Saturday, May 9, 2020

Security Onion - Linux Distro For IDS, NSM, And Log Management


Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Security-onion project
This repo contains the ISO image, Wiki, and Roadmap for Security Onion.

Looking for documentation?
Please proceed to the Wiki.

Screenshots








More articles


  1. Herramientas Hacking Etico
  2. Blog Seguridad Informática
  3. Hacking Games Online
  4. Que Significa Hat
  5. Certificacion Hacking Etico
  6. Hacking Articles
  7. El Mejor Hacker Del Mundo
  8. Hacking Informatico
Posted by at No comments:

USE OF CRYPTOGRAPHY IN HACKING

WHAT IS CRYPTOGRAPHY?

The Cryptography is derived from the Greek words "Kryptos". This is the study of secure communication techniques that allow only the sender and recipient of a message to view it's contents of transforming information into nonhuman readable form or vice versa is called cryptography.

As we know that information plays a vital role in running of any business and organizations etc, sensitive details in the wrong hands can leads to loss of business.

Cryptography is the science of ciphering and deciphering messages.To secure communication organizations use cryptology to cipher information .

                            Or

Cryptography is a method of protecting information and communication through the use of codes so that only those whom the information is intended can read and process it.

In Computer Science, Cryptography refers to secure information and communication techniques derived from mathematical concepts , a set of rule based calculations called algorithm to transform message in ways the hard to readable for human.

This is one of the secure way of communications for a hacker with the help of virtual private network(VPN) like Tor Browser which is also very helpful to change the IP Address(Location of the sender ) for illegal purpose to perform crime in cyberspace . I will discuss in brief about the VPN .



How to Encrypt and Decrypt the text in Cryptography?

Open this website with the help of internert surfing for encryption-"http://wwwmd5online.org" 

Open the link for Decrypt the code text-"http://www.md5online.org/md5-decrypt.html"

Type whatever you want for encryption and it will crypt in the code form, copy that code and forward to the intended person whom you want for secure communication and then he/she will Decrypt in the real form.




               
       







Read more


Posted by at No comments:

Friday, May 8, 2020

Top 20 Best Free Hacking Apps For Android |2019|

 20 Best Free hacking apps For Android |2019|. 

Android is now one of the most popular operating systems. So, hackers have also started using Android devices for their tasks. Now Android devices are used for penetration testing and other hacking activities including IT security administrator, Wi-Fi hacking and network monitoring. There are several hacking apps or Android devices. So, we have curated a list of best hacking apps for Android.


Before you start using these apps, you must take a backup of your important data. I also recommend the use of these apps on a separate device. Using this on your primary phone is not recommended. It is because many of these apps require a rooted device and app can also harm your phone.


Note: Hacking apps can be used for educational and malicious purpose. But we never encourage malicious operations. We are listing the apps here just for educational purpose. You should only use these apps to learn. We do not support any unethical use of these apps.

1.  AndroRAT

AndroRAT stands for Android RAT. RAT is the short form of Remote Administrative Tool and it allows an attacker to remotely control and fetch information from a device. AndroRAT does the same thing. It has a server developed in Java/Swing but the Android application has been developed in Java Android.

AndroRAT allows you to connect information like call logs, contacts, messages, location and more. You can remotely monitor sent and received messages send texts, use the camera, open a URL in the browser, make phone calls and remotely monitor the device.

The connection to the server can be triggered by an SMS or a call. From the server GUI, you can check all the connected clients and access information.

As the app allows silent remote access, it is not available on Play Store.

                Download APK

2. zANTI

zANTI is a known penetration testing suite of applications you can install locally on Android smartphone. This tool brings scanning tools Diagnostic features and Reporting tools. You can use this malicious software to attack a network and check for any loopholes in your network. This tool is used to test redirect and SSL stripping attacks. You can edit request and response messages from web servers, the host takes websites from your Android phone and more.


                  Download 

3. FaceNiff

FaceNiff is another good Android hacking that allows you to intercept the traffic of your WiFi network. You can use this tool to snoop what people are doing on the network you are. You can snoop on services like Facebook, Twitter, Amazon, YouTube and more. This is one of the notable too for steal cookies from the WiFi network and gives the attacker unauthorized access to other people's account.

This app requires a rooted device. So, you can only use the app if you have a rooted phone.

