Skip to content
Next Generation Phishing Tool For Internal / Red Teams
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Okta Watering Hole

Authors: Alex Bainbridge, Robert Leonard

Okta Watering Hole is an automated tool for setting up an advanced Okta phishing campaign.

It supports a variety of options and should work out of the box to man in the middle all non-U2F 2FA factors. (If a given user has a U2F factor, they are prevented from using it on this phishing site)

Two servers will be created and running, as well as several supporting threads. Reserved ports are 443 and 4158 or (phish), if desired the port can be changed in the source.

*Note - The sessions thread can take a few minutes to quit due to the sleep timer


Usage: [options] target_okta_url replace_okta_url cert.pem key.pem

ex. -q cert.pem key.pem

  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -q, --quiet           don't print status messages to stdout
  -o LOG_FILE, --out-file=LOG_FILE
                        destination of log file for writing setup logs
  -g GO_PHISH, --go-phish=GO_PHISH
                        location of gophish listener
  -p PAYLOAD, --payload=PAYLOAD
                        location of payload to download to users desktop.
                        Named 'okta_web_update'
  -x EXTENSION, --extension=EXTENSION
                        extension for payload option. Default: 'exe
  -c CONTENT_TYPE, --content-type=CONTENT_TYPE
                        content type for payload. Default: 'application/octet-

Screen Caps

alt text

alt text

alt text

alt text

You can’t perform that action at this time.