介绍
Social-Engineer Toolkit (SET)是一个专为社交工程设计的开源渗透测试框架. SET有许多自定义攻击向量,允许你在很短的时间内进行可信的攻击.这些工具使用人类行为来欺骗他们攻击向量.
安装
Github地址:https://github.com/trustedsec/social-engineer-toolkit
使用
#启动
./setoolkit
#主要选择项
Select from the menu:
1) Social-Engineering Attacks #社会工程攻击(钓鱼网站等)
2) Penetration Testing (Fast-Track) #渗透测试(快速通道)
3) Third Party Modules #第三方模块
4) Update the Social-Engineer Toolkit #新升级set
5) Update SET configuration #更新set的设置
6) Help, Credits, and About #帮助菜单
99) Exit the Social-Engineer Toolkit #退出
set>
#1选项
1) Spear-Phishing Attack Vectors #鱼叉式网络钓鱼攻击
2) Website Attack Vectors #网页攻击
3) Infectious Media Generator #传染媒介式(俗称木马)
4) Create a Payload and Listener #建立payloaad和listener
5) Mass Mailer Attack #邮件群发攻击(夹杂木马啊payload的玩意发给你)
6) Arduino-Based Attack Vector #Arduino基础攻击
7) Wireless Access Point Attack Vector #无线接入点攻击
8) QRCode Generator Attack Vector #二维码攻击
9) Powershell Attack Vectors #Powershell攻击
10) SMS Spoofing Attack Vector #短信欺骗
11) Third Party Modules #第三反模块
99) Return back to the main menu. #返回上级
#2、选择web攻击
1) Java Applet Attack Method #java applet攻击(网页弹窗那种)
2) Metasploit Browser Exploit Method #Metasploit 浏览器漏洞攻击
3) Credential Harvester Attack Method #钓鱼网站攻击
4) Tabnabbing Attack Method #标签钓鱼攻击
5) Web Jacking Attack Method #网站jacking攻击
6) Multi-Attack Web Method #多种网站攻击方式
7) Full Screen Attack Method #全屏幕攻击(只能够对谷歌邮箱和脸书用)
8) HTA Attack Method #HTA攻击
99) Return to Main Menu #返回上级
#再次选择2
1) Web Templates #网站模版
2) Site Cloner #克隆网站 (这个克隆网站的要求就是最好是静态页面而且有有POST返回的登录界面)
3) Custom Import #自己设计的网站
99) Return to Webattack Menu #返回上级
#选择1测试
#选择回车(或者输入ip)
set:webattack> IP address for the POST back in Harvester/Tabnabbing [10.0.0.132]:
--------------------------------------------------------
**** Important Information ****
For templates, when a POST is initiated to harvest
credentials, you will need a site for it to redirect.
You can configure this option under:
/etc/setoolkit/set.config
Edit this file, and change HARVESTER_REDIRECT and
HARVESTER_URL to the sites you want to redirect to
after it is posted. If you do not set these, then
it will not redirect properly. This only goes for
templates.
--------------------------------------------------------
1. Java Required
2. Google
3. Twitter
#选择2 Google
#一直回车
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容