1. The Social-Engineering Toolkit (SET) is a product of TrustedSec. SET is a Python-driven suite of custom tools and is a menu-driven attack system that mainly concentrates on attacking the human element of security. With a wide variety of attacks available, this toolkit is an absolute must-have for penetration testing.SET comes preinstalled in Kali Linux. You can simply invoke it through the command line using the command se-toolkit:
/usr/share/set# ./set
root@Kali:/usr/share/set/# python set
Or, you can choose it through the Applications menu:
Once the user clicks on the SET toolkit, it will open with the options shown in the
following screen shot:
Website cloning
In this attack, we will mirror a web page and send that mirror page link to the target. As this is the first attack that takes place, I would suggest you to go through the options available in the different sections of the SET toolkit.Select Social-Engineering Attacks to receive a listing of possible attacks that can be performed.
Here I start with the Website Vectors. Enter 2 to move to the next menu. For this example, on the list, we will take a look at the third option, Credential Harvester Attack Method.The following menu provides three options. We will be using one of the provided templates for this example:
The second method will completely clone a website of your choosing and allow
you to utilize the attack vectors within the same web application that you were
attempting to clone.The IP address the user needs to enter is the IP address of Kali Linux, which can be found using the following command:
ifconfig –a
For instance, the IP address of my machine comes out as 10.0.2.15. Enter the URL to clone, for example, http://www.facebook.com, as shown in the following screenshot:
Now we have created a cloned Facebook login page that is listening on port 80. We can check the source code of the clone of the website that we have created for the phishing attack. It is stored at /usr/share/set/src/program_junk/Web Clone/~Index.html.This is the source of the web page the attacker has cloned through the SET toolkit.Navigate to the 127.0.0.1:80 (localhost port 80) URL in the browser. The phishing page is hosted on your machine's IP address.The following IP address needs to be sent to the target; this can be sent through an e-mail or can be uploaded on any web hosting site.Once the user visits the link and enters the username and password, the login credentials are redirected to our Kali Linux server that we have set up as shown in the preceding screenshot.