Skip to content

Releases: emtunc/SlackPirate

Interactive Mode!

16 Aug 20:57
@emtunc emtunc
0.20
9788be6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Interactive Mode! Latest
Latest

Huge thanks to @Robtova for implementing interactive mode.

You can now run SlackPirate in interactive mode by using the --interactive flag. The tool will run you through the process of copy/pasting the Slack Cookie/Token, choosing a Workspace (or multiple!) and lastly, choosing scan options.

Assets 2
Loading

Regex Update

03 Aug 20:06
@emtunc emtunc
0.17
e93c58b
Compare
Choose a tag to compare
Regex Update

"This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)"

Unfortunately, my regex skills weren't/aren't leet enough - the response pages now include a funky mix of back slashes and forward slashes.

I updated the regex to simply look for <anything>.slack.com. Previously it was looking for https://<anything>.slack.com. It broke because the response now looks like https:\\/\\/<anything>.slack.com

Assets 2
Loading

Regex Update

22 May 11:44
@emtunc emtunc
0.16
51561e6
Compare
Choose a tag to compare
Regex Update

Updated the regex which discovