!!!笔记仅供学习交流使用,请勿进行其他用途!!!
setoolkit是一个非常有用的社会工程学工具,里面有很多工具,这里作者只笔记下其最简单的使用方法。
setoolkit群发邮件的基本流程:
The Social-Engineer Toolkit is a product of TrustedSec.
Visit: https://www.trustedsec.com
Select from the menu:
1) Social-Engineering Attacks
。。。。。。。。
set> 1 #选项1
5) Mass Mailer Attack
。。。。。。。。
set> 5 #选项5
1. E-Mail Attack Single Email Address
2. E-Mail Attack Mass Mailer
99. Return to main menu.
set:mailer>1 #简单测试,这里只发送给一个接受者,而且是自发自收
set:phishing> Send email to:setattacker@gmail.com #收件人
1. Use a gmail Account for your email attack.
2. Use your own server or open relay
set:phishing>1 #使用gmail发送邮件
set:phishing> Your gmail email address:setattacker@gmail.com #发件人邮箱
set:phishing> The FROM NAME the user will see:IT Admin #发件人姓名
Email password: #发件人密码
set:phishing> Flag this message/s as high priority? [yes|no]:yes #优先级
set:phishing> Email subject:Important Visit The Website #邮件标题
set:phishing> Send the message as html or plain? 'h' or 'p' [p]:p #邮件正文
[!] IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.
set:phishing> Enter the body of the message, type END (capitals) when finished:Hi
Next line of the body: It is important ! Please click http://116.62.110.235/blog ASAP!!
Next line of the body: END #大写END结束
[*] SET has finished sending the emails
Press <return> to continue
然后我们就可以看到这封邮件了。里面还有链接。如下图:
发表评论