Phishing Application

$ python3 phishing_app.py --name <DISPLAY_NAME> --redirect_uri <REDIRECT_URI>

This generates a terraform format HCL file for phishing_app.tf.

Example 1:

python3 phishing_app.py

Example 2:

python3 phishing_app.py --name EvilApp --redirect_uri https://www.evil-app.com/get_token 

Important Note

This generator lives in the generators/phishing_app directory. Navigate into this directory first.

cd generators/phishing_app

The following Graph API delegated scope permissions are automatically created for the application:

Contacts.Read
Mail.Read
Mail.Send
Files.Read
Files.Read.All
Files.ReadWrite.All
User.Read

API permissions can be customized by adding the id for the correct permission, as shown in the code block below:

    resource_access {
      id   = "570282fd-fa5c-430d-a7fd-fc8dc98a9dca" #  Mail.Read
      type = "Scope"
    }

Full command line parameters

--name <DISPLAY_NAME>: Specify the display name for the application (Default: Sample App)

--redirect_uri <REDIRECT_URI>: The redirect uri that the application uses to receive OAuth tokens. (Default: "http://localhost:30662/gettoken")

--homepage_url <HOMEPAGE_URL>: The homepage URL used by the application. (Default: "https://localhost:30662")

--logout_url <LOGOUT_URL>: The logout URL used by the application. (Default: "https://localhost:30662/logout")

Demo

A video demonstration of building an application consent phishing lab with options and illustrations.