CalvinBackup/ai-llm-red-team-handbook
1
0
Fork 0
mirror of https://github.com/Shiva108/ai-llm-red-team-handbook.git synced 2026-02-12 14:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
ai-llm-red-team-handbook/scripts/social_engineering/techniques_source.py
shiva108 b3d3bac51f Add practical scripts directory with 400+ tools 
- Extracted all code examples from handbook chapters
- Organized into 15 attack categories
- Created shared utilities (api_client, validators, logging, constants)
- Added workflow orchestration scripts
- Implemented install.sh for easy setup
- Renamed all scripts to descriptive functional names
- Added comprehensive README and documentation
- Included pytest test suite and configuration
2026-01-07 11:39:46 +01:00

342 lines
12 KiB
Python
Raw Permalink Blame History

#!/usr/bin/env python3
"""
Key Techniques
Source: Chapter_24_Social_Engineering_LLMs
Category: social_engineering
"""
import openai
from typing import List, Dict
import argparse
import sys
#!/usr/bin/env python3
"""
LLM-Powered Impersonation Attack Framework
Demonstrates executive/colleague impersonation using AI
⚠️ WARNING: FOR EDUCATIONAL/AUTHORIZED TESTING ONLY ⚠️
Requirements:
pip install openai
Usage:
python impersonation_framework.py
"""
class ImpersonationFramework:
"""Generate convincing impersonation attacks using LLM"""
def __init__(self, api_key: str = None, model: str = "gpt-3.5-turbo"):
"""
Initialize impersonation framework
Args:
api_key: OpenAI API key (optional for demo)
model: LLM model to use
"""
if api_key:
self.client = openai.OpenAI(api_key=api_key)
self.model = model
def analyze_writing_style(self, sample_texts: List[str]) -> Dict:
"""
Analyze writing style from sample communications
Extracts:
- Tone (formal/casual)
- Vocabulary level
- Sentence structure patterns
- Common phrases
- Signature style
Args:
sample_texts: List of sample communications from target
Returns:
Dictionary of style characteristics
"""
# Simulated analysis (real version would use NLP)
style_profile = {
"tone": "formal" if "regards" in " ".join(sample_texts).lower() else "casual",
"avg_sentence_length": sum(len(t.split()) for t in sample_texts) / len(sample_texts),
"uses_contractions": "don't" in " ".join(sample_texts).lower(),
"greeting_style": "Hi" if any("Hi" in t for t in sample_texts) else "Dear",
"closing_style": "Best regards" if any("Best regards" in t for t in sample_texts) else "Thanks",
"common_phrases": self._extract_phrases(sample_texts)
}
return style_profile
def _extract_phrases(self, texts: List[str]) -> List[str]:
"""Extract frequently used phrases"""
# Simplified extraction
common = []
full_text = " ".join(texts).lower()
patterns = [
"per our discussion",
"as mentioned",
"following up",
"just checking in",
"wanted to touch base",
"circling back"
]
for pattern in patterns:
if pattern in full_text:
common.append(pattern)
return common
def generate_impersonation_message(self,
target_name: str,
target_role: str,
style_profile: Dict,
objective: str) -> str:
"""
Generate message impersonating target individual
How This Technique Works:
1. Analyze target's writing style from samples
2. Extract tone, vocabulary, patterns
3. LLM generates new message matching style
4. Include objective (credential request, info gathering)
5. Result: Highly convincing impersonation
Args:
target_name: Name of person to impersonate
target_role: Their job title
style_profile: Writing style characteristics
objective: What attacker wants (e.g., "request file transfer")
Returns:
Generated impersonation message
"""
# Construct style description for LLM
style_desc = f"""
Writing Style Profile:
- Tone: {style_profile.get('tone', 'formal')}
- Uses contractions: {style_profile.get('uses_contractions', False)}
- Greeting: {style_profile.get('greeting_style', 'Dear')}
- Closing: {style_profile.get('closing_style', 'Best regards')}
- Common phrases: {', '.join(style_profile.get('common_phrases', []))}
"""
# Simulated message (real version would call LLM)
if style_profile.get('tone') == 'formal':
message = f"""Dear Team,
Per our discussion in this morning's leadership meeting, I need the Q3 financial projections forwarded to my attention by end of business today. The board has requested these for tomorrow's strategic planning session.
Please send the complete dataset to my personal email (john.smith@personalmail.com) as I'll be reviewing them offline this evening.
Best regards,
{target_name}
{target_role}"""
else:
message = f"""Hey team!
Quick ask - can someone send me the Q3 numbers? Need them for the board thing tomorrow.
Just shoot them to john.smith@personalmail.com since I'll be working from home.
Thanks!
{target_name}"""
return message
def ceo_fraud_attack(self) -> Dict:
"""
Demonstrate CEO Fraud / Business Email Compromise (BEC)
Attack Pattern:
1. Impersonate CEO/CFO
2. Request urgent wire transfer
3. Use authority + urgency triggers
4. Target finance department
Returns:
Attack details and sample message
"""
attack = {
"attack_type": "CEO Fraud / BEC",
"target": "Finance Department",
"impersonated_role": "Chief Executive Officer",
"objective": "Unauthorized wire transfer",
"message": """From: CEO@company.com (spoofed)
Sarah,
I'm in meetings with the acquisition team all day but need you to
process an urgent wire transfer for the due diligence payment.
