The Social-Engineer Toolkit (SET) is an open-source penetration testing framework developed by TrustedSec and created by David Kennedy, designed specifically for authorized social-engineering assessments. Written in Python, SET provides guided attack vectors that enable security teams to test user awareness, validate security controls, and conduct consent-based red-team exercises. The toolkit is classified across multiple security domains including social engineering, phishing, credential harvesting, penetration testing, red teaming, attack simulation, and human exploitation techniques.
SET operates as a specialized security toolkit focused on deception and human-centric attack simulation. The framework is built to support legitimate, authorized testing scenarios where explicit permission and scope have been established beforehand. The project emphasizes responsible use through its licensing terms and security documentation, requiring users to review the license before distribution and explicitly prohibiting use against systems, accounts, networks, or people without consent.
The toolkit supports deployment across Linux and macOS platforms, with experimental Windows support available through WSL or WSL2 environments running Kali or other supported Linux distributions. Current versions target Python 3.11 through Python 3.13, reflecting active maintenance and compatibility with modern Python releases. Installation options include deployment on Kali Linux and WSL systems, with a legacy system-wide installation method that places SET in /usr/local/share/setoolkit, writes configuration to /etc/setoolkit/set.config, and creates an executable at /usr/local/bin/setoolkit.
The repository demonstrates significant ongoing activity and maintenance. HackingDave, the primary creator, has logged 894 tracked events as the most active contributor, indicating sustained development and engagement with the project. Across 482 tracked issues and pull requests, the median response latency is 2514 hours, with a mean response time of 13637.5 hours, reflecting the project's volunteer-driven nature and variable response patterns. Additional contributors including ghost and bhatiaprince950-collab have participated in project maintenance, with 24 and 14 tracked events respectively.
SET provides an interactive console interface for launching attacks and includes comprehensive documentation through a full user manual available in PDF format. The toolkit can be executed directly from source checkouts, providing flexibility for users who prefer to run the latest development versions. The project maintains a formal security reporting process documented in SECURITY.md, directing vulnerability reports through responsible disclosure channels rather than public issue tracking to prevent exploitation of undisclosed vulnerabilities.
The repository's contributor network extends beyond its immediate codebase, with GitGenius identifying overlapping contributors with major projects including Microsoft's VSCode and TypeScript repositories as well as the Rust language project, suggesting that SET contributors participate in broader open-source ecosystems. Bug reports and enhancement requests are managed through the GitHub issues system, with the project requesting that users provide SET version, platform information, Python version, and reproduction steps to facilitate effective triage and resolution of reported problems.