Back to all tools

SET Cheatsheet

Social engineering toolkit for phishing and credential harvesting.

Star on GitHubFollow on XConnect on LinkedInJoin Discord

## 🎭 Social-Engineer Toolkit (SET) Cheatsheet

SET is an open-source Python tool used for social engineering attacks, developed by TrustedSec.

##

## βš™οΈ Installation

Method Command
Clone from GitHub git clone https://github.com/trustedsec/social-engineer-toolkit.git
Navigate to folder cd social-engineer-toolkit
Run setup sudo python3 setup.py
Launch SET sudo setoolkit

## 🏁 Starting the Toolkit

Task Command
Start the toolkit (menu) sudo setoolkit

## πŸ“‹ Main Menu Options

Option Description
1 Social-Engineering Attacks
2 Penetration Testing (Fast-Track)
3 Third Party Modules
4 Update the Social-Engineer Toolkit
5 Update SET configuration
6 Help, Credits, and About

## 🎯 Social Engineering Attack Vectors (Option 1)

Option Description
1 Spear-Phishing Attack Vectors
2 Website Attack Vectors
3 Infectious Media Generator
4 Create a Payload and Listener
5 Mass Mailer Attack
6 Arduino-Based Attack Vector
7 SMS Spoofing Attack Vector (Paid service needed)
8 Wireless Access Point Attack Vector
9 QRCode Generator Attack Vector
10 Powershell Attack Vectors
11 Third Party Modules
99 Return to Main Menu

## πŸ’Œ Spear-Phishing Attack Vectors (Option 1 > 1)

Option Description
1 Perform a Mass Email Attack
2 Create a FileFormat Payload
3 Create a Social-Engineering Template
4 Return to Main Menu

## 🌐 Website Attack Vectors (Option 1 > 2)

Option Description
1 Java Applet Attack Method
2 Metasploit Browser Exploit Method
3 Credential Harvester Attack Method
4 Tabnabbing Attack Method
5 Web Jacking Attack Method
6 Multi-Attack Web Method
7 HTA Attack Method
8 Return to Main Menu

## πŸ” Credential Harvester Setup Example

Step Command or Option
Start SET sudo setoolkit
Choose option 1 (Social-Engineering Attacks)
Choose option 2 (Website Attack Vectors)
Choose option 3 (Credential Harvester Attack)
Choose attack method Site Cloner or custom templates
Enter URL to clone e.g. https://facebook.com
SET starts web server Credentials harvested on form submission

## πŸ§ͺ Payload and Listener (Option 1 > 4)

Payload Type Example Setup Step
Windows Reverse TCP windows/meterpreter/reverse_tcp via SET wizard
Listener Port Enter desired port (e.g. 4444)
IP Address Enter attacker’s IP (e.g. 192.168.1.10)

## πŸ› οΈ Configuration File

File Path
SET config /etc/setoolkit/set.config or ~/.setoolkit/set.config
Modify settings Edit config to change default payloads, ports, etc.

## πŸ†˜ Useful Notes

  • SET is menu-driven β€” follow prompts interactively.
  • Use with Kali Linux or any Linux OS with Metasploit.
  • Requires root privileges for most features.