Difference between revisions of "Social Engineering Toolkit"
Line 18: | Line 18: | ||
After launching the Social Engineering Toolkit we see the above mentioned menu. | After launching the Social Engineering Toolkit we see the above mentioned menu. | ||
Here we can choose between submenus to specify our attack. Our Example will be about '''Twitter Sign in Phishing''', | Here we can choose between submenus to specify our attack. Our Example will be about '''Twitter Sign in Phishing''', | ||
therefore we have to select through several submenus | therefore we have to select through several submenus, first . | ||
Revision as of 23:31, 10 July 2021
Summary
Social Engineering Toolkit (SET) is a menu driven system that allows you to control your attacks tailored to the desired target.
Requirements
As part of this guide, I used Kali (Kali GNU/Linux Rolling 5.10.0-kali3-amd64) as the OS, so it was already preinstalled. I installed Kali on a Virtual machine (VMware® Workstation 15 Pro 15.5.5 build-16285975).
Example
Let's see an example of how to execute a "Twitter Sign in Phishing Web-Attack" using the Social Engineering Toolkit.
After launching the Social Engineering Toolkit we see the above mentioned menu. Here we can choose between submenus to specify our attack. Our Example will be about Twitter Sign in Phishing, therefore we have to select through several submenus, first .
For Twitter Sign in Phishing Web-Attack we've to choose option 2
At 3rd submenu we've to choose the option 3.
There are hundreds of modules under "Commands", which include from social engineering to browser hacks. The desired module can be selected by clicking and executed with the "Execute" button at the bottom right. I choosed the "Google Phishing" module under the "Social Engineering" Folder and clicked to "Execute".
Command execution in the Browser
There are hundreds of modules under "Commands", which include from social engineering to browser hacks. The desired module can be selected by clicking and executed with the "Execute" button at the bottom right. I choosed the "Google Phishing" module under the "Social Engineering" Folder and clicked to "Execute".
Result
After executing the "Google Phishing" module, the victim is asked to "Sign in". Victims entered credentials are visible under "Logs".
Courses
- WFP-1