• Today we will be learning how to create phishing pages of any website using a tool called ‘Social Engineer Toolkit’.
  • Social Engineer Toolkit is a pentesting tool developed by TrustedSec.


Let us get started

  1. Open up your terminal in your kali Linux.

2)Open Social Engineer Toolkit by typing in the following command:           


3)Social Engineer Toolkit will open.

Note – Type in 4 to update the toolkit.

4) Here, we want to open Social-Engineer Attacks, so type in 1 in order to open it.

5) Choose Website Attack Vectors

6) Choose Credential Harvester Attack Method

7) From the following options given choose the option ‘site cloner’ in order to ‘clone’ or create a phishing page of the website that we want.

8) Something similar to “IP address for the POST    back in Harvester/Tab nabbing: will be shown. This means that we need to host a server in order to carry out the process over the WAN and enter the IP of that server here.    

 –This can be done by setting up ‘Ngrok’ which can be downloaded from here.

9) After this enter the forwarding address, you found on your Ngrok server after initiating it. Enter it after the “IP address for the POST back in Harvester/Tabnabbing“

  –Then in the field which says “Enter the URL to clone”, fill it with the URL of the real website of which we want to create the phishing page of. Here in my case, I’ve given and click enter. 

–This will create a phishing page of the given website on the Ngrok server.

10) If everything is done correctly, you should see a screen similar to one give below.

11) You are DONE! Just sent the Ngrok forwarding IP to the victim. Once the victim fills the username and password in the respective fields , you’ll be able to get those results in the terminal. 

12) In case you want to check if it works just copy the and open it in any of your browser. If it loads up perfectly, you are all good to go.

13) Here, I’ll copy and paste the Ngrok forwarding link in my Firefox browser.

14) As you can see, our phishing page loads successfully. I’ll provide some input just to see if everything works perfectly.

15) As you can see, I’m able to see the username and password in pure plain text.


  • This is how you can create phishing pages using Social Engineer Toolkit.
  • With this you would have got an idea how easy and simple it is to create a phishing page. 
  • Always double check the URL twice before making any data submission to the websites.
  • Please do not use this with any unethical intensions as it may get you in serious legal trouble.  


Thanks for reading this article and I hope you would have learnt something new with this.