Download APK

4. Droidsheep

Droidsheep is also a similar app that helps security analysts understand what is happening in your Wi-Fi network. Like Face Sniff, this app can also hijack the web session profiles over a network and supports most of the services and websites.

The primary difference between Droidsheep and FaceSniff is that Droidsheep works with almost all the websites while FaceSniff has limited support.

                     Download APK

5. Hackode

Hackode is another good hacking apps for Android. It is not a single app but a collection of tools for ethical hackers and penetration testers. The app comes with three modules including Reconnaissance, Scanning and Security Feed. You can use this app for SQL Injection, Google hacking, MySQL Server, Whois, Scanning, DNS Dif, DNS lookup, IP, MX Records, Security RSS Feed, Exploits etc.

The app is still in beta, but available in Play Store.

                  Download Here

6. cSploit

cSploit is also a good security tool for Android. It comes with several options like cracking Wi-Fi password, installing backdoors, finding vulnerabilities and their exploits. If you are looking for a good hacking app or hacker app for Android, you should try this one for sure.

                  Download APK

7. DroidBox

DroidBox is also a similar kind of app that allows you to do the dynamic analysis of Android applications. You can use this app to get information like hashes of APK package, network traffic, SMS & phone calls, Incoming/outgoing network data, Listing broadcast receivers and more.

                    Download

8. Nmap

If you are into security or hacking, I am sure you already know the name of this too. Like the desktop tool, Nmap for Android also allows you to scan

It works on both on non-rooted and rooted phones. If you are a beginner, you should try this app and learn from it.

                      Download

9. SSHDroid

SSHDroid is SSH tool developed for Android. It lets you connect to a remote computer and run terminal commands, transfer and edit files. The app also provided features like shared-key authentication, WiFi autostart whitelist, extended notification control etc,

This app is available on Play Store.

                    Download

10. Kali Linux NetHunter

Kali Linux NetHunter is an open source penetration testing platform for Android. It officially supports Nexus and OnePlus devices. It provides the ultimate penetration testing platform that allows you to perform a wide range of attacks.

                     Download

11. APKInspector

APKInspector allows you to perform reverse engineering on an APK. you can use this to get a deep insight or APK and get the source code of any Android app. You can do modifications in the APK and visualize the DEX code to erase the credits and license.

                 Download APK

12. Shark for Root

Shark for Root is an advanced hacking tool for security experts and hackers. It can work as a traffic snipper. You can use the tcpdump command on rooted devices. It works on Wi-Fi, 3G, and FroYo tethered mode.

                    Download

13. dSploit

dSploit is an Android network penetrating testing suit. You can download and install it on your device to perform network security testing. It supports all Android devices running on Android 2.3 Gingerbread or higher. You need to root this phone for using the app. After rooting the phone, you need to download BusyBox from Google Play Store

The app comes with several modules including Port Scanner, Inspector, RouterPWN, Trace, Login Cracker, Packet Forger, Vulnerability Finder, and MITM.

                      Download

14. WPScan

WPScan is a WordPress vulnerability scanner for Android. This app is used to scan WordPress based websites and find possible vulnerabilities. WPScan is a popular desktop tool but this WPScan for Android is not related to that. So, do not think of it as an official WPScan app.

                      Download

15. Network Mapper

Network Mapper is a network scanner tool for network admins. It used to scan the network, lists all devices connected and find Open ports of various servers like FTP servers, SSH servers, SMB servers etc on the network. The tool is available on Play Store.

                     Download

16. Andosid

Andosid is like LOIC for the desktop. This tool is used to perform DOS attacks from Android mobile phones. You can use this tool to set a target URL and perform a DOS attack in one click. The tool will start flooding target URL with fake requests.

                     Download

17. DroidSQLi

DroidSQLi app allows attackers to perform SQL Injection on a target URL. You just need to find a target URL and this tool will start the fully automated SQL Injection attack.

                     Download

18. AppUse

AppUse is a Virtual Machine developed by AppSec Labs. It is a freely available mobile application security testing platform that comes with lots of custom made tools by AppSec Labs. If you want to sue your Android phone as your penetration testing tool, this one is for you.

