Social Engineering Tools

A powerful collection of tools designed for social engineering research, penetration testing, and security awareness training. These tools help security researchers understand human manipulation tactics and improve defense mechanisms.

🔧 Features

• Phishing Attack Automation: Generate convincing phishing pages and email templates.
• Vishing Tool: Automate phone-based social engineering attacks for security assessments.
• Pretexting Scripts: Pre-built scenarios to test employee awareness.
• Baiting Simulations: Tools to create malware-laden bait files for educational use.
• Impersonation Templates: Ready-made impersonation scripts for authorized social engineering tests.
• Report Generator: Auto-generate detailed vulnerability and awareness reports.
• Quid Pro Quo Tool: Simulate exchange-of-service scenarios to raise awareness.
• Smishing Tool: Create and deploy SMS-based phishing messages.
• Tailgating Simulator: Educate teams on unauthorized access attempts.
• Dumpster Diving Awareness Module: Train employees on securing discarded information.

Phishing Attack Automation Tools

🔧 Tools List

• Evilginx: Advanced phishing framework that bypasses 2FA.
• GoPhish: Phishing framework for security awareness training.
• Modlishka: Reverse proxy tool for automated phishing campaigns.
• SocialFish: User-friendly tool for creating realistic phishing pages.
• King Phisher: Phishing campaign toolkit with detailed reporting features.
• PhishX: Multi-functional tool for email spoofing, SMS phishing, and fake login pages.
• BlackEye: Popular tool for crafting phishing pages for major platforms.
• HiddenEye: Phishing tool supporting multi-platform credential harvesting.
• EvilnoVNC: Advanced tool using noVNC for browser-based phishing attacks.
• CredSniper: Automated phishing kit for realistic login page replicas.

Vishing Tools

• Caller ID Spoofer: Enables fake caller ID manipulation for security testing.
• PrankDial: Automated voice prank system for awareness training.
• PhoneInfoga: Tool for gathering phone number intelligence.
• SpoofCard: A tool for spoofing caller ID for testing and awareness campaigns.
• FireRTC: A VoIP tool that allows anonymous and secure calling.
• Hushed: A tool that provides temporary phone numbers for secure communication.
• MySudo: Privacy-focused app for secure calls, messaging, and browsing.

Pretexting Scripts Tools

• Maltego: Excellent for gathering intelligence and building convincing pretexts.
• theHarvester: Ideal for collecting email addresses, names, and data for realistic scenarios.
• Sherlock: Finds social media accounts to build detailed pretexts.
• Recon-ng: A powerful framework for information gathering.
• OSINT Framework: Resource collection for identifying targets and developing credible stories.

Baiting Simulation Tools

🔧 Tools List

• Canarytokens - Generates tracking links, documents, and web bugs to detect unauthorized access or data theft.
• Glastopf - Web application honeypot designed to emulate known vulnerabilities to attract and analyze attackers.
• HoneyPy - Lightweight honeypot that simulates services to lure and analyze malicious behavior.
• Kippo - SSH honeypot designed to log brute force attacks and session activities.
• Artillery - Honeypot solution for detecting and blocking malicious activities.
• Dionaea - Honeypot framework designed to capture malware through exploitation techniques.
• T-Pot - All-in-one honeypot platform combining multiple honeypot tools in a single framework.
• WordPot - Honeypot designed to mimic WordPress installations for detecting malicious scans and attacks.
• Cowrie - SSH and Telnet honeypot designed to track malicious activities on vulnerable systems.
• Conpot - ICS/SCADA honeypot to simulate industrial control systems for security research.

Impersonation Templates Tools

🔧 Tools List

• SET (Social Engineering Toolkit) - Powerful tool for creating convincing impersonation scenarios, including email, SMS, and website templates.
• Evilginx - Advanced phishing and impersonation framework that bypasses 2FA using reverse proxy attacks.
• GoPhish - User-friendly phishing toolkit with custom email impersonation capabilities.
• Modlishka - Reverse proxy tool for automating credential theft through impersonated login pages.
• Phishing Frenzy - Tool for creating highly customizable phishing templates and campaigns.
• King Phisher - Phishing toolkit for crafting tailored impersonation campaigns.
• EvilnoVNC - VNC-based impersonation tool that simulates desktop environments for phishing.
• PhishX - Tool with impersonation templates for email, SMS, and fake login pages.
• BlackEye - Tool for cloning websites and impersonating popular platforms.
• HiddenEye - Multi-platform phishing tool for creating convincing impersonation scenarios.

