Cartero v10-9-15 : A robust Phishing Framework with a full featured CLI interface.

Cartero v10-9-15 : A robust Phishing Framework with a full featured CLI interface.

Change v-10.9.15  :
+ – smbrelayx.py support allowing remote shell attacks and replay attacks using new French Kiss Attack.
Cartero is A robust Phishing Framework with a full featured CLI interface. The project was born out necessitycartero through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.

Cartero is a modular project divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). In addition each sub-command has repeatable configuration options to configure and automate your work.

Cartero : A robust Phishing Framework with a full featured CLI interface

Cartero : A robust Phishing Framework with a full featured CLI interface

For example, if we wanted to clone gmail.com, we simply have to perform the following commands.

Once we have a site up and running we can simply use the Mailer command to send templated emails to testing victims:

Automated Installation
Using brew 1.9.3 ruby as default ruby library

Using RVM 1.9.3 ruby installation

Manual Installation
Dependencies

Framework

Usage
Commands : Cartero is a very simple to use CLI.

Cartero Basic Usage

Cartero Basic Usage


MongoDB 

This is a simple Wrapper for MongoDB that allows us to start stop the database with the corresponding commands and on the correct ~/.cartero path.

Cartero MongoDB

Cartero MongoDB



Cloner
A WebSite Cloner that allows us to download and convert a website into a Cartero WebServer application.

Listener
The listener is responsible for running the WebServer created through Cloner or a manually created site

The WebServers support ssl keys and virtual hosts across multiple IP, Hostnames, and Ports

Servers 

In order to send emails campaigns we need to setup email servers and this command allows Cartero to create, store and list servers. All data is stored in the ~/.cartero configuration directory.

Templates
Just like Servers, email campaigns also need a pre-defined Template for sending content to the victims. This module allows the attacker to keep track, create, list, and edit templates being used in their campaign.
Note: Setting templates here is not necessary and Mailer accepts a direct path to emails templates from the CLI.

Mailer
THe main command and component in the Cartero Framework — It allows Cartero to send custom templated emails to one or more email addresses

WebMailer
This command supports an alternative to SMTP / IMAP servers through send messages using known vulnerable or anonymous webmail services via web requests.

Example of webmail server for send-mail.org

IMessage
Allows Cartero, on OS X, to send iMessages to victims addresses just like emails, but these will show up on every iDevice they have registered with apple

Building Commands
Commands have a fairly simple framework. Example Framework commands are stored in Cartero/lib/cartero/commands/*.rb and ~/.cartero/commands/*.rb.

Download : Master.zip | Clone Url
Source : Cartero  | our post before