# SET(Social-Engineering Toolkit) The Social-Engineering Toolkit is an open-source testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make believable attacks quickly. SET is a product of Trusted-Sec. This tool is great for Phishing will automate a lot of the process and will provide us a link to send to the user. The setup of SET is very straight forward we will runs this on our Linux box. ![](/files/-Lx3UWWsrzcMdmE0j8iw) We will gather credentials in this demonstration, continue onto the first option. ![](/files/-Lx3UgBq_AVttyLmHFkZ) We want to choose the Website Attack Vectors, you are very welcomed to explore the other options to learn more on this. ![](/files/-Lx3UuHsIL3mhwugxqXV) We will move forward and select the Credential Harvester Attack Method self-explanatory on what this will do, it will create an attack to harvest credentials by the use of Social-Engineering. ![](/files/-Lx3V95q684Uurl4gCWd) This is optional but I will use the Web Templates option as it is a quick and dirty DEMO. The explanations on what every options does will be on SET ![](/files/-Lx3VRh5ZwCw-eb56_ls) In the next field we will add an IP internal or External. \[In external we will need Port Forwarding Enabled] ![](/files/-Lx3VekXNsiCZoO8ePmA) Google as my selected Template ![](/files/-Lx3Vl9i_SC3XJYKW93u) Again creativity will help here on how your victim will enter it's credentials ![As you can see the Logo is missing](/files/-Lx3W91WSx7adhRoQUqS) Once they log in there credentials they will be redirected to the real Google page and on your terminal you will receive the output for the inserted Credentials. ![](/files/-Lx3WYTnA60alFZUlauf) Many other tools exist out there that will use other websites and different languages no need to use SET but this is a sample on what SET can do, as this is open-source editing is welcome to adapt to newer websites and security measures that are used by them. This can and will be detected by a well aware Analyst. You can explore the many other options available from SET. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dmcxblue.gitbook.io/red-team-notes/initial-acces/spear-phishing-links/set-social-engineering-toolkit.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.