Merge pull request #48 from PaperMtn/release/4.0.2

Release/4.0.2

CHANGELOG.md

@@ -1,3 +1,9 @@
+## [4.0.2] - 2023-06-14
+### Added
+- Added notification for an invalid cookie being passed (Fixes #47)
+### Fixed
+- JSON output for User and Workspace information was malformed, this has now been fixed
+
 ## [4.0.1] - 2023-05-05
 ### Changed
 - User output in stdout logging now includes display name and email. The accounts for cases where usernames are nonsensical.

src/slack_watchman/__version__.py

@@ -25,7 +25,7 @@
 ]
 
 __title__ = 'Slack Watchman'
-__version__ = '4.0.1'
+__version__ = '4.0.2'
 __summary__ = 'Monitoring and enumerating Slack for exposed secrets'
 __author__ = 'PaperMtn'
 __email__ = '[email protected]'

src/slack_watchman/exceptions.py

@@ -27,6 +27,17 @@ def __init__(self, config_entry):
         super().__init__(self.message)
 
 
+class InvalidCookieError(Exception):
+    """ Exception raised when the provided cookie is not valid, or it does not
+        nave access to the workspace given.
+    """
+
+    def __init__(self, domain):
+        self.message = "The cookie may not be valid or, if it is valid," \
+                       f" the user it belongs to cant authenticate to the Slack workspace {domain}"
+        super().__init__(self.message)
+
+
 class SlackScopeError(Exception):
     """ Exception raised when the authed user doesn't have the required API scopes
     """

src/slack_watchman/slack_wrapper.py

@@ -73,7 +73,12 @@ def _get_session_token(self) -> str:
         r = requests.get(self.url, cookies=self.cookie_dict).text
         regex = '(xox[a-zA-Z]-[a-zA-Z0-9-]+)'
 
-        return re.search(regex, r)[0]
+        try:
+            return re.search(regex, r)[0]
+        except TypeError:
+            raise exceptions.InvalidCookieError(self.url)
+        except:
+            raise
 
     def _make_request(self, url, params=None, data=None, method='GET', verify_ssl=True):
         try:

src/slack_watchman/sw_logger.py

@@ -195,7 +195,7 @@ def print_header(self) -> None:
         """ + Style.RESET_ALL
               )
         print('   Slack Watchman     ')
-        print(Style.DIM + '   Detect exposed secrets in Slack      ' + Style.RESET_ALL)
+        print(Style.DIM + '   Slack enumeration and exposed secrets detection tool      ' + Style.RESET_ALL)
         print('  ')
         print(Style.BRIGHT + '   by PaperMtn - GNU General Public License')
         print(' '.ljust(79) + Fore.GREEN)
@@ -219,9 +219,9 @@ def __init__(self, name: str = 'Slack Watchman', **kwargs):
         self.success_format = logging.Formatter(
             '{"timestamp": "%(asctime)s", "level": "SUCCESS", "message": "%(message)s"}')
         self.user_format = logging.Formatter(
-            '{"timestamp": "%(asctime)s", "level": "USER", "message": "%(message)s"}')
+            '{"timestamp": "%(asctime)s", "level": "USER", "message": %(message)s}')
         self.workspace_format = logging.Formatter(
-            '{"timestamp": "%(asctime)s", "level": "WORKSPACE", "message": "%(message)s"}')
+            '{"timestamp": "%(asctime)s", "level": "WORKSPACE", "message": %(message)s}')
         self.logger = logging.getLogger(self.name)
         self.handler = logging.StreamHandler(sys.stdout)
         self.logger.addHandler(self.handler)