The Social Engineering Toolkit(SET) is an open-source tool written by Trusted-Sec designed to help aid Penetration Testers in quickly conducting a variety of social engineering attacks. SET was written in python and comes installed on Kali by default.
One of the more commonly used and successful attacks is what is called a java applet attack. This attack works by tricking the target into visiting what they believe to be a site they trust and then allowing a malicious java applet embedded in the site to run. This attack works so well as many users today have been conditioned to click yes on any notification that pops up on his or her computer, so he or she can get back to what they were doing. The website spoofing can be accomplished via website cloning, using one of the built-in templates, or importing your own template.
This type of attack works by cloning the login page of a site and tricking the target into entering their login information into the site. The information is then sent back to you and the target is logged into the actual site. The site cloning works the same as it does with the java applet attack.
The Metasploit browser attack works much the same way as the last two, tricking the target into visiting what they believe to be a legitimate website, but is actually a website that will attempt to run various exploits from the Metasploit tool against the target's browser. This attack is useful when you suspect that your target may be using an outdated version of their web browser that may be vulnerable to common web exploits. This attack can be detected by anti-virus as it is attempting to run malware against the target.