Report Generator Tools

🔧 Tools List

• Dradis - Collaboration and report generation platform for security assessments with automated data integration.
• Faraday - Centralized platform for security teams with integrated report generation features.
• Serpico - Simple and efficient tool for creating structured security reports using templates.
• MagicTree - Data consolidation and report generation tool designed for penetration testers.
• PwnDoc - Web application for generating penetration testing reports with custom templates.
• Vulnreport - Automated reporting platform for red teams and penetration testers.
• Reconmap - Open-source security platform with integrated reporting for security professionals.
• Pentest-Report-Generator - Tool for generating detailed pentest reports using markdown templates.
• ReportGenerator - Tool for converting code coverage reports into human-readable formats.
• LaTeX PenTest Report - LaTeX-based penetration testing report template for professional-grade reports.

Quid Pro Quo Tools

🔧 Tools List

• SET (Social Engineering Toolkit) - Provides various modules for social engineering attacks, including quid pro quo scenarios for awareness training.
• GoPhish - Open-source phishing framework that can be adapted for quid pro quo awareness campaigns.
• Modlishka - Reverse proxy tool useful for impersonation tactics in quid pro quo attacks.
• King Phisher - Advanced phishing platform for creating interactive quid pro quo awareness campaigns.
• Evilginx - Tool for simulating advanced social engineering attacks with interactive elements.
• PhishX - Multi-purpose social engineering tool capable of running quid pro quo attack scenarios.
• HiddenEye - Phishing tool that can simulate social engineering campaigns with quid pro quo elements.
• BlackEye - Social engineering tool designed for mimicking popular services for phishing and awareness.
• QRGen - QR code generator that can be adapted for quid pro quo simulations via malicious link creation.
• USB Rubber Ducky - Physical payload delivery device that can execute social engineering tactics in quid pro quo scenarios.

Smishing Tools

🔧 Tools List

• SET (Social Engineering Toolkit) - Offers a powerful SMS spoofing module for conducting smishing awareness simulations.
• EvilSMS - Open-source tool for sending fake SMS messages during social engineering tests.
• SMS Spoofing Tool - Python-based SMS spoofing tool ideal for smishing awareness training.
• SMiShing Toolkit - Tool that helps security researchers craft convincing SMS phishing campaigns.
• GoPhish - Although designed for phishing, GoPhish can be adapted for smishing campaigns.
• HackTricks SMS Spoofer - SMS spoofing guide with practical scripts for security testing.
• SMS Bomber - Although designed for SMS spamming, it can be used in security simulations.
• Termux-SMS - Tool designed for Android devices via Termux to simulate SMS phishing campaigns.
• SMSSpoof - Python-based smishing framework for crafting believable SMS attacks.
• Spammer-Grab - Open-source tool designed to automate SMS testing campaigns.

Tailgating Simulator Tools

🔧 Tools List

• CCTV Simulator - Software for creating realistic CCTV simulations to train staff on identifying unauthorized access attempts.
• GuardPoint Pro - Access control platform with simulation features to assess tailgating vulnerabilities.
• iPass Simulator - Tool designed to simulate employee badge and access control bypass scenarios.
• Access Control Assessment Tool - Open-source utility for evaluating access point weaknesses in physical security.
• RFID Emulator - Tool for replicating RFID signals to test unauthorized entry points.
• Proxmark3 - RFID testing tool capable of simulating access card cloning in tailgating attack scenarios.
• OpenPath Security - Cloud-based access control solution with simulated attack features.
• BadgeRanger - Utility designed for testing security gaps related to access badges and entry systems.
• KeyDuino - Open-source NFC and RFID security tool useful for simulating tailgating scenarios.
• SpyRFID - Tool for analyzing RFID badge systems to evaluate security flaws.

Dumpster Diving Awareness Module Tools

🔧 Tools List

• OSINT Framework - Open-source intelligence tool that helps demonstrate how discarded information can be exploited.
• Recon-ng - Powerful reconnaissance tool that can showcase how publicly available data can be gathered, mimicking dumpster diving tactics.
• DumpsterFire - Automated task chaining tool that simulates data leakage and mishandled information scenarios.
• Creepy - Tool for location tracking via metadata, showcasing how leaked digital information can be exploited.
• Maltego - Visual data mapping tool used to track exposed data often found through dumpster diving tactics.
• FOCA - Metadata analysis tool that reveals sensitive information in publicly available documents.
• ExifTool - Metadata extraction tool that educates users on hidden data exposure risks in files.
• Intel Techniques - Comprehensive OSINT platform for teaching digital footprint management and data security.
• TheHarvester - Tool for gathering information like emails, subdomains, and files that mimic data exposure risks.
• DataSploit - Open-source intelligence framework designed to identify exposed data points found in discarded digital resources.