Cartero released : A robust Phishing Framework with a full featured CLI interface.

Cartero released : A robust Phishing Framework with a full featured CLI interface.

Cartero is A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.

Cartero is a modular project divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). In addition each sub-command has repeatable configuration options to configure and automate your work.

The Latest Change :
– Added _CarteroAutoComplete script for basic Bash AutoComplete.
– Fixed OptsParser language around [non]mandatory arguments.
– Fixed minor issues on install script and added autocomplete logic.
– Added –list-short-options to all commands.
– Added beef logic to AdminWeb & AdminWebServer
– Pushing version 0.4.1

For example, if we wanted to clone, we simply have to perform the following commands.

Once we have a site up and running we can simply use the Mailer command to send templated emails to testing victims:

Automated Installation
Using brew 1.9.3 ruby as default ruby library

Using RVM 1.9.3 ruby installation

Manual Installation


Commands : Cartero is a very simple to use CLI.


This is a simple Wrapper for MongoDB that allows us to start stop the database with the corresponding commands and on the correct ~/.cartero path.

A WebSite Cloner that allows us to download and convert a website into a Cartero WebServer application.

The listener is responsible for running the WebServer created through Cloner or a manually created site

The WebServers support ssl keys and virtual hosts across multiple IP, Hostnames, and Ports


In order to send emails campaigns we need to setup email servers and this command allows Cartero to create, store and list servers. All data is stored in the ~/.cartero configuration directory.

Just like Servers, email campaigns also need a pre-defined Template for sending content to the victims. This module allows the attacker to keep track, create, list, and edit templates being used in their campaign.
Note: Setting templates here is not necessary and Mailer accepts a direct path to emails templates from the CLI.

THe main command and component in the Cartero Framework — It allows Cartero to send custom templated emails to one or more email addresses

This command supports an alternative to SMTP / IMAP servers through send messages using known vulnerable or anonymous webmail services via web requests.

Example of webmail server for

Allows Cartero, on OS X, to send iMessages to victims addresses just like emails, but these will show up on every iDevice they have registered with apple

Building Commands
Commands have a fairly simple framework. Example Framework commands are stored in Cartero/lib/cartero/commands/*.rb and ~/.cartero/commands/*.rb.

Download : Master.Zip
Section9Labs-Cartero-v0.3-18-gcc374bf.tar.gz (296 KB) (322 KB)
Source : Cartero