Menu

Cartero – Social Engineering Framework

Comments Off on Cartero – Social Engineering Framework

A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.

Cartero is a modular project divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). In addition each sub-command has repeatable configuration options to configure and automate your work.

For example, if we wanted to clone gmail.com, we simply have to perform the following commands.

./cartero Cloner --url https://gmail.com --path /tmp --webserver gmail_com
./cartero Listener --webserver /tmp/gmail_com -p 80
Launching mongodb
Puma starting in single mode...
* Version 2.8.2 (ruby 2.1.1-p76), codename: Sir Edmund Percival Hillary
* Min threads: 4, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
Use Ctrl-C to stop

Once we have a site up and running we can simply use the Mailer command to send templated emails to our victims:

./cartero Mailer --data victims.json --server gmail_com --subject "Internal Memo" --htmlbody email_html.html --attachment payload.pdf --from "John Doe <jdoe@company.com>"
Sending victim1@company.com
Sending victim2@company.com
Sending victim3@company.com

 

Installation

Automated Installation

Using brew 2.1.5 ruby as default ruby library

curl -L https://raw.githubusercontent.com/Section9Labs/Cartero/master/data/scripts/setup.sh | bash

 

Dependencies:

Ruby, Mongodb

 

Framework

git clone https://github.com/section9labs/Cartero
cd Cartero
gem install bundle
bundle install
cd bin

 

Usage

Commands

Cartero is a very powerful easy to use CLI.

./cartero
Usage: cartero [options]

List of Commands:
    AdminConsole, AdminWeb, Mailer, Cloner, Listener, Servers, Templates

Global options:
        --proxy [HOST:PORT]          Sets TCPSocket Proxy server
    -c, --config [CONFIG_FILE]       Provide a different cartero config file
    -v, --[no-]verbose               Run verbosely
    -p [PORT_1,PORT_2,..,PORT_N],    Global Flag fo Mailer and Webserver ports
        --ports
    -m, --mongodb [HOST:PORT]        Global Flag fo Mailer and Webserver ports
    -d, --debug                      Sets debug flag on/off
        --editor [EDITOR]            Edit Server


Common options:
    -h, --help [COMMAND]             Show this message
        --list-commands              Prints list of commands for bash completion
        --version                    Shows cartero CLI version

 

Social Engineering Framework: Cartero Download

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Menu
Live Chat
RESOURCES
Menu
Get Started
TOOLBOX
Menu
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Instagram Youtube
Do NOT follow this link or you will be banned from the site!