Amount: $247,000 USD
Account: [ATTACKER ACCOUNT]
Reference: Project Aurora - Q4 Acquisition
This needs to clear before market close for the deal to proceed.
I'll be unreachable for the next few hours but this is time-critical.
Please confirm once processed.
Robert Williams
Chief Executive Officer""",
"success_factors": [
"Authority (CEO)",
"Urgency (market close deadline)",
"Plausibility (acquisition context)",
"Unavailability (can't verify)",
"Specificity ($247K, account details)"
]
}
return attack
def colleague_impersonation(self) -> Dict:
"""
Demonstrate colleague impersonation for credential theft
Attack Pattern:
1. Impersonate trusted colleague
2. Request help with system access
3. Harvest credentials via fake portal
Returns:
Attack details and sample message
"""
attack = {
"attack_type": "Colleague Impersonation",
"target": "Co-workers",
"impersonated_role": "IT Department Colleague",
"objective": "Credential harvesting",
"message": """Hey!
I'm locked out of the SharePoint after the password reset - can you help me test
if the new IT portal is working? Just need someone to verify their login works.
Go to: sharepoint-login-verify[.]com and enter your credentials
Let me know if it loads correctly!
Thanks,
Mike from IT""",
"success_factors": [
"Familiarity (colleague, not stranger)",
"Helping behavior (people want to help)",
"Plausibility (IT issues common)",
"Casual tone (disarming)",
"Simple ask (just test login)"
]
}
return attack
def demonstrate_attacks(self):
"""Demonstrate various impersonation attack types"""
print("="*70)
print(" IMPERSONATION ATTACK FRAMEWORK ".center(70, "="))
print("="*70)
print("\n⚠️ FOR EDUCATIONAL/AUTHORIZED TESTING ONLY ⚠️\n")
# CEO Fraud demonstration
print("[ATTACK 1] CEO Fraud / Business Email Compromise")
print("="*70)
ceo_attack = self.ceo_fraud_attack()
print(f"Target: {ceo_attack['target']}")
print(f"Impersonated: {ceo_attack['impersonated_role']}")
print(f"Objective: {ceo_attack['objective']}\n")
print("Sample Message:")
print("-"*70)
print(ceo_attack['message'])
print("-"*70)
print("\nSuccess Factors:")
for factor in ceo_attack['success_factors']:
print(f"{factor}")
print("\n" + "="*70)
# Colleague impersonation demonstration
print("[ATTACK 2] Colleague Impersonation")
print("="*70)
colleague_attack = self.colleague_impersonation()
print(f"Target: {colleague_attack['target']}")
print(f"Impersonated: {colleague_attack['impersonated_role']}")
print(f"Objective: {colleague_attack['objective']}\n")
print("Sample Message:")
print("-"*70)
print(colleague_attack['message'])
print("-"*70)
print("\nSuccess Factors:")
for factor in colleague_attack['success_factors']:
print(f"{factor}")
print("\n" + "="*70)
print(" IMPERSONATION ATTACK ANALYSIS ".center(70, "="))
print("="*70)
print("\n[WHY IMPERSONATION WORKS]:")
print(" 1. Authority Bias: People obey those in power")
print(" 2. Trust: Colleagues/executives are trusted by default")
print(" 3. Urgency: Time pressure bypasses verification")
print(" 4. Fear: Consequences for not complying")
print(" 5. Social Engineering: Exploits human psychology")
print("\n[LLM AMPLIFICATION]:")
print(" Traditional: Generic templates, obvious fakes")
print(" LLM-Powered: Perfect style mimicry, highly personalized")
print(" Result: 10x higher success rate")
print("\n" + "="*70)
# ============================================================================
# DEMO USAGE
# ============================================================================
if __name__ == "__main__":
print("LLM-Powered Impersonation Attack Framework")
print("For educational and authorized security testing only\n")
framework = ImpersonationFramework()
framework.demonstrate_attacks()
print("\n[REAL USAGE - AUTHORIZED TESTING ONLY]:")
print("# 1. Collect writing samples from target")
print("# samples = [email1, email2, email3, ...]")
print("#")
print("# 2. Analyze writing style")
print("# style = framework.analyze_writing_style(samples)")
print("#")
print("# 3. Generate impersonation message")
print("# message = framework.generate_impersonation_message(")
print("# target_name='John Smith',")
print("# target_role='CEO',")
print("# style_profile=style,")
print("# objective='request wire transfer'")
print("# )")
print("\n[DEFENSE STRATEGIES]:")
print(" 1. Verification Procedures:")
print(" - Always verify unusual requests via separate channel")
print(" - Call back on known number, don't reply to email")
print(" - Use code words for wire transfer approvals")
print("\n 2. Technical Controls:")
print(" - Email authentication (DMARC reject policy)")
print(" - External email warnings")
print(" - Dual-approval for financial transactions")
print(" - Anomaly detection on communication patterns")
print("\n 3. Training:")
print(" - Simulated impersonation attacks")
print(" - Red flags awareness (urgency + avoid verification)")
print(" - Reporting procedures for suspicious requests")
print("\n⚠️ LEGAL WARNING ⚠️")
print("Impersonation for fraud is illegal under:")
print(" - Wire Fraud (18 USC § 1343)")
print(" - Identity Theft (18 USC § 1028)")
print(" - Computer Fraud and Abuse Act")
print("\nUse only in authorized security assessments with written consent.")
Reference in New Issue View Git Blame Copy Permalink