Mass Email Attack Kali Tutorial : Kali Linux SET Tutorial

Mass email senders is not a new topic for ethical hacking community . Certainly we need to send mass emails during penetration test / phishing tests (to be more specific) . While Phishing tests penetration testers often need to send Bulk emails to the employees of an organisation we are conducting the penetration test for .
Though there are many Bulk Mail sending softwares available out there but there is nothing as good as bulk sending tool that is already present in our favourate penetration testing OS : KALI Linux

In this post I will be sending mass emails using Kali Linux and SET (Social Engineering Toolkit)

To begin with the Mass email attack , you first we need a Email list that we have either harvested or has been supplied to us by the organisation we are conducting the penetration test for .
Incase if you dont have a email list , please refer to this link to view my tutorial on Email Harvesting : Click Here

For this tutorial I will be using email list file , email_list.txt

Now I will be opening Social Engineering Toolkit , SET :
Simply Open Termial and type :

se-toolkit

And SET opens Up

SET-Mass-mailer-compressed

Select Social engineering i.e Option 1

Option 1 : Social-Engineering Attacks

SET-compressed

Now as we need to do a mass email Attack (Mass Mailer attack select option 5)

Option 5 : Mass Mailer Attack

Then select Option 2 for email mass mailer as this tutorial we deal with Email Mass sender and not the Single Email Address . The Option 1 might be useful spear-phish attacks .

Option 2 : Email Attack Mass Mailer

Now you need to define the path to the email list . This is email_list.txt in our case , just add the file-name with the path .
Easiest way is to drag and drop the email_list.txt file into the terminal .

Now select Option 1 as we will be using a gmail account for sending the Mass emails as we dont have our own SMTP server . In case you have a self email server / SMTP (as done by the proffessional spammers)server feel free to explore the other options .

Option 1 : Use a Gmail account for email attack

Enter the gmail address . The email address must be correct and you must also have the password for the same to successfully send the emails .

Now enter the name that you want the email recipients to see in the Inbox . This is the Name that will flash first in front of your victim . Pay attention to this field specifically , as this where the actual social engineering takes place .
This could be “Admin” in case of a spear phish attack .

Now the SET will ask you to enter the password for the email account .
Enter the gmail password
Now you have an option to specify weather or not you want to flag this message as high priority . Sometimes this may work and sometimes might make the victim suspicious . So I suggest to use this option as per your suitability .
Screenshot
Now SET will ask you to enter the subject of the email .
Enter the subject of the email
Now the SET will ask you if you want the body of the message to be HTML or Plain Text .
P for plain text or H for html

Enter the body text

Enter the body of the email here . If you chose HTML message then add the HTML tags as well .
Enter Control+C to send the email .
Enter to go back to the main menu

This is how hackers perform mass email attack.