Super organized and flexible script for sending phishing campaigns.
Features
- Sends to a single email
- Sends to lists of emails (text)
- Sends to lists emails with first, last name (csv)
- Supports attachments
- Splits emails in groups
- Delays sending emails between each group
- Support Tags to be placed and replaced in the message's body
- Add {{name}} tag into the HTML message to be replaced with name (used with --to CSV).
- Add {{track-click}} tag to URL in the HTML message.
- Add {{track-open}} tag into the HTML message.
- Add {{num}} tag to be replaced with a random phone number.
- Supports individual profiles for different campaigns to avoid mistakes and confusion.
- Supports creating database for sent emails, each email with its unique hash (useful with getCabrito)
- Supports dry test, to run the script against your profile without sending the email to test your campaign before the launch.
Qs & As
Why not use goPhish?
goPhish is a gerat choice too. But I prefer flexibility and simplicity at the same time. I used goPhish various times but at somepoint, I'm either find it overwhelming or inflexible.
Most of the time, I don't need all these statistics, I just need a flixable way to prepare my phishing campaigns and send them. Each time I use goPhish I've to go and check the documentations about how to add a website, forward specific requests, etc. So I created goCabrito and getCabrito.
getCabrito optionally generates unique URL for email tracking.
- Email Opening tracking: Tracking Pixel
- Email Clicking tracking
by generate a hash for each email and append it to the end of the URL or image URL and store these information along with other things that are useful for getCabrito to import and servering. This feature is the only thing connects goCabrito with getCabrito script, so no panic!.
What's with the "Cabrito" thing?
It's just a name of once of my favorit resturants and the name was chosen by one of my team.
Prerequisites
Install gems' dependencies
sudo apt-get install build-essential libsqlite3-dev
Install gems
Usage
sqlite database file (contains emails & its tracking hashes) to be imported by 'getCabrito' server. --dry Dry test, no actual email sending. -h, --help Show this message. Usage: goCabrito.rb <OPTIONS> Examples: $goCabrito.rb -s smtp.office365.com:587 -u [email protected] -p [email protected] \ -f [email protected] -t targets1.csv -c targets2.lst -b targets3.lst \ -B msg.html -S "This's title" -a file1.docx,file2.xlsx -g 3 -d 10 $goCabrito.rb --profile prf.json">
goCabrito.rb — A simple yet flexible email sender.Help menu:
-s, --server HOST:PORT SMTP server and its port.
e.g. smtp.office365.com:587
-u, --user USER Username to authenticate.
e.g. [email protected]
-p, --pass PASS Password to authenticate
-f, --from EMAIL Sender's email (mostly the same as sender email)
e.g. [email protected]
-t, --to EMAIL|LIST|CSV The receiver's email or a file list of receivers.
e.g. [email protected] or targets.lst or targets.csv
The csv expected to be in fname,lname,email format without header.
-c, --copy EMAIL|LIST|CSV The CC'ed receiver's email or a file list of receivers.
-b, --bcopy EMAIL|LIST|CSV The BCC'ed receiver's email or a file list of receivers.
-B, --body MSG|FILE The mail's body string or a file contains the body (not attachements.)
For click and message opening and other trackings:
Add {{track-click}} tag to URL in the HTML message.
eg: http://phisher.com/file.exe/{{track-click}}
Add {{track-open}} tag into the HTML message.
eg: <html><body><p>Hi</p>{{track-open}}</body></html>
Add {{name}} tag into the HTML message to be replaced with name (used with --to CSV).
eg: <html><body><p>Dear {{name}},</p></body& gt;</html>
Add {{num}} tag to be replaced with a random phone number.
-a, --attachments FILE1,FILE2 One or more files to be attached seperated by comma.
-S, --subject TITLE The mail subject/title.
--no-ssl Do NOT use SSL connect when connect to the server (default: false).
-g, --groups NUM Number of receivers to send mail to at once. (default all in one group)
-d, --delay NUM The delay, in seconds, to wait after sending each group.
-P, --profile FILE A json file contains all the the above settings in a file
-D, --db FILE Create a sqlite database file (contains emails & its tracking hashes) to be imported by 'getCabrito' server.
--dry Dry test, no actual email sending.
-h, --help Show this message.
Usage:
goCabrito.rb <OPTIONS>
Examples:
$goCabrito.rb -s smtp.office365.com:587 -u [email protected] -p [email protected] \
-f [email protected] -t targets1.csv -c targets2.lst -b targets3.lst \
-B msg.html -S "This's title" -a file1.docx,file2.xlsx -g 3 -d 10
$goCabrito.rb --profile prf.json
How you really use it?
- I create directory for each customer
- Under the customer's directory, I create a directory for each campaign. This sub directory contains
- The profile
- The To, CC & BCC lists in CSV format
- The message body in HTML format
- I configure the profile and prepare my HTML
- Execute the campaign profile in
dry
mode first (check the profile filedry
value)
ruby goCabrito.rb -P CUSTOMER/3/camp3.json --dry
- I remove the
--dry
switch and make sure thedry
value isfalse
in the config file - Send to a test email
- Send to the real lists
Troublesheooting
SMTP authentication issues
Nowadays, many cloud-based email vendors block SMTP authentication by default (e.g. Office365, GSuite). This of course will cause an error. To solve this, here are some steps to help you enabling AMTP authentication on different vendors.
Enable SMTP Auth Office 365
To globally enabling SMTP Auth, use powershell.
- Support SSL For Linux/Nix (run pwsh as sudo required)
- Install PSWSMan
Install-Module -Name PSWSMan -Scope AllUsers
Install-WSMan
- Install ExchangeOnline Module
Install-Module -Name ExchangeOnlineManagement
- Load ExchangeOnline Module
Import-Module ExchangeOnlineManagement
- Connect to Office365 exchange using the main admin user, it will prompt you to enter credentials.
Connect-ExchangeOnline -InlineCredential
The above command will prompt you to enter Office365 admin's credentials
PowerShell credential request
Enter your credentials.
User: [email protected]
Password for user [email protected]: **********
- Or us this to open web browser to enter your credentils incase of 2FA.
- Enable SMTP AUTH Gloabally
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
- To Enable for SMTP Auth for specific email
Set-CASMailbox -Identity [email protected] -SmtpClientAuthenticationDisabled $false
Get-CASMailbox -Identity [email protected] | Format-List SmtpClientAuthenticationDisabled
- Confirm
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
Then follow the following steps
- Go to Asure portal (https://aad.portal.azure.com/) from admin panel (https://admin.microsoft.com/)
- Select All Services
- Select Tenant Properties
- Click Manage Security defaults
- Select No Under Enable Security defaults
- Resources
- Enable or disable SMTP AUTH | Microsoft Docs
- Azure Active Directory security defaults | Microsoft Docs
- Exchange online plan 1 504 5.7.4 Unrecognized authentication type - Microsoft Q&A
- How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs
Google GSuite
Contribution
- By fixing bugs
- By enhancing the code
- By reporting issues
- By requesting features
- By spreading the script
- By click star :)