# Links: Social Engineering Toolkit The Social-Engineering Toolkit is an open-source testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make believable attacks quickly. SET is a product of Trusted-Sec. This tool is great for Phishing will automate a lot of the process and will provide us a link to send to the user There are some good frameworks but we will use a well-known one, which hasn't been updated in quite some time but still demonstrates the capabilities of Capturing User Credentials. ### Setoolkit ![](/files/-MRh7wQsqtgVDTW_ccia) We will follow the instructions to start a Social Engineering Attack, we continue by selecting the Credential Harvester Attack we type our IP address to where the user has to connect back to, and of course that holds our Login Poral and we can simple send the link to the User. ![](/files/-MRh7xYHTURCTf9WuzGV) The body of the email I am using for this technique. Once the user clicks on the Link they will get sent to a login portal familiar to Google. ![](/files/-MRh7ySGXKT6RRQEPwSw) And once they enter their credentials our machine will capture them for us. ![](/files/-MRh7zS0ggUwZAFWSO_I) Attacker Machine ![](/files/-MRh8-Yha0W3R3NAgRph) We see our Captured Credentials in Red with a possible Username and Password Field found. With this technique we can grab some valid accounts and try to use it with other methods for Initial Access. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-link/links-social-engineering-toolkit.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.