Cartero: a complete phishing framework

With a lot of modules and a good CLI interface

Cartero is a phishing framework with a full featured CLI interface with a modular structure divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…).
Each sub-command can be configured and automated.

The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.

The usage is really simple, for example you can clone the Gmail.com interface:

❯❯❯ ./cartero Cloner --url https://gmail.com --path /tmp --webserver gmail_com
❯❯❯ ./cartero Listener --webserver /tmp/gmail_com -p 80
Launching mongodb
Puma starting in single mode...
* Version 2.8.2 (ruby 2.1.1-p76), codename: Sir Edmund Percival Hillary
* Min threads: 4, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
Use Ctrl-C to stop

And once the cloned site is up and running we can simply use the Mailer command to send templated emails to the victims:

❯❯❯ ./cartero Mailer --data victims.json --server gmail_com --subject "Internal Memo" --htmlbody email_html.html --attachment payload.pdf --from "John Doe <[email protected]>"
Sending [email protected]
Sending [email protected]
Sending [email protected]

Installation

The installation process is pretty simple, just one command line:

curl -L https://raw.githubusercontent.com/Section9Labs/Cartero/master/data/scripts/setup.sh | bash

that automagically installs Ruby, MongoDB and all dependencies.

Usage: cartero [options]
List of Commands:
    Cloner, Listener, Twilio, IMessage, GoogleVoice, Servers, MSFRpcd, BeefConsole, AdminWeb, Update, AdminConsole, LinkedIn, Xmpp, WebMailer, Mailer, Templates, DNSServer, LetsEncrypt, Mongo
List of Payloads:
    SMBRedirect, VeilEvasion, Beef, MSFVenom
Global options:
        --proxy [HOST:PORT]          Sets TCPSocket Proxy server
    -c, --config [CONFIG_FILE]       Provide a different cartero config file
    -v, --[no-]verbose               Run verbosely
    -p [PORT_1,PORT_2,..,PORT_N],    Global Flag to set Mailer and Webserver ports
        --ports
    -m, --mongodb [HOST:PORT]        Global flag to Set MongoDB bind_ip and port
    -d, --debug                      Sets debug flag on/off
        --editor [EDITOR]            Edit Server
Common options:
        --list-commands              Prints list of commands for bash completion
        --commands-table             Prints list of commands details
        --list-payloads              Prints list of payloads for bash completion
        --payloads-table             Prints list of payloads details
    -h, --help [COMMAND]             Show this message
        --list-options               Show list of long available options
        --list-short-options         Show list of short available options
        --version                    Shows cartero CLI version

More information and documentation

http://section9labs.github.io/Cartero/

Comments