search

trustedsec / social-engineer-toolkit

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
10.69k stars 2.73k forks source link

NameError: name 'spawn' is not defined #906

Open shimakaze-git opened 2 years ago

shimakaze-git commented 2 years ago

Enviroment

OS : Ubuntu 20.04 Python: 3.8

I did the following.

 Select from the menu:

   1) Social-Engineering Attacks
   2) Penetration Testing (Fast-Track)
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit

set> 1

 Select from the menu:

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) Wireless Access Point Attack Vector
   8) QRCode Generator Attack Vector
   9) Powershell Attack Vectors
  10) Third Party Modules

  99) Return back to the main menu.

set> 2

   1) Java Applet Attack Method
   2) Metasploit Browser Exploit Method
   3) Credential Harvester Attack Method
   4) Tabnabbing Attack Method
   5) Web Jacking Attack Method
   6) Multi-Attack Web Method
   7) HTA Attack Method

  99) Return to Main Menu

set:webattack> 1

   1) Web Templates
   2) Site Cloner
   3) Custom Import

  99) Return to Webattack Menu

set:webattack> 2
[-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.
set> Are you using NAT/Port Forwarding [yes|no]:no
set> IP address or URL (www.ex.com) for the payload listener (LHOST) [192.168.1.6]:

[-------------------------------------------]
Java Applet Configuration Options Below
[-------------------------------------------]
Next we need to specify whether you will use your own self generated java applet, built in applet, or your own code signed java applet. In this section, you have all three options available. The first will create a self-signed certificate if you have the java jdk installed. The second option will use the one built into SET, and the third will allow you to import your own java applet OR code sign the one built into SET if you have a certificate.
Select which option you want:
1. Make my own self-signed certificate applet.
2. Use the applet built into SET.
3. I have my own code signing certificate or applet.

Enter the number you want to use [1-3]: 2
[*] Okay! Using the one built into SET - be careful, self signed isn't accepted in newer versions of Java :(
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:https://twitter.com/login

[*] Cloning the website: https://twitter.com/login
[*] This could take a little bit...
[*] Injecting Java Applet attack into the newly cloned website.
[*] Filename obfuscation complete. Payload name is: GNQsYFVlUoRB
[*] Malicious java applet website prepped for deployment

What payload would you like to generate:

  Name:                                       Description:

   1) Meterpreter Memory Injection (DEFAULT)  This will drop a Meterpreter payload through powershell injection
   2) Meterpreter Multi-Memory Injection      This will drop multiple Metasploit payloads via powershell injection
   3) SE Toolkit Interactive Shell            Custom interactive reverse toolkit designed for SET
   4) SE Toolkit HTTP Reverse Shell           Purely native HTTP shell with AES encryption support
   5) RATTE HTTP Tunneling Payload            Security bypass payload that will tunnel all comms over HTTP
   6) ShellCodeExec Alphanum Shellcode        This will drop a meterpreter payload through shellcodeexec
   7) Import your own executable              Specify a path for your own executable
   8) Import your own commands.txt            Specify payloads to be sent via command line

set:payloads> 4

***************************************************
Web Server Launched. Welcome to the SET Web Attack.
***************************************************

[--] Tested on Windows, Linux, and OSX [--]
[*] Moving payload into cloned website.
[*] The site has been moved. SET Web Server is now listening..
Press <return> when you want to shut down the web server. It is currently listening.

[-] Launching the SET HTTP Reverse Shell Listener...
############################################
#
# The Social-Engineer Toolkit (SET) HTTP RevShell
#
#        Dave Kennedy (ReL1K)
#     https://www.trustedsec.com
#
############################################
Starting encrypted web shell server, use <Ctrl-C> to stop

I accessed to 127.0.0.1 myself. However, I get the following error.

127.0.0.1 - - [12/Nov/2021 20:49:59] "GET / HTTP/1.1" 200 -
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 36964)
Traceback (most recent call last):
  File "./setoolkit", line 244, in <module>
    core.module_reload(src.core.set)
NameError: name 'src' is not defined

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/share/setoolkit/src/core/set.py", line 633, in <module>
    module_reload(spawn)
NameError: name 'spawn' is not defined

During handling of the above exception, another exception occurred:
Rafael619 commented 1 year ago

i have the same error