diff --git a/CHANGELOG.md b/CHANGELOG.md index fa8e844..95faa02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## [4.0.2] - 2023-06-14 +### Added +- Added notification for an invalid cookie being passed (Fixes #47) +### Fixed +- JSON output for User and Workspace information was malformed, this has now been fixed + ## [4.0.1] - 2023-05-05 ### Changed - User output in stdout logging now includes display name and email. The accounts for cases where usernames are nonsensical. diff --git a/src/slack_watchman/__version__.py b/src/slack_watchman/__version__.py index 8e4317d..5ed6c6f 100644 --- a/src/slack_watchman/__version__.py +++ b/src/slack_watchman/__version__.py @@ -25,7 +25,7 @@ ] __title__ = 'Slack Watchman' -__version__ = '4.0.1' +__version__ = '4.0.2' __summary__ = 'Monitoring and enumerating Slack for exposed secrets' __author__ = 'PaperMtn' __email__ = 'papermtn@protonmail.com' diff --git a/src/slack_watchman/exceptions.py b/src/slack_watchman/exceptions.py index 4fe4533..aa3d7fc 100644 --- a/src/slack_watchman/exceptions.py +++ b/src/slack_watchman/exceptions.py @@ -27,6 +27,17 @@ def __init__(self, config_entry): super().__init__(self.message) +class InvalidCookieError(Exception): + """ Exception raised when the provided cookie is not valid, or it does not + nave access to the workspace given. + """ + + def __init__(self, domain): + self.message = "The cookie may not be valid or, if it is valid," \ + f" the user it belongs to cant authenticate to the Slack workspace {domain}" + super().__init__(self.message) + + class SlackScopeError(Exception): """ Exception raised when the authed user doesn't have the required API scopes """ diff --git a/src/slack_watchman/slack_wrapper.py b/src/slack_watchman/slack_wrapper.py index 6687226..8df1ae6 100644 --- a/src/slack_watchman/slack_wrapper.py +++ b/src/slack_watchman/slack_wrapper.py @@ -73,7 +73,12 @@ def _get_session_token(self) -> str: r = requests.get(self.url, cookies=self.cookie_dict).text regex = '(xox[a-zA-Z]-[a-zA-Z0-9-]+)' - return re.search(regex, r)[0] + try: + return re.search(regex, r)[0] + except TypeError: + raise exceptions.InvalidCookieError(self.url) + except: + raise def _make_request(self, url, params=None, data=None, method='GET', verify_ssl=True): try: diff --git a/src/slack_watchman/sw_logger.py b/src/slack_watchman/sw_logger.py index 3e3c3da..8cb8f70 100644 --- a/src/slack_watchman/sw_logger.py +++ b/src/slack_watchman/sw_logger.py @@ -195,7 +195,7 @@ def print_header(self) -> None: """ + Style.RESET_ALL ) print(' Slack Watchman ') - print(Style.DIM + ' Detect exposed secrets in Slack ' + Style.RESET_ALL) + print(Style.DIM + ' Slack enumeration and exposed secrets detection tool ' + Style.RESET_ALL) print(' ') print(Style.BRIGHT + ' by PaperMtn - GNU General Public License') print(' '.ljust(79) + Fore.GREEN) @@ -219,9 +219,9 @@ def __init__(self, name: str = 'Slack Watchman', **kwargs): self.success_format = logging.Formatter( '{"timestamp": "%(asctime)s", "level": "SUCCESS", "message": "%(message)s"}') self.user_format = logging.Formatter( - '{"timestamp": "%(asctime)s", "level": "USER", "message": "%(message)s"}') + '{"timestamp": "%(asctime)s", "level": "USER", "message": %(message)s}') self.workspace_format = logging.Formatter( - '{"timestamp": "%(asctime)s", "level": "WORKSPACE", "message": "%(message)s"}') + '{"timestamp": "%(asctime)s", "level": "WORKSPACE", "message": %(message)s}') self.logger = logging.getLogger(self.name) self.handler = logging.StreamHandler(sys.stdout) self.logger.addHandler(self.handler)