Social-Engineering Toolkit(SET) 是一个由 David Kennedy (ReL1K)设计的社会工程学工具，该工具集成了多个有用的社会工程学攻击工具在一个统一的简单界面上。SET的主要目的是对多个社会工程攻击工具实现自动化和改良。作为一个渗透测试人员，社会工具是一个有效的攻击手段，但实际上并没有多少人使用它。目前SET更新至1.4.2版,新版主要改变如下:
    This is the official change log:
    Fixed the path to UPX in Back|Track 5 if installed to /usr/bin/upx
    Added the latest Cisco AnyConnect download and execute exploit from Metasploit
    Added a message prompt if Apache is not detected being running. If it isn’t it will now ask if you want to start it (thanks ChrisJohnRiley)
    Added auto migration into the Metasploit Client-Side attacks, previously it was only for Java Applet (thanks ChrisJohnRiley)
    Changed the iframe width and height to be 100/100 to have better clips on Adobe PDF exploits (thanks ChrisJohnRiley)
    Changed dnsspoof path to be reflective of Back|Track 5
    Added support for Yahoo and Hotmail, you can now configure it in the set_config file at the very bottom as EMAIL_PROVIDER
    Changed the location of airbase-ng to be Back|Track 5 compliant
    Fixed a child exception error when using the mass mailer and not selecting the listener
    Handled mkdir commands better if directory was already there
    Added multi-threaded support to the spear-phishing attack vector when sending emails out
    Fixed a bug that caused the report generator in credential harvester to fail and not report findings accurately
    Fixed a bug where visit statistics were not properly showing up in the exported report
    Fixed a bug where using webjacking would not load index2.html properly when site had been jacked due to new logging added in the report_harvester and do_GET() handlers
    Fixed a bug where using webjacking and java applet attack would not load java applet because of the new do_GET() handler, it now loads properly
工具下载：http://www.secmaniac.com/download/