Social Engineering Toolkit (SETOOLKIT) Credential Harvester

August 11, 2015 | Views: 23360

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Social Engineering Toolkit (SETOOLKIT)

Credential Harvester  using Kali


There’s a 2 types of Social Engineering Attack a Human Based and Computer Based, this time we are going to use Computer Based Attack using very good tools in performing Social Engineering Attacks.


1. An Active Internet Connect.
2. Kali Linux (Download)

Overview :
The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

SET is built-in installed in Kali linux so no problem about the installation, we have 2 ways to access SET.

1. We can open using Kali menu Goto Kali Linux > Exploitation Tools >Social Engineering Toolkit> se-toolkit.

2.Open terminal and type se-toolkit or setoolkit

We can wait the terminal is loading and we see picture below

Step 1: Type 1 and Enter

Step 2: Type 2 the Website Attack Vectors and Enter

Step 3: Type 3 the Credential Harvester Attack and Enter

Step 4: Type 2 the Site Cloner and Enter

Step 5:  it will ask you ip you can type ifconfig to see your ip address.

Step 6: Paste you ip

Step 7: Enter the site you want to clone like for example: “”

Note: Don’t close the se-toolkit terminal because you can received some information from target.

Step 8: Go to browser and type and type your ip in the box

Step 9: Send the link to your target


Note this is Educational Purpose Only
Regards from Philippine Security Researcher

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. This will only work on your internal network though. Perhaps if you’re within the network of the business you wish to pentest somehow and under very specific circumstances this may work and be helpful. Yet, for any real-world use you’ll have to set up port forwarding to forward any requests from outside networks, to your computer something, I believe.

  2. how to use phishing for another network because my link working on my same network

  3. Thank You for the article . when i am creating the phishing page using setoolkit it is not cloning the original site properly , please help

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?