SET(Social-Engineering Toolkit)

A social engineering framework frequently used for the gather of credentials or user execution access. I am using this Framework to automate most of the job to setup a Phishing Page

The Social-Engineering Toolkit is an open-source testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make believable attacks quickly. SET is a product of Trusted-Sec. This tool is great for Phishing will automate a lot of the process and will provide us a link to send to the user.

The setup of SET is very straight forward we will runs this on our Linux box.

We will gather credentials in this demonstration, continue onto the first option.

We want to choose the Website Attack Vectors, you are very welcomed to explore the other options to learn more on this.

We will move forward and select the Credential Harvester Attack Method self-explanatory on what this will do, it will create an attack to harvest credentials by the use of Social-Engineering.

This is optional but I will use the Web Templates option as it is a quick and dirty DEMO. The explanations on what every options does will be on SET

In the next field we will add an IP internal or External. [In external we will need Port Forwarding Enabled]

Google as my selected Template

Again creativity will help here on how your victim will enter it's credentials

Once they log in there credentials they will be redirected to the real Google page and on your terminal you will receive the output for the inserted Credentials.

Many other tools exist out there that will use other websites and different languages no need to use SET but this is a sample on what SET can do, as this is open-source editing is welcome to adapt to newer websites and security measures that are used by them. This can and will be detected by a well aware Analyst.

You can explore the many other options available from SET.

Last updated