                   Download

19. Network Spoofer

Network Spoofer is also a good hacking app for android. It lets you change the website on other people's computer from your Android phone. Connect to a WiFI network and then choose a spoof to use with the app. this tool is to demonstrate how vulnerable a network is. Do not try this on any unauthorized networks.

                 Download

20. DroidSheep Guard

As the name suggests, DroidSheep Guard works against DroidSheep. It monitors Android devices' ARP-table and tries to detect ARP-Spoofing attack on your network. It does not require a rooted device.

               Download


@EVERYTHING NT


More info
Posted by at No comments:

"I Am Lady" Linux.Lady Trojan Samples



Bitcoin mining malware for Linux servers - samples
Research: Dr. Web. Linux.Lady

Sample Credit:  Tim Strazzere

MD5 list:

0DE8BCA756744F7F2BDB732E3267C3F4
55952F4F41A184503C467141B6171BA7
86AC68E5B09D1C4B157193BB6CB34007
E2CACA9626ED93C3D137FDF494FDAE7C
E9423E072AD5A31A80A31FC1F525D614



Download. Email me if you need the password.
Related articles
Posted by at No comments:

BurpSuite Introduction & Installation



What is BurpSuite?
Burp Suite is a Java based Web Penetration Testing framework. It has become an industry standard suite of tools used by information security professionals. Burp Suite helps you identify vulnerabilities and verify attack vectors that are affecting web applications. Because of its popularity and breadth as well as depth of features, we have created this useful page as a collection of Burp Suite knowledge and information.

In its simplest form, Burp Suite can be classified as an Interception Proxy. While browsing their target application, a penetration tester can configure their internet browser to route traffic through the Burp Suite proxy server. Burp Suite then acts as a (sort of) Man In The Middle by capturing and analyzing each request to and from the target web application so that they can be analyzed.











Everyone has their favorite security tools, but when it comes to mobile and web applications I've always found myself looking BurpSuite . It always seems to have everything I need and for folks just getting started with web application testing it can be a challenge putting all of the pieces together. I'm just going to go through the installation to paint a good picture of how to get it up quickly.

BurpSuite is freely available with everything you need to get started and when you're ready to cut the leash, the professional version has some handy tools that can make the whole process a little bit easier. I'll also go through how to install FoxyProxy which makes it much easier to change your proxy setup, but we'll get into that a little later.

Requirements and assumptions:

Mozilla Firefox 3.1 or Later Knowledge of Firefox Add-ons and installation The Java Runtime Environment installed

Download BurpSuite from http://portswigger.net/burp/download.htmland make a note of where you save it.

on for Firefox from   https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


If this is your first time running the JAR file, it may take a minute or two to load, so be patient and wait.


Video for setup and installation.




You need to install compatible version of java , So that you can run BurpSuite.

Related news


Posted by at No comments:

How To Protect Your Private Data From Android Apps

protect-private-data-from-apps
In android there is lots of personal data that can be accessed by any unauthorized apps that were installed on the device. This is just because your Android data is openly saved in your file explorer that is not encrypted or protected by encryption method, so, even normal app can also hijack your data very easily as the media access permissions are granted when you click on accept button while installing the apps. And this may be endangering the private data that you might not want to share with anyone. So here we have a cool way that will help you to make your data private by disallowing the apps to access your media files without your permission. So have a look on complete guide discussed below to proceed.

How To Protect Your Private Data From Android Apps

The method is quite simple and just need a rooted android device that will allow the Xposed installer to run on the device. And after having the Xposed installer you will be using an Xposed module to disallow the apps to have access to your personal or say private data. For this follow the guide below.

Steps To Protect Your Private Data From Android Apps:

Step 1. First of all, you need a rooted android as Xposed installer can only be installed on a rooted android, so Root your android to proceed for having superuser access on your android.
Step 2. After rooting your Android device you have to install the Xposed installer on your android and thats quite lengthy process and for that, you can proceed with our Guide to Install Xposed Installer On Android.Xposed Installer
Step 3. Now after having an Xposed framework on your Android the only thing you need is the Xposed module that is DonkeyGuard – Security Management the app that will allow you to manage the media access for apps installed on your device.
Step 4. Now install the app on your device and after that, you need to activate the module in the Xposed installer. Now you need to reboot your device to make the module work perfectly on your device.
Step 5. Now launch the app and you will see all the apps that are currently installed on your device.
privacy 1
Step 6. Now edit the media permission for the apps that you don't want to have access to your media with private data.privacy 2
That's it, you are done! now the app will disallow the media access to that apps.

