explaingit

trustedsec/social-engineer-toolkit

Analysis updated 2026-06-24

14,859PythonAudience · ops devopsComplexity · 4/5Setup · moderate

TLDR

SET is an open source penetration-testing framework focused on social-engineering attacks like phishing pages and payload delivery, for authorized security tests only.

Mindmap

mindmap
  root((set))
    Inputs
      Target URLs
      Attack templates
      Operator choices
    Outputs
      Cloned phishing pages
      Payload binaries
      Captured credentials
    Use Cases
      Run sanctioned phishing tests
      Train staff awareness
      Red team simulations
    Tech Stack
      Python
      Linux
      Kali
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run an authorized phishing simulation against staff to measure click and credential rates.

USE CASE 2

Generate a cloned login page and capture submitted credentials during a sanctioned red-team engagement.

USE CASE 3

Bundle a payload with a believable pretext as part of a contracted penetration test.

USE CASE 4

Train new security testers on social-engineering attack patterns inside a contained lab.

What is it built with?

PythonLinuxKali

How does it compare?

trustedsec/social-engineer-toolkitllmware-ai/llmwarewaditu/tushare
Stars14,85914,86014,878
LanguagePythonPythonPython
Last pushed2026-05-17
MaintenanceMaintained
Setup difficultymoderatemoderateeasy
Complexity4/54/52/5
Audienceops devopsdeveloperdata

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Linux is the supported path, macOS is experimental and Apple Silicon needs a Python venv before pip install.

In plain English

The Social-Engineer Toolkit, known as SET, is an open source framework for penetration testing focused on social engineering attacks. Social engineering is the practice of tricking people, rather than directly attacking software, to get them to give up information or run something they should not. The project is written and maintained by David Kennedy, who works at TrustedSec, an information security consulting firm based in Cleveland, Ohio. The README is short and mostly covers what the tool is and how to install it. It says SET ships with a set of custom attack templates that let a tester build a believable simulated attack quickly. There is a strong disclaimer at the top: the tool is intended only for security testing with explicit written consent from the target, and using it outside that scope is not allowed. Supported platforms are Linux and Mac OS X, with the Mac support marked as experimental. On a Mac with Apple Silicon the instructions tell you to use a Python virtual environment before installing. Installation on Linux is by cloning the repo, running pip3 install -r requirements.txt, then python setup.py. On Kali Linux running under Windows WSL the README says you can install it with sudo apt install set. There is a separate user manual provided as a PDF in the repo, linked from the README.

Copy-paste prompts

Prompt 1
Install SET in a clean Kali VM and walk me through running a phishing simulation against a test inbox I control.
Prompt 2
Set up SET on macOS with Apple Silicon inside a Python virtual environment and list every menu option in the main UI.
Prompt 3
Build a small lab with two VMs where SET clones a login page on one and a test victim on the other browses it.
Prompt 4
Write a checklist of consent, scope, and logging steps to follow before launching any SET attack template on a client.
Prompt 5
Compare SET phishing templates with GoPhish for a one-week internal awareness campaign and pick the better fit.

Frequently asked questions

What is social-engineer-toolkit?

SET is an open source penetration-testing framework focused on social-engineering attacks like phishing pages and payload delivery, for authorized security tests only.

What language is social-engineer-toolkit written in?

Mainly Python. The stack also includes Python, Linux, Kali.

How hard is social-engineer-toolkit to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is social-engineer-toolkit for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.