social Engineering Toolkit (SET) est un cadre ouvert à base de Python conçu pour les tests de pénétration en ingénierie sociale. Développé par TrustedSec, il automatise les attaques complexes de génie social pour tester la sensibilisation à la sécurité d'une organisation et sa vulnérabilité aux attaques axées sur l'être humain.
C'est pas vrai. Attention: N'utilisez SET que sur les systèmes et contre les cibles avec une autorisation écrite explicite. Une utilisation non autorisée peut violer les lois et règlements.
Installation
Kali Linux
# Already pre-installed on Kali, or install/update with:
sudo apt update
sudo apt install set
sudo apt install setoolkit
# Launch SET
sudo setoolkit
Installation manuelle (Linux)
# Clone the repository
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit
# Install dependencies
pip3 install -r requirements.txt
# Install SET
sudo python3 setup.py install
# Launch SET
sudo setoolkit
```_
### Installation Docker
```bash
# Pull the Docker image
docker pull trustedsec/social-engineer-toolkit
# Run SET in a container
docker run -it trustedsec/social-engineer-toolkit
```_
## Utilisation de base
### Démarrer SET
```bash
# Launch SET with root privileges
sudo setoolkit
# Launch SET from source directory
cd social-engineer-toolkit
sudo python3 setoolkit
Navigation
# Use numbers to select options
# Use 99 to return to the previous menu
# Use exit or quit to exit SET
Options du menu principal
L'ingénierie sociale Attaques
1) Social-Engineering Attacks
- Primary attack vectors for social engineering
Essai de pénétration (Fast-Track)
2) Penetration Testing (Fast-Track)
- Quick penetration testing tools
Modules tiers
3) Third Party Modules
- Additional modules contributed by the community
Mise à jour SET
4) Update the Social-Engineer Toolkit
- Update to the latest version
Mettre à jour la configuration
5) Update SET configuration
- Change configuration settings
Aide
6) Help, Credits, and About
- Information about SET
L'ingénierie sociale Attaques
Vecteurs d'attaque à la lance
1) Spear-Phishing Attack Vectors
1) Perform a Mass Email Attack
2) Create a FileFormat Payload
3) Create a Social-Engineering Template
4) Create a Android/MacOS/Windows/iOS Payload
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) Wireless Access Point Attack Vector
8) QRCode Generator Attack Vector
9) Powershell Attack Vectors
10) SMS Spoofing Attack Vector
Vecteurs d'attaque du site Web
2) Website Attack Vectors
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Web Jacking Attack Method
6) Multi-Attack Web Method
7) HTA Attack Method
8) Badpdf Attack Method
Générateur de médias infectieux
3) Infectious Media Generator
1) USB/CD/DVD (AutoRun) Method
2) Advanced File Format Infection
Créez une charge utile et écoutez
4) Create a Payload and Listener
- Generate standalone payloads
Messagerie de masse Attaque
5) Mass Mailer Attack
1) E-Mail Attack Single Email Address
2) E-Mail Attack Mass Mailer
Vecteur d'attaque Arduino
6) Arduino-Based Attack Vector
- Hardware-based attacks
Vecteur d'attaque de point d'accès sans fil
7) Wireless Access Point Attack Vector
- Create rogue access points
Vecteur d'attaque du générateur QRCode
8) QRCode Generator Attack Vector
- Generate malicious QR codes
Vecteurs d'attaque Powershell
9) Powershell Attack Vectors
- PowerShell-based attacks
Vecteurs d'attaque du site Web
Moissonneur de titres de créance
# Select from main menu:
1) Social-Engineering Attacks
2) Website Attack Vectors
3) Credential Harvester Attack Method
# Then choose one of:
1) Web Templates
2) Site Cloner
3) Custom Import
4) Tabnabbing
# For Site Cloner:
# Enter IP for POST back: [your IP]
# Enter URL to clone: https://example.com
Modèles Web
# Available templates include:
1) Java Required
2) Google
3) Gmail
4) Facebook
5) Twitter
6) Yahoo
Méthode Web multi-Attack
# Select from main menu:
1) Social-Engineering Attacks
2) Website Attack Vectors
6) Multi-Attack Web Method
# Choose attack methods to include
# Enter IP for POST back: [your IP]
# Enter URL to clone: https://example.com
Phishing de lance Attaques
Attaque de masse par courriel
# Select from main menu:
1) Social-Engineering Attacks
1) Spear-Phishing Attack Vectors
1) Perform a Mass Email Attack
# Choose payload:
1) Adobe PDF Embedded EXE
2) Custom EXE to VBA
3) Fileformat Bugs
...