Manually Checking App Permission

Well, our Android operating system offers a nice feature in which we can manage a single app's permission. However, you need to have Android 6.0 Marshmallow or a newer version to get the option.
Step 1. First of all, open Settings and then tap on 'Apps'.
Manually Checking App Permission
Manually Checking App Permission
Step 2. Now you will see the list of apps that are currently installed on your Android smartphone. Now you need to select the app, and then you will see 'Permissions.'
Manually Checking App Permission
Manually Checking App Permission
Step 3. Now it will open a new window, which will show you all permissions that you have granted to the app like Camera access, contacts, Location, microphone, etc. You can revoke any permissions as per your wish.
Manually Checking App Permission
Manually Checking App Permission
Well, the same thing you need to perform if you feel that you have installed some suspicious app on your Android. By this way, you can protect your private data from Android apps.
Related news

  1. Hacking Academy
  2. Hacking Software
  3. Bluetooth Hacking
  4. Hacker Etico
  5. Paginas Para Hackear
  6. Herramientas Hacking
  7. Kali Linux Hacking
Posted by at No comments:

DOWNLOAD OCTOSNIFF 2.0.3 FULL VERSION – PLAYSTATION AND XBOX IP SNIFFER

OctoSniff is a network research tool that allows you to determine information about all the other players you're playing with. It is compatible with PS, XBox 360 and XBox One. It has many other features that make it a great sniffing tool. Some people think it might be a tool like Wireshark or Cain n Abel. No, it's not a tool like that. It simply sniffs players that let you know who's really playing. Download OctoSniff 2.0.3 full version. It's only for educational purposes to use.

FEATURES

  • VPN Optimized
  • Supports Wireless & Wired Spoofing
  • Detects Geo IP and Complete Location
  • Searches Usernames of Players in the Lobby
  • Really easy to setup

DOWNLOAD OCTOSNIFF 2.0.3 FULL VERSION

More articles


  1. Tools For Hacking Wifi
  2. Experto En Seguridad Informática
  3. Curso Growth Hacking
  4. Google Hacking Database
  5. Que Es El Hacking
  6. Como Hacer Hacker
  7. Udemy Hacking
  8. Sdr Hacking
Posted by at No comments:

USE OF CRYPTOGRAPHY IN HACKING

WHAT IS CRYPTOGRAPHY?

The process of transforming information into nonhuman readable form or vice versa is called cryptography.

Cryptography is the science of ciphering and deciphering messages.

                 
                            OR

Cryptography is a method of protecting information and communication through the use of codes so that only those whom the information is intended can read and process it.

In Computer Science, cryptography refers to secure information and communication techniques derived from mathematical concepts , a set of rule based calculations called algorithm to transform message in ways the hard to readable for human.


Information plays a vital role in running of business and organizations etc, information in the wrong hands can leads to loss of business.

To secure communication organizations use cryptology to cipher information .





Related news


  1. Growth Hacking Definicion
  2. Grey Hat Hacking
  3. Hacking Background
Posted by at No comments:

Thursday, May 7, 2020

TOP ANDROID HACKING TOOLS OF 2018

An Android remote administration tool (RAT) is a programmed tool that allows a remote device to control a smartphone as if they have physical access to that system. While screen sharing and remote administration have many legal uses, "RAT" software is usually associated with the unauthorized or malicious activity. I have streamlined here top android hacking tools of 2018.

TOP ANDROID HACKING TOOLS OF 2018

Here are the most advanced in functionality top android hacking tools of 2018.

1. DROIDJACK

DroidJack gives you the power to establish control over your beloveds' Android devices with an easy to use GUI and all the features you need to monitor them. It has many advanced features that you can perform over the remote smartphone. DroidJack is one of the top lists as it also has the functionality to read/write WhatsApp messages.

You can also follow a step by step tutorial on how to hack smartphone remotely using droidjack.

2. OMNIRAT

OmniRAT is the super powerful multi-OS remote administration tool that can a smartphone either using a smartphone or using a Windows or Mac PC. It has a huge list of features that make it very powerful. It can make calls through that smartphone remotely. It's completely fully undetectable.

