GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a command-line interface or a web dashboard, offering comprehensive features such as logging, analytics, and token management. “We designed GitPhish explicitly for security teams looking to conduct assessments and build detection capabilities around Device Code Phishing in … More

The post GitPhish: Open-source GitHub device code flow security assessment tool appeared first on Help Net Security.