소셜 엔지니어링 툴킷(SET) 치트 시트

개요

소셜 엔지니어링 툴킷(SET)은 소셜 엔지니어링 침투 테스트를 위해 설계된 오픈 소스 Python 기반 프레임워크입니다. TrustedSec에서 개발한 이 도구는 조직의 보안 인식과 인간 중심 공격에 대한 취약성을 테스트하기 위해 복잡한 소셜 엔지니어링 공격을 자동화합니다.

⚠️ 경고: SET은 명시적인 서면 허가가 있는 시스템과 대상에 대해서만 사용하십시오. 무단 사용은 법률 및 규정을 위반할 수 있습니다.

설치

Kali Linux

# Already pre-installed on Kali, or install/update with:
sudo apt update
sudo apt install set
sudo apt install setoolkit

# Launch SET
sudo setoolkit

수동 설치 (Linux)

# Clone the repository
git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit

# Install dependencies
pip3 install -r requirements.txt

# Install SET
sudo python3 setup.py install

# Launch SET
sudo setoolkit

Docker 설치

# Pull the Docker image
docker pull trustedsec/social-engineer-toolkit

# Run SET in a container
docker run -it trustedsec/social-engineer-toolkit

기본 사용법

SET 시작하기

# Launch SET with root privileges
sudo setoolkit

# Launch SET from source directory
cd social-engineer-toolkit
sudo python3 setoolkit

탐색

# Use numbers to select options
# Use 99 to return to the previous menu
# Use exit or quit to exit SET

주요 메뉴 옵션

소셜 엔지니어링 공격

1) Social-Engineering Attacks
   - Primary attack vectors for social engineering

침투 테스트 (빠른 트랙)

2) Penetration Testing (Fast-Track)
   - Quick penetration testing tools

서드파티 모듈

3) Third Party Modules
   - Additional modules contributed by the community

SET 업데이트

4) Update the Social-Engineer Toolkit
   - Update to the latest version

구성 업데이트

5) Update SET configuration
   - Change configuration settings

도움말

6) Help, Credits, and About
   - Information about SET

소셜 엔지니어링 공격

스피어 피싱 공격 벡터

1) Spear-Phishing Attack Vectors
   1) Perform a Mass Email Attack
   2) Create a FileFormat Payload
   3) Create a Social-Engineering Template
   4) Create a Android/MacOS/Windows/iOS Payload
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) Wireless Access Point Attack Vector
   8) QRCode Generator Attack Vector
   9) Powershell Attack Vectors
   10) SMS Spoofing Attack Vector

웹사이트 공격 벡터

2) Website Attack Vectors
   1) Java Applet Attack Method
   2) Metasploit Browser Exploit Method
   3) Credential Harvester Attack Method
   4) Tabnabbing Attack Method
   5) Web Jacking Attack Method
   6) Multi-Attack Web Method
   7) HTA Attack Method
   8) Badpdf Attack Method

감염성 미디어 생성기

3) Infectious Media Generator
   1) USB/CD/DVD (AutoRun) Method
   2) Advanced File Format Infection

페이로드 및 리스너 생성

4) Create a Payload and Listener
   - Generate standalone payloads

대량 메일 공격

5) Mass Mailer Attack
   1) E-Mail Attack Single Email Address
   2) E-Mail Attack Mass Mailer

Arduino 기반 공격 벡터

6) Arduino-Based Attack Vector
   - Hardware-based attacks

무선 접속 지점 공격 벡터

7) Wireless Access Point Attack Vector
   - Create rogue access points

QR 코드 생성기 공격 벡터

Would you like me to continue with the remaining sections?``` 8) QRCode Generator Attack Vector

• Generate malicious QR codes

9. Powershell Attack Vectors
   • PowerShell-based attacks

Select from main menu:

1. Social-Engineering Attacks
2. Website Attack Vectors
3. Credential Harvester Attack Method

Then choose one of:

1. Web Templates
2. Site Cloner
3. Custom Import
4. Tabnabbing

For Site Cloner:

Enter IP for POST back: [your IP]

Enter URL to clone: https://example.com

Available templates include:

