Introducing the Social Media Phishing Tools for Kali Linux. This is a complete tool that you can use to scan and hack web applications. You can execute customized attacks and phishing campaigns on your own or simulate a real attack that can be watched in an offline environment. The tool will crack a variety of passwords by using all browsers, usernames, and passwords that match the list that you enter.
The Social Media Phishing Tools for Kali Linux have the potential to be very effective and so scary that anyone who falls for them will lose everything…okay maybe just some friends, but still a nice option to have.
Maltego is an OSINT (open-source intelligence) investigation tool that shows how different pieces of information are interlinked. With Maltego, you can find relationships between people and various information assets, including email addresses, social profiles, screen names and other pieces of information that link a person to a service or organization.
Having all of this information can help you simulate a social engineering attack to help you evaluate your employees’ security awareness. You can launch Maltego from the Kali Whisker Menu or by going to Applications > Kali Linux > Top 10 Security Tools > and selecting Maltego at number five.
Maltego uses a graphic user interface, making it easy to visualize relationships.
Social Engineering Toolkit (SET)
Social Engineering Toolkit (or SET) is an open-source, Python-driven toolkit aimed at penetration testing around social engineering. SET has various custom attack vectors that enable you to set up a believable attack in no time.
SET includes a website tool that converts your Kali box into a web server with a range of exploits that can compromise most browsers. The idea is to send your target a link that routes them through your site, which automatically downloads and executes the exploit on their system.
You can even use the pre-built templates in SET to clone a legitimate website so that the exploit looks more realistic. SET has pre-formatted phishing pages of popular sites, including Facebook, Twitter, Google and Yahoo.
You can open SET in Kali Linux by going to Applications > KaliLinux > Exploitation Tools > Social Engineering Toolkit | toolkit or by entering setoolkit as a shell prompt.
Wifiphisher is a unique social engineering tool that automates phishing attacks on Wi-Fi networks to get the WPA/WPA2 passwords of a target user base. The tool can choose any nearby Wi-Fi access point, jam it (de-authenticate all users) and create a clone access point that doesn’t require a password to join.
Any person who connects to the evil twin-like open network is presented with a seemingly legitimate phishing page asking for the Wi-Fi password to download a firmware update, which is cited as the reason the Wi-Fi isn’t working.
Once the targets enter a password, Wifiphisher sends an alert while stalling for time. After transmitting the captured password, it will display both a fake reboot timer and a fake update screen to buy you time for testing the captured password. It’s a handy tool for evaluating your security defenses against Wi-Fi-based social engineering.
You can launch the python script by entering this command:
$ sudo python wifiphisher.py
Nmap or “Network Mapper” is one of the most popular tools on Kali Linux for information gathering. In other words, to get insights about the host, its IP address, OS detection, and similar network security details (like the number of open ports and what they are).
It also offers features for firewall evasion and spoofing.
Lynis is a powerful tool for security auditing, compliance testing, and system hardening. Of course, you can also utilize this for vulnerability detection and penetration testing as well.
It will scan the system according to the components it detects. For example, if it detects Apache – it will run Apache-related tests for pin point information.
Metasploit Framework is a penetration testing tool that can help you identify, exploit and validate vulnerabilities. It delivers the content, tools and infrastructure to conduct extensive security auditing along with penetration testing.
One of the most powerful features packaged into Metasploit is the option to set up a fake SMB server. This implies that when a person on the network tries to access the server, their system will have to show their credentials in terms of their “domain password hash.”
If you are patient, you may be able to capture domain credentials as users attempt to authenticate against the SMB server. Sending an embedded UNC path to the target can help you collect their domain credentials when they click on it.
MSF is updated frequently, and new exploits are updated as soon as their creators publish them. You can launch Metasploit through the Kali Linux menu or by entering the following command in the terminal.
$ msfconsole -h
WordPress is one of the best open source CMS and this would be the best free WordPress security auditing tool. It’s free but not open source.
If you want to know whether a WordPress blog is vulnerable in some way, WPScan is your friend.
In addition, it also gives you details of the plugins active. Of course, a well-secured blog may not give you a lot of details, but it is still the best tool for WordPress security scans to find potential vulnerabilities.
MSFvenom Payload Creator (MSFPC)
MSFPC is a user-friendly tool that makes it easy to create basic payloads. It helps users avoid the need to write long msfvenom commands to generate payloads. With this generator, you can create payloads with a minimum of one argument.
MSFPC can be used to create Windows, Linux and even Android payloads. Its script is a real timesaver when you want to create simple payloads quickly. Although this doesn’t involve encoding to help bypass antivirus virus, it can still be useful to learn.
Sometimes, you just want to make a quick payload, deliver it somewhere, and carry on with your routine. In scenarios like these, msfpc.sh can come in handy.
To use MSFPC, you must only define the payload you want by either the file extension you want it to have or the platform you are going to drop it on. Typing msfpc in the terminal will allow you to run the tool.
Blackphish – Phishing tool in Kali Linux
- Difficulty Level : Basic
- Last Updated : 17 Jun, 2021
Blackphish is a powerful open-source tool Phishing Tool. Blackphish is becoming very popular nowadays that is used to do phishing attacks on Target. Blackphish is easier than Social Engineering Toolkit. Blackphish contains some templates generated by another tool called Blackphish. Blackphish offers phishing templates web pages for 5 popular sites such as Facebook, Instagram, Google, Snapchat. This tool is very helpful performing phishing attacks.
Step 1: To install the tool first move to desktop and then install the tool using the following commands.
cd Desktop git clone https://github.com/iinc0gnit0/BlackPhish
Step 2: Now move to the directory of the tool using the following command. Then install the tool using the following command.
Step 3: The tool has been installed in your system. Now to run the tool use the following command.
sudo python3 blackphish.py
Step 4: Now you can see various options here. Suppose you want to create a phishing page for Instagram so type 1 after that type 3 for localhost you can choose an option according to your requirement.
Step 5: Now open the IP address for the localhost.
Step 6: Open the ip address in the browser.
Step 7: Here you will get the details of the victim.
You can see the phishing page is generated using the tool. Once the user entered his/her id password it will be reflected on the terminal. This is how this simple tool works. You can get credentials using this tool.
The Social Media Phishing Tools For Kali Linux has been created to make the process of developing and deploying Social Engineering attacks as easy as possible.