Send Fake E-Mail with SETOOLKIT
Usually, employees are unaware of the tricks and techniques of social engineering, which can be used as intermediaries to obtain valuable information, such as credit card information or corporate secrets.
The security of the entire organization can be compromised if an employee visits a malicious website, answers a phone call from a social engineer, or clicks on a malicious link he or she received in his or her personal e-mail.
In this guide. we will show you a method through which you can easily send a fake email with one of the most popular tools called SET (Social Engineering Toolkit).
SET is a product of TrustedSec. SET is a Python-based custom tool suite created by David Kennedy (ReL1K) and his team, consisting of JR DePre (pr1me), Joey Furr (j0fer) and Thomas Werth.
SET is an attack system based on attack on human resources. With a variety of attacks available, this toolkit is absolutely essential for penetration testing.
SET comes pre-installed on Kali Linux. You can simply run it through the command line by typing “setoolkit".
Once SET is open, all available options will be displayed as shown in the following screenshot:
Select 1) Social-Engineering Attacks to get a list of possible attacks that can be executed.
You can select the attacks you want to perform from a menu that appears as follows:
- 1 Spear-Phishing Attack Vectors
- 2 Website Attack Vectors
- 3 Infectious Media Generator
- 4 Create a Payload and Listener
- 5 Mass Mailer Attack
- 6 Arduino-Based Attack Vector
- 7 Wireless Access Point Attack Vector
- 8 QRCode Generator Attack Vector
- 9 Powershell Attack Vectors
- 10 SMS Spoofing Attack Vector
- 11 Third Party Modules
- 99 Return back to the main menu
We'll start with Mass Mailer Attack . Enter 5 to go to the next menu.
For this example in the list, we will take a look at the first option, E-Mail Attack Single Email Address .
Now you need to fill in all the following details as shown below:
- Send email to:
- From address:
- The FROM Name the user will see:
- Username for open-relay:
- Password for open-relay:
- SMTP email server address:
- Port number for the SMTP server:
- Flag this message / s as high priority ?:
- Do you want to attach a file:
- Do you want to attach an inline file:
- Email Subject:
- Send the message as html or plain:
- Enter the body of the message, type END when finished:
Here you need an open SMTP retransmission server, which you can easily get through smtp2go.com and creating a free account whose SMTP server address will be “mail.smtp2go.com"And the door will be"2525".
In the SMTP2GO.com Application Control Panel, you can even manage all registrations and view all the information about fake emails sent from your account, as shown below: