secdev02/EasyTokens — reverse-engineered prompt
Reverse engineered prompt
I want a safe lab only demo app that imitates a Microsoft 365 device login campaign for red team training and awareness sessions, but it must not collect real credentials, real OAuth tokens, or talk to Microsoft at all. Make it a Python web app with a simple operator panel where I can create mock campaigns, see their status, and review fake captures stored in SQLite. The victim side should show an enrollment page with the same kind of device code flow feel, then send the user to a harmless post auth search style page using demo data for mail and files. If possible, support multiple campaigns on different ports, optional domain routing through nginx, request logging, and a Docker setup so I can run the panel and the demo pages locally. Keep the UI polished and easy to click through for a webinar or internal exercise. Look up current docs online if you need to.
Want more depth? Deep Reverse