goCabrito is a super organized and flexible script for sending phishing campaigns.
Prerequisites
Install gems’ dependencies
sudo apt-get install build-essential libsqlite3-dev
Install gems
gem install mail sqlite3
Usage
goCabrito.rb — A simple yet flexible email sender.
Help menu:
-s, –server HOST:PORT SMTP server and its port.
e.g. smtp.office365.com:587
-u, –user USER Username to authenticate.
e.g. user@domain.com
-p, –pass PASS Password to authenticate
-f, –from EMAIL Sender’s email (mostly the same as sender email)
e.g. user@domain.com
-t, –to EMAIL|LIST|CSV The receiver’s email or a file list of receivers.
e.g. user@domain.com or targets.lst or targets.csv
The csv expected to be in fname,lname,email format without header.
-c, –copy EMAIL|LIST|CSV The CC’ed receiver’s email or a file list of receivers.
-b, –bcopy EMAIL|LIST|CSV The BCC’ed receiver’s email or a file list of receivers.
-B, –body MSG|FILE The mail’s body string or a file contains the body (not attachements.)
For click and message opening and other trackings:
Add {{track-click}} tag to URL in the HTML message.
eg: http://phisher.com/file.exe/{{track-click}}
Add {{track-open}} tag into the HTML message.
eg:Hi{{track-open}}
Add {{name}} tag into the HTML message to be replaced with name (used with –to CSV).
eg:Dear {{name}},
Add {{num}} tag to be replaced with a random phone number.
-a, –attachments FILE1,FILE2 One or more files to be attached seperated by comma.
-S, –subject TITLE The mail subject/title.
–no-ssl Do NOT use SSL connect when connect to the server (default: false).
-g, –groups NUM Number of receivers to send mail to at once. (default all in one group)
-d, –delay NUM The delay, in seconds, to wait after sending each group.
-P, –profile FILE A json file contains all the the above settings in a file
-D, –db FILE Create a sqlite database file (contains emails & its tracking hashes) to be imported by ‘getCabrito’ server.
–dry Dry test, no actual email sending.
-h, –help Show this message.
Usage:
goCabrito.rb
Examples:
$goCabrito.rb -s smtp.office365.com:587 -u user1@domain.com -p P@ssword1 \
-f user1@domain.com -t targets1.csv -c targets2.lst -b targets3.lst \
-B msg.html -S “This’s title” -a file1.docx,file2.xlsx -g 3 -d 10
$goCabrito.rb –profile prf.json
How you really use it?
dry
mode first (check the profile file dry
value)ruby goCabrito.rb -P CUSTOMER/3/camp3.json –dry
--dry
switch and make sure the dry
value is false
in the config fileKali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…