A tool that provides a web interface to easily perform GitHub Device Code phishing
Offensive Phishing Operations Course Syllabus
Malware Development Course Syllabus
- Python 3.8 or higher
- Pip
# Clone the repository
git clone https://github.com/yourusername/github-device-phishing.git
cd github-device-phishing
# Install dependencies
pip install -r requirements.txt
# Run the application
python main.py# Build and run with Docker
docker build -t github-phishing .
docker run -p 3000:3000 -p 8080:8080 github-phishing
# Or use docker-compose
docker-compose up -dThe application hosts two interfaces:
-
Admin interface - This is available on
localhost:3000and allows you to create new operations, view captured tokens, user information and more. -
Phishing Interface - This is available on
localhost:8080and is a GitHub-styled device code authorization page with dynamic code generation for each visitor. Note that the port can be changed from the admin interface.
Creating a new operation.
Device code authorization page.
Live view of access history and captured tokens.
Huge thanks to @0xh3l1x for developing this tool as part of the Offensive Phishing Operations training update.
Warning
This tool is intended for use in authorized security engagements only. Use responsibly and in accordance with all applicable laws.