3. ANDRORAT

AndroRat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server. The name AndroRat is a mix of Android and RAT (Remote Access Tool). It was developed as a project by the university students, which works great for hacking into Android devices.

You can also follow a step by step tutorial on how to hacking a smartphone remotely using androrat.

4. SPYNOTE

SpyNote is a lightweight Android remote administration tool (RAT) to hack into a smartphone device remotely. It gives you the power to establish control over Android devices with an easy to use GUI and all the features you need to monitor them. Build a custom APK or bind the payload to an already existing APK such as a game or social media app.

You can also follow a step by step tutorial on how to hack any android phone remotely with spynote.

5. AHMYTH

AhMyth is a powerful android remote administrator tool that gives you the power to establish control over your beloveds' android devices with an easy to use GUI and all the features you need to monitor them.

These are all the top android hacking tools of 2018. There are also many other rats but these are the most advanced in tech and features. There may appear few more that can compete these and make a place to be in the top android list.
More info

  1. Hacking Growth Pdf
  2. Libro Hacker
  3. Aprender A Ser Hacker
  4. Hacking Forums
  5. Growth Hacking
  6. Hacking Aves
Posted by at No comments:

Hacking PayPal's Express Checkout



Do you know what is happening in the background when you buy something in an online shop using PayPal?

In this post we will tackle the following problems:
  • How can PayPal's API be tested?
  • How does PayPal's Express Checkout work? You can find the detailed report here.
  • How can we debit more money than authorized?

How PayPal's API can be tested?

PayPal's Sandbox API

PayPal offers a feature called PayPal Sandbox Accounts, which mimics the production API. The basic idea is that a normal user/shop can test the API and make transactions without actually transferring money. This is the perfect tool for developers to test their API integration.

Access to all messages

The next question is how to get access to all messages. All browser-related messages can be inspected, intercepted, and modified via BurpSuite. The main problem here is how to get access to the server-to-server exchanged messages: the messages exchanged between PayPal and a shop. In order to solve this problem, we deployed our own shop. For this purpose we used Magento, which already has a PayPal integration.
Once we have our own controlled shop, we can enforce Magento to send all request through a proxy.
In the following picture you can see our setup.

Test suite for analyzing PayPal's API [1]

In order to capture the traffic between our Magento hhop and PayPal we proceeded as follows:
  • We configured Magento to use a proxy running on localhost:8081.
  • We connected the proxy port on the virtual machine with our local machine via SSH remote port forwarding by issuing the following command
    ssh -N -R 8081: localhost :8081 <IP of Magento shop>
  • We configured BurpSuite running on our local machine to listen on Port 8081 for incoming requests.
Now, we were able to see the entire traffic.
Please note that we uses our own, custom Magento shop in order to be able to test Paypal's API.

PayPal's Express Checkout

An overview of the checkout procedure is depicted in the following:

PayPal's Express Checkout [2]




Step 1: Magento tells the PayPal API where to redirect the user after authorizing the transaction via the parameter RETURNURL and requests a token for this transaction.
Step 2: The PayPal API provides Magento with the token.
Step 3: Magento redirects the user to PayPal's website. The redirect contains the token from the previous step.
Step 4:  The user authorizes the transaction. As a result, he will be redirected back to Magento (RETURNURL) with the token.
Step 5: Magento issues a request to the PayPal API to get the transaction details.

Step 6: Magento signals the PayPal API to execute the transaction.

Step 7: Magento serves the success page.

A more detailed view of the protocol and all parameters is shown on page 16 in the full version. We will concentrate only on step 6 and the parameters relevant for the attack.

The Attack

The goal of the attack is to let a shop (in our case Magento) debit more money than authorized by the PayPal user. The core of the attack is Step 6 -- DoExpressCheckoutPayment. Let's get a deeper look at this message:

Magento can raise the authorized amount and debit more money from the user's account

  • The shop sends the token, which was issued in the first step of the protocol and identifies uniquely the transaction through all steps. 
  • The PayerID referring to the user that authorized the payment.
  • The AMT defining the amount, which will be transferred.
  • The API Credentials authenticating Magento on PayPal.
  • The Version pointing to the release number of the API.

As one can imagine, the core problem we found was the change of the AMT parameter. This value can be freely chosen by the shop, despite the fact that the user has authorized a different amount.

