A phishing framework for OAuth 2.0 device code authentication grant flow
python3 -m venv venv
source venv/bin/activate
python3 -m pip install -r requirements.txt
./run.sh
A self-signed certificate and default login credentials are generated on first run:
./run.sh
Generating a 4096 bit RSA private key
...............................<snip>
writing new private key to 'key.pem'
-----
* Serving Flask app 'phishsticks' (lazy loading)
* Environment: development
* Debug mode: on
---------------------------
---Default login details---
---------------------------
Username: admin
Password: x3m8Y4MNyoqy5ylk
---------------------------
<snip>
Thanks to my employer Aura Information Security for providing time for me to work on this project.
Pull requests are welcome! Apart from todos littered in the code + bad code that needs fixing / refactoring there is a to-do list here
Install code formatter before starting dev work and set up your editor to auto format code when you save a file
./venv/bin/python -m pip install -U black