# Configure email settings:
# Enter email address to send from: attacker@example.com
# Enter the gmail password: password
# Enter the recipient: victim@example.com
Format de fichier Charges utiles
# Select from main menu:
1) Social-Engineering Attacks
1) Spear-Phishing Attack Vectors
2) Create a FileFormat Payload
# Choose payload:
1) Adobe PDF Embedded EXE
2) Adobe PDF Embedded PowerShell
3) Microsoft Word Macro
...
Générateur de médias infectieux
USB/CD/DVD Méthode AutoRun
# Select from main menu:
1) Social-Engineering Attacks
3) Infectious Media Generator
1) USB/CD/DVD (AutoRun) Method
# Choose payload:
1) Windows Reverse_TCP Meterpreter
2) Windows Reverse_TCP VNC
3) Windows Bind_TCP Meterpreter
...
Infection avancée au format de fichier
# Select from main menu:
1) Social-Engineering Attacks
3) Infectious Media Generator
2) Advanced File Format Infection
# Choose file format:
1) Adobe PDF
2) Microsoft Word
...
Création de charge utile
Charges utiles autonomes
# Select from main menu:
1) Social-Engineering Attacks
4) Create a Payload and Listener
# Choose payload:
1) Windows Reverse_TCP Meterpreter
2) Windows Meterpreter Reverse_TCP X64
3) Windows Reverse_TCP VNC
...
Charges utiles Android
# Select from main menu:
1) Social-Engineering Attacks
1) Spear-Phishing Attack Vectors
4) Create a Android/MacOS/Windows/iOS Payload
1) Android Meterpreter
Techniques avancées
Importation personnalisée du site Web
# Select from main menu:
1) Social-Engineering Attacks
2) Website Attack Vectors
3) Credential Harvester Attack Method
3) Custom Import
# Enter the path to your website: /path/to/website
# Enter IP for POST back: [your IP]
Attaques de puissance
# Select from main menu:
1) Social-Engineering Attacks
9) Powershell Attack Vectors
# Choose attack:
1) Powershell Alphanumeric Shellcode Injector
2) Powershell Reverse Shell
3) Powershell Bind Shell
...
Générateur de code QR
# Select from main menu:
1) Social-Engineering Attacks
8) QRCode Generator Attack Vector
# Enter the URL: https://malicious-example.com
# Enter path to save QRCode: /path/to/save/qrcode.png
Intégration avec Metasploit
Utilisation de Metasploit Payloads
# When selecting payloads, choose Metasploit options
# SET will automatically integrate with Metasploit
Configuration des auditeurs
# After creating a payload:
# Do you want to start the listener now? yes
Configuration
Mise à jour SET Configuration
# Select from main menu:
5) Update SET configuration
# Edit configuration settings in the text editor
Configurer les modèles Web
# Templates are stored in:
/usr/share/set/src/webattack/web_clone/
Configurer les modèles de courriel
# Templates are stored in:
/usr/share/set/src/templates/
Dépannage
Questions communes
# Fix permission issues:
sudo chmod -R 755 /usr/share/set/
# Fix Python dependency issues:
pip3 install -r requirements.txt
# Fix database issues:
rm /usr/share/set/config/set_config.db
Déboguement
# Run SET with debug output:
sudo setoolkit --debug
Meilleures pratiques
Considérations en matière de sécurité
# Run in isolated environment
# Document permission and scope
# Avoid causing harm or disruption
# Report findings responsibly
Conseils de performance
# Test attacks in isolated environments first
# Use realistic scenarios
# Customize templates for specific targets
# Monitor and document all activities
Ressources
- [Répertoire officiel GitHub] (LINK_4)
- [Site Web fiable] (LINK_4)
- [Documentation SET] (LINK_4)
- [Cadre de génie social] (LINK_4)
*Cette feuille de triche fournit une référence complète pour l'utilisation de la Social Engineering Toolkit (SET). Assurez-vous toujours d'avoir une autorisation appropriée avant de faire des tests d'ingénierie sociale. *