A robust Phishing Framework with a full-featured CLI interface. The project was born out of necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.
Cartero is a modular project divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). In addition, each sub-command has repeatable configuration options to configure and automate your work.
For example, if we wanted to clone gmail.com, we simply have to perform the following commands.
❯❯❯ ./cartero Cloner --url https://gmail.com --path /tmp --webserver gmail_com
❯❯❯ ./cartero Listener --webserver /tmp/gmail_com -p 80
Launching mongodb
Puma starting in single mode...
* Version 2.8.2 (ruby 2.1.1-p76), codename: Sir Edmund Percival Hillary
* Min threads: 4, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
Use Ctrl-C to stop
Once we have a site up and running we can simply use the Mailer command to send templated emails to our victims:
Installation
❯❯❯ git clone https://github.com/section9labs/Cartero
❯❯❯ cd Cartero
❯❯❯ gem install bundle
❯❯❯ bundle install
❯❯❯ cd bin
Usage
❯❯❯ ./cartero
Usage: cartero [options]
List of Commands:
AdminConsole, AdminWeb, Mailer, Cloner, Listener, Servers, Templates
Global options:
--proxy [HOST:PORT] Sets TCPSocket Proxy server
-c, --config [CONFIG_FILE] Provide a different cartero config file
-v, --[no-]verbose Run verbosely
-p [PORT_1,PORT_2,..,PORT_N], Global Flag fo Mailer and Webserver ports
--ports
-m, --mongodb [HOST:PORT] Global Flag fo Mailer and Webserver ports
-d, --debug Sets debug flag on/off
--editor [EDITOR] Edit Server
Common options:
-h, --help [COMMAND] Show this message
--list-commands Prints list of commands for bash completion
--version Shows cartero CLI version