1. Java Required
2. Google
3. Gmail
4. Facebook
5. Twitter
6. Yahoo

Select from main menu:

1. Social-Engineering Attacks
2. Website Attack Vectors
3. Multi-Attack Web Method

Choose attack methods to include

Enter IP for POST back: [your IP]

Enter URL to clone: https://example.com

Select from main menu:

1. Social-Engineering Attacks
2. Spear-Phishing Attack Vectors
3. Perform a Mass Email Attack

Choose payload:

1. Adobe PDF Embedded EXE
2. Custom EXE to VBA
3. Fileformat Bugs …

Configure email settings:

Enter email address to send from: attacker@example.com

Enter the gmail password: password

Enter the recipient: victim@example.com

Select from main menu:

1. Social-Engineering Attacks
2. Spear-Phishing Attack Vectors
3. Create a FileFormat Payload

Choose payload:

1. Adobe PDF Embedded EXE
2. Adobe PDF Embedded PowerShell
3. Microsoft Word Macro …

Select from main menu:

1. Social-Engineering Attacks
2. Infectious Media Generator
3. USB/CD/DVD (AutoRun) Method

Choose payload:

1. Windows Reverse_TCP Meterpreter
2. Windows Reverse_TCP VNC
3. Windows Bind_TCP Meterpreter …

Select from main menu:

1. Social-Engineering Attacks
2. Infectious Media Generator
3. Advanced File Format Infection

Choose file format:

1. Adobe PDF
2. Microsoft Word …

Select from main menu:

1. Social-Engineering Attacks
2. Create a Payload and Listener

Choose payload:

1. Windows Reverse_TCP Meterpreter
2. Windows Meterpreter Reverse_TCP X64
3. Windows Reverse_TCP VNC …

Select from main menu:

1. Social-Engineering Attacks
2. Spear-Phishing Attack Vectors
3. Create a Android/MacOS/Windows/iOS Payload
4. Android Meterpreter

Select from main menu:

1. Social-Engineering Attacks
2. Website Attack Vectors
3. Credential Harvester Attack Method
4. Custom Import

Enter the path to your website: /path/to/website

Enter IP for POST back: [your IP]

Select from main menu:

1. Social-Engineering Attacks
2. Powershell Attack Vectors

Choose attack:

1. Powershell Alphanumeric Shellcode Injector
2. Powershell Reverse Shell
3. Powershell Bind Shell …

Select from main menu:

1. Social-Engineering Attacks
2. QRCode Generator Attack Vector

Enter the URL: https://malicious-example.com

Enter path to save QRCode: /path/to/save/qrcode.png

When selecting payloads, choose Metasploit options

SET will automatically integrate with Metasploit

After creating a payload:

Do you want to start the listener now? yes

Select from main menu:

5. Update SET configuration

Edit configuration settings in the text editor

Templates are stored in:

/usr/share/set/src/webattack/web_clone/

Templates are stored in:

/usr/share/set/src/templates/

Fix permission issues:

sudo chmod -R 755 /usr/share/set/

Fix Python dependency issues:

pip3 install -r requirements.txt

Fix database issues:

rm /usr/share/set/config/set_config.db

Run SET with debug output:

sudo setoolkit —debug

## 모범 사례

### 보안 고려사항

Run in isolated environment

Document permission and scope

Avoid causing harm or disruption

Report findings responsibly

### 성능 팁

Test attacks in isolated environments first

Use realistic scenarios

Customize templates for specific targets

Monitor and document all activities

## 리소스

- [공식 GitHub 저장소](https://github.com/trustedsec/social-engineer-toolkit)
- [TrustedSec 웹사이트](https://www.trustedsec.com)
- [SET 문서](https://github.com/trustedsec/social-engineer-toolkit/wiki)
- [소셜 엔지니어링 프레임워크](https://www.social-engineer.org/framework/)

---

*이 치트 시트는 소셜 엔지니어링 툴킷(SET) 사용에 대한 포괄적인 참고 자료를 제공합니다. 소셜 엔지니어링 테스트를 수행하기 전에 항상 적절한 승인을 받았는지 확인하세요.*