First up is the Social Engineering Toolkit from Dave Kennedy of TrustedSec. This toolkit demonstrates how to perform a variety of social engineering attacks.
From the Toolkit:
DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.The attack method to be tested is cloning a website to harvest credentials.
- Open a console on Kali Linux
- setoolkit and then enter to launch
- 1 for Social-Engineering Attacks.
- 2 for Website Attack Vectors
- 3 for Credential Harvester Attack Method
- 2 to clone a site
- Enter to accept the default IP
- https://apps.ndsu.edu/cas/login or a login form your control to clone
- Enter to understand what they are saying
- Launch Firefox
- Go to http://localhost to load the page
- Any credentials that you enter in will be posted back to SET in plain text. DO NOT USE REAL CREDENTIALS.
- Go back to SET console and see provided credentials
More instructions and operations can be found on the SET website at https://github.com/trustedsec/social-engineer-toolkit/