Mass Email Attack Kali Tutorial : Kali Linux SET Tutorial
Sending mass emails is not a new concept for the ethical hacking community. Certainly we need to send mass emails during phishing tests. While phishing, penetration testers often need to send bulk emails to the employees of the organization who requested the penetration test.
There are many software options available for bulk mail sending but the best tool on the market is already present in our favorite penetration testing OS : KALI Linux
In this post I will be sending mass emails using Kali Linux and SET (Social Engineering Toolkit)
To begin the mass email attack, we first need a list of email addresses, either one that we’ve compiled or one supplied to us by the organization we are conducting the penetration test for.
If you don’t have an email list, please refer to this link to view my tutorial on Email Harvesting : Click Here
For this tutorial we will be using email list file: email_list.txt
Now I will open Social Engineering Toolkit, SET:
Simply open the terminal and type:
se-toolkit
And SET opens Up
Select Social Engineering Attacks, Option 1
Option 1 : Social-Engineering Attacks
Now as we need to do a mass email attack, select option 5.
Option 5 : Mass Mailer Attack
For this tutorial, we’re dealing with a group of emails, rather than a single email address, so select Option 2. Option 1 might be useful for spear-phish attacks.
Option 2 : Email Attack Mass Mailer
Now you need to define the path to the email list. For us, this is email_list.txt. Just add the file-name with the path.
The easiest way is to drag and drop the email_list.txt file into the terminal.
Now select Option 1 as we will be using a Gmail account for sending the mass emails. If you have a self-email / SMTP server feel free to explore the other options.
Option 1 : Use a Gmail account for email attack
Enter the Gmail address you want the mass attack sent from. The email address and password must be correct.
Next, enter the name that you want the email recipients to see in their Inbox. This is the name that will flash first in front of your victim. Pay specific attention to this field , as this where the actual social engineering takes place.
This could be “Admin” in case of a spear-phish attack.
Now the SET will ask you to enter the password for the email account.
After entering the password, you have the option to specify this message as high priority. Sometimes this may be effective, but it could also make the victim suspicious, so we suggest using this option only when it suits your needs.
Screenshot
Now SET will ask you to enter the subject of the email .
Enter the subject of the email
Now the SET will ask you if you want the body of the message to be HTML or Plain Text .
P for plain text or H for html
Enter the body text
Enter the body of the email here . If you chose HTML message then add the HTML tags as well .
Enter Control+C to send the email .
Enter to go back to the main menu
This is how hackers perform mass email attack.
#Purely for educational purposes. Penetration testing without authorization is illegal .