Social-Engineering Toolkit(SET) 是一个由 David Kennedy (ReL1K)设计的社会工程学工具，该工具集成了多个有用的社会工程学攻击工具在一个统一的简单界面上。SET的主要目的是对多个社会工程攻击工具实现自动化和改良。作为一个渗透测试人员，社会工具是一个有效的攻击手段，但实际上并没有多少人使用它。目前SET更新至1.5版,新版主要改变如下:
Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
 Added shell to support Linux/OSX for SET Interactive Shell
 Added download to support Linux/OSX for SET Interactive Shell
 Added upload to support Linux/OSX for SET Interactive Shell
 Added ps to support Linux/OSX for SET Interactive Shell
 Added kill to support Linux/OSX for SET Interative Shell
 Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
 Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
 Added better integer handling when running listener.py by itself without specifying a port
 Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
 Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
 Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
 Added reboot now into the SET interactive Shell
 Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
 Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
 Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
 Added dynamic packing to download/upload for persistence, better AV avoidance
 Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
 Added ‘clear’ and ‘cls’ in the SET Interactive Menu to remove whats in the screen, etc.
 When using the java docbase exploit, removed ‘Client Login’ for title frame, isn’t needed
 Added back command to the SET interactive shell to go back when in different menus
 Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added
工具下载:http://www.secmaniac.com/download/