Ready to start a project with us? Let us know what's on your mind.

1501 Broadway STE 12060
New York, NY 10036-5601

    Select Service(s)*

    x Close


    Social engineering is the art of manipulating people into divulging confidential information or performing actions that they would not ordinarily do. Social engineers use psychological manipulation techniques to gain access to sensitive information, networks, or physical spaces. One of the most popular tools used by social engineers is the Social Engineer’s Toolkit (SET).

    The Toolkit
    The Social Engineer’s Toolkit (SET) is an open-source tool created by David Kennedy, which is designed to facilitate social engineering attacks. SET is a powerful toolkit that automates a wide range of social engineering attacks, such as spear phishing, credential harvesting, website cloning, and more. SET is compatible with various operating systems, including Windows, Linux, and macOS (Figure 1).

    Social Engineer's Toolkit on Kali Linux

    Figure 1: Social Engineer’s Toolkit on Kali Linux

    SET is a highly effective tool for social engineering attacks because it provides attackers with pre-built attack vectors that can be used to launch phishing campaigns, malware attacks, and other social engineering attacks. SET automates the process of creating attack vectors, which makes it easy for even novice hackers to launch sophisticated attacks. The tool is highly customizable, and users can create their custom attack vectors using SET’s modular design (Figure 2).

    Social Engineering Attacks Submenu

    Figure 2: Social Engineering Attacks Submenu

    One of the most popular features of SET is the ability to create phishing emails that look like legitimate emails from well-known organizations. With SET, hackers can create custom phishing emails that contain convincing social engineering lures that are likely to convince victims to click on a malicious link or download a file. Once the victim clicks on the link or downloads the file, the hacker gains access to their system, allowing them to steal sensitive information or launch additional attacks.

    Another popular feature of SET is the ability to clone websites, which allows hackers to create fake login pages that look like legitimate ones. Victims who enter their login credentials into these fake login pages unknowingly provide hackers with their usernames and passwords. This information can be used to gain access to the victim’s email, social media, or other online accounts.
    SET is not just a tool for cybercriminals. Security professionals and penetration testers can use SET to test their organization’s security posture by simulating social engineering attacks. By using SET to test their organization’s defenses, security professionals can identify vulnerabilities and implement measures to prevent social engineering attacks from being successful.


    In conclusion, the Social Engineer’s Toolkit (SET) is a powerful tool that has become popular among hackers and security professionals alike. SET provides attackers with a wide range of pre-built attack vectors that can be used to launch social engineering attacks. However, it is also an essential tool for security professionals who need to test their organization’s security posture. As with any tool, it is essential to use SET responsibly and ethically, and only for legitimate purposes.

    Are your users vulnerable to social engineering attacks? Schedule a penetration test today!.