Disclaimer

This guide is solely for educational purposes only. Any acts of hacking taught here is for Ethical Hacking. Any hacking actions done without permission of owner is considered an illegal act by the law. Hence, do practice on your own network structure and your own devices.

Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. It abuses human errors such as their clumsiness or unawareness of crucial information that the they can expose to the hacker. I will explain several tools inside SET.

How to Install

1. git clone https://github.com/trustedsec/social-engineer-toolkit setoolkit/
2. cd setoolkit
3. pip3 install -r requirements.txt
4. python setup.py

Credential Harvester

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. I will try to provide step by step in cloning a website and getting users’ inputted credentials on that cloned website:

1.Open Terminal

2. Run “sudo setoolkit”

3. Choose “Social-Engineering Attacks” (no 1)

4. Choose Website Attack Vectors (no 2)

5. Choose the “Credential Harvester Attack Method” (no 3)

6. Choose “Web Templates” (no 1)

7. Type your Kali Linux IP address

8. Choose “Google” (no 2)

By now, you can try to be the user. You can open Kali Linux IP address in a browser and input any email address and password and check the captured email and password in the terminal.