We tested only the SandBox API, but refused to test the production API in order to avoid problems. We promptly contacted PayPal's security team and described the problem hoping that PayPal can and will test the production API against the attack.

The response of PayPal can be summarized as follows:
  • We don't get any BugBounty since we only tested the Sanbox API. (Fair enough)
  • In the Production API PayPal this flexibility is a wanted feature. Thus, PayPal allows a merchant to charge for shipping and/or other expenses different amounts. Any malicious behavior can be detected by PayPal. In case of fraudulent charges the consumer are protected by the Buyer Protection policy.
... but the Sandbox API was nevertheless fixed.

Authors of this Post

Daniel Hirschberger
Vladislav Mladenov
Christian Mainka (@CheariX)



[1] BurpSuite Logo
[2] PayPal Express Checkout

More info


  1. El Mejor Hacker Del Mundo
  2. Codigo Hacker
  3. Libro Hacking Etico
  4. Hacking Etico
  5. Hacking Kali Linux
  6. El Mejor Hacker
  7. Tecnicas De Hacking
  8. Tutoriales Hacking
  9. Como Aprender A Hackear Desde Cero
  10. Hacking Hardware Tools
  11. Hacking To The Gate
  12. Growth Hacking Tools
  13. Hacking Course
Posted by at No comments:

HACK SNAPCHAT ACCOUNT BY MAC SPOOFING

In the last article, I have discussed a method on how to hack SnapChat account using SpyStealth Premium App. In this article, I am gonna show you an advanced method that how to hack SnapChat account by mac spoofing. It works same as WhatsApp hacking by mac spoofing. It's a bit more complicated than the last method discussed and requires proper attention. It involves the spoofing of the mac address of the target device. Let's move on how to perform the attack.

HOW TO HACK SNAPCHAT ACCOUNT BY MAC SPOOFING?

Note: This method will work if SnapChat is created on a phone number.
Here I will show you complete tutorial step by step of hacking the SnapChat account. Just understand each step carefully.
  1. Find out the victim's phone and note down it's Mac address. To get the mac address in Android devices, go to Settings > About Phone > Status > Wifi Mac address. And here you'll see the mac address. Just write it somewhere. We'll use it in the upcoming steps.
  2. As you get the target's mac address, you have to change your phone's mac address with the target's mac address. Perform the steps mentioned in this article on how to spoof mac address in android phones.
  3. Now install SnapChat on your phone and use victim's number while you're creating an account. It'll send a verification code to victim's phone. Just grab the code and enter it here.
  4. Once you do that, it'll set all and you'll get all chats and messages which victims sends or receives.
This method is really a good one but very difficult for the non-technical users. Only use this method if you're technical skills and have time to perform every step carefully. Otherwise, you can hack SnapChat account using Spying app.
More info
  1. Password Hacking
  2. Sean Ellis Hacking Growth
  3. Hacking Traduccion
  4. Hacking Live
  5. Google Hacking Database
  6. Certificacion Ethical Hacking
  7. Que Es El Hacking
  8. Hacking Tor Whatsapp
  9. Hacking Microsoft
  10. Hacking Ético
Posted by at No comments:

Wednesday, May 6, 2020

How To Hack Facebook By Social Engineering Attack

This video is specially for educational purpose only. I'm not responsible for your any illegal activity. Thanks!

 Social Engineering Attack

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The purpose of this video tutorial is to show you How hackers hacked any thing by Social Engineering Attack.

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.

Kali Linux has many tools for doing social engineering attacks. Setoolkit is the most powerful tool in Kali Linux to do a social engineering attacks over the same and different networks. 

Social Engineering over the same network requires the local IP address of your system just like this one 192.168.1.2. Now how you can get your local IP address from your system. To find local IP address just open up your terminal in Linux distribution:

Type: ifconfig wlan0 (if you are using WiFi)
Type: ifconfig eth0 (if you are using eth0)
Type: ifconfig (It display all information about your network)

Now you've another thing to do is that you just have to clone a web page you wanna clone like Facebook, g-mail, twitter etc. Similarly, If you wanna clone a facebook page so for this you just have to type www.facebook.com over your system's terminal for cloning a login page for Social Engineering attack.Still If you don't know how to do that so don't be worry, I did all the process practically in the below just go down and watch it!