Cartero is a phishing framework with a full featured CLI interface with a modular structure divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…).
Each sub-command can be configured and automated.
The project was born out necessity through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.
The usage is really simple, for example you can clone the Gmail.com interface:
❯❯❯ ./cartero Cloner --url https://gmail.com --path /tmp --webserver gmail_com
❯❯❯ ./cartero Listener --webserver /tmp/gmail_com -p 80
Puma starting in single mode...
* Version 2.8.2 (ruby 2.1.1-p76), codename: Sir Edmund Percival Hillary
* Min threads: 4, max threads: 16
* Environment: production
* Listening on tcp://0.0.0.0:80
Use Ctrl-C to stop
And once the cloned site is up and running we can simply use the Mailer command to send templated emails to the victims:
List of Payloads:
SMBRedirect, VeilEvasion, Beef, MSFVenom
--proxy [HOST:PORT] Sets TCPSocket Proxy server
-c, --config [CONFIG_FILE] Provide a different cartero config file
-v, --[no-]verbose Run verbosely
-p [PORT_1,PORT_2,..,PORT_N], Global Flag to set Mailer and Webserver ports
-m, --mongodb [HOST:PORT] Global flag to Set MongoDB bind_ip and port
-d, --debug Sets debug flag on/off
--editor [EDITOR] Edit Server
--list-commands Prints list of commands for bash completion
--commands-table Prints list of commands details
--list-payloads Prints list of payloads for bash completion
--payloads-table Prints list of payloads details
-h, --help [COMMAND] Show this message
--list-options Show list of long available options
--list-short-options Show list of short available options
--version Shows cartero CLI version