社会工程工具包用法

介绍

Social-Engineer Toolkit (SET)是一个专为社交工程设计的开源渗透测试框架. SET有许多自定义攻击向量,允许你在很短的时间内进行可信的攻击.这些工具使用人类行为来欺骗他们攻击向量.

安装

Github地址:https://github.com/trustedsec/social-engineer-toolkit

使用

#启动
 ./setoolkit
  
  
 #主要选择项
  Select from the menu:
 
   1) Social-Engineering Attacks #社会工程攻击(钓鱼网站等)
   2) Penetration Testing (Fast-Track)  #渗透测试(快速通道)
   3) Third Party Modules #第三方模块
   4) Update the Social-Engineer Toolkit  #新升级set
   5) Update SET configuration #更新set的设置
   6) Help, Credits, and About #帮助菜单
 
  99) Exit the Social-Engineer Toolkit  #退出
 
set>
 
 
   
   
 #1选项
    1) Spear-Phishing Attack Vectors #鱼叉式网络钓鱼攻击
   2) Website Attack Vectors   #网页攻击
   3) Infectious Media Generator #传染媒介式(俗称木马)
   4) Create a Payload and Listener #建立payloaad和listener
   5) Mass Mailer Attack #邮件群发攻击(夹杂木马啊payload的玩意发给你)
   6) Arduino-Based Attack Vector #Arduino基础攻击
   7) Wireless Access Point Attack Vector  #无线接入点攻击
   8) QRCode Generator Attack Vector #二维码攻击
   9) Powershell Attack Vectors #Powershell攻击
  10) SMS Spoofing Attack Vector #短信欺骗
  11) Third Party Modules #第三反模块
 
  99) Return back to the main menu. #返回上级
  
 #2、选择web攻击
    1) Java Applet Attack Method #java applet攻击(网页弹窗那种)
   2) Metasploit Browser Exploit Method #Metasploit 浏览器漏洞攻击
   3) Credential Harvester Attack Method #钓鱼网站攻击
   4) Tabnabbing Attack Method #标签钓鱼攻击
   5) Web Jacking Attack Method #网站jacking攻击
   6) Multi-Attack Web Method #多种网站攻击方式
   7) Full Screen Attack Method #全屏幕攻击(只能够对谷歌邮箱和脸书用)
   8) HTA Attack Method   #HTA攻击
  99) Return to Main Menu #返回上级
 
 #再次选择2
     
   1) Web Templates #网站模版
   2) Site Cloner #克隆网站 (这个克隆网站的要求就是最好是静态页面而且有有POST返回的登录界面)
   3) Custom Import #自己设计的网站
 
  99) Return to Webattack Menu #返回上级
  #选择1测试
  #选择回车(或者输入ip)
  set:webattack> IP address for the POST back in Harvester/Tabnabbing [10.0.0.132]:
 
--------------------------------------------------------
             **** Important Information ****
 
For templates, when a POST is initiated to harvest
credentials, you will need a site for it to redirect.
 
You can configure this option under:
 
      /etc/setoolkit/set.config
 
Edit this file, and change HARVESTER_REDIRECT and
HARVESTER_URL to the sites you want to redirect to
after it is posted. If you do not set these, then
it will not redirect properly. This only goes for
templates.
 
--------------------------------------------------------
 
  1. Java Required
  2. Google
  3. Twitter
#选择2 Google
#一直回车
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
© 版权声明
THE END
喜欢就支持一下吧
点赞9 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容