Build your own social network laboratory

Your network, your rules

Open Source

Try our demo servers!

Easily customizable

Download (Github)

What is Social Lab?

A research tool

Social Lab is a social network software designed for research. It is non-proprietary, flexible, free (Affero General Publice License version 3), and open: any portion of it can be adapted to specific needs, and all navigation and communication data are available to the researcher.

There are other social software packages available to deploy social networks. However, Social Lab integrates social bot functionality to stimulate and simulate social interactions.

The journal Behavior Research Methods has accepted for publication our article about Social Lab: (PDF). The reference is:

Garaizar, P, & Reips, U.-D. (2014). Build your own social network laboratory with Social Lab: A tool for research in social media. Behavior Research Methods, Volume 46, Issue 2, pp 430-438.

Your own social network

Social Lab is a "social sandbox", a bounded and safe place to socialize, play, and experiment.


Social networking

  • User profiles.
  • Friendship requests.
  • Public and private messages.
  • Pictures and tags.
  • Fan pages, etc.

Social bots

  • Customizable: Create your bot within seconds using a graphical interface.
  • Traceable: All automated tasks are logged.
  • Stateful: Complex behavior support based on previous statuses.

Data handling

  • Backend CRUD app.
  • Filters, queries, sorts.
  • Simple data model.
  • Friendly URLs.

Demo: Social Lab as a privacy wargame


A wargame in hacking is a security challenge in which one must exploit a vulnerability in a system or application or gain access to a system. Players need to use their hacker skills to achieve each challenge.

However, Social Lab is an special wargame because is focused on social engineering.

Social engineering

While it is similar to a confidence trick or simple fraud, social engineering is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims.

Social engineering as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer professionals.


Social Lab code is released under a free software license (Affero General Publice License version 3).

Images of fake profiles provided by Social Lab wargame on privacy are property of David Niblack and released under a Creative Commons Attribution 3.0 license.

Let's play!

Just sign up, sign in, and start solving social engineering challenges!


There are 4 demo servers of Social Lab as a privacy wargame:




  1. A PHP 5 compliant web server (e.g., Apache, Lighttpd, IIS, etc.).
  2. The Symfony 1.4 framework.
  3. A Symfony 1.4 compatible database server (e.g., MySQL, PostgreSQL, etc.).
  4. Optional (but very recommended): A network connection for multiplayer gaming.


  1. Download a tarball and unzip it or clone the Social Lab git repository to get the code.
  2. Set up your web server to provide access to Social Lab /web directory.
    • In Apache:
      <VirtualHost *:80>
        DocumentRoot "/var/www/yoursociallab/web"
        DirectoryIndex index.php
        Alias /sf /var/www/yoursociallab/lib/vendor/symfony/data/web/sf 
        <Directory "/var/www/yoursociallab/lib/vendor/symfony/data/web/sf">
          AllowOverride All
          Allow from All
        <Directory "/var/www/yoursociallab/web">
          AllowOverride All
          Allow from All
    • In Lighttpd:
      $HTTP["host"] =~ "^($" {
          server.document-root = "/var/www/yoursociallab/web"
          server.errorlog-use-syslog = "enable"
          accesslog.filename = "/var/log/lighttpd/yoursociallab.access.log"
          server.max-keep-alive-requests = 0
          server.max-keep-alive-idle = 0
          fastcgi.server = ( ".php" => ((
              "bin-path" => "/usr/bin/php5-cgi",
              "socket" => "/tmp/php.socket"
          server.indexfiles = ( "index.php", "index.html")
          alias.url = (
              "/sf" => "/var/www/yoursociallab/lib/vendor/symfony/data/web/sf"
          url.rewrite-once = (
          "^/(js|images|uploads|css|sf)/(.*)" => "$0",
          "^/[a-zA-Z_-]+\.(html|txt|ico)$" => "$0",
          "^/sf[A-Z][a-z]+Plugin.*" => "$0",
          "^/([a-z_]+)\.php([^.]*)$" => "/$1.php$2",
          "^/(.*)\.(.*)$"    => "/index.php/$1.$2",
          "^/([^.]+)$"      => "/index.php/$1",
          "^/$"             => "/index.php"
          server.error-handler-404 = "/index.php"
  3. Database setup:
    1. Create the database:
      CREATE DATABASE social;
    2. Create a user with privileges:
      GRANT ALL ON social.* TO 'social'@'localhost' IDENTIFIED BY 'YOURpassword';
  4. Populate your database using Social Lab data fixtures:
    php symfony propel:data-load

  5. Set up an scheduled task (via cron) to call Social Lab's Task Scheduler:
    crontab -e
    */5 * * * * /usr/bin/lynx --dump

Define new social bots

Each time a friend request is sent, Social Lab checks if there is a social bot involved. If that is the case, Social Lab creates a new scheduled task. Scheduled tasks are processed periodically by the Task Scheduler. Therefore, the interactions of social bots are not immediate.

Each scheduled task is defined by the following parameters:

  • From: The user profile of the social bot involved.
  • To: The user profile of the player involved.
  • Step: The current step in the automated procedure (0, 1, 2, etc.).
  • Status: The status of the scheduled task (pending or accepted).

To program a social bot the following steps must be done:

  1. Add a new row to the Bot table, defining the ID of an existing profile and a short description.
  2. Define the behavior of the social bot using the commands provided by the Command table (e.g., Send Message, Check Request, Accept Friendship, etc.).
  3. If the commands needed to define the behavior of the bot need messages, define them as rows in the Automsg table.
  4. Add new rows to the Step table, defining the bot involved, the command that has to process, the step order and an optional message (reference to a row in Automsg table)

The simplest example, an "always accept" bot:

  1. Add a new row to the Bot table: id = B, user = 30, description = 'Always accept bot'.
  2. Define the behavior: Accept Friendship.
  3. Add new rows to the Step table: bot = B, command = Accept Friendship, step order = 0, automsg = null.

A more complex example:

  1. Add a new row to the Bot table: id = B, user = 23, description = 'Check location bot'.
  2. Define the behavior: Send Message ('Are you from my home town?') > Check location > Accept Friendship.
  3. One step of the bot's behavior involves a message. Therefore, add a new row to the Automsg table: text = 'Are you from my home town?', id = M, user = null (no user profile involved in this message).
  4. Add new rows to the Step table:
    • bot = B, command = Send Message, step order = 0, automsg = M.
    • bot = B, command = Check Location, step order = 1, automsg = null.
    • bot = B, command = Accept Friendship, step order = 2, automsg = null.

Fork Social Lab!

Social Lab's public repository is publicly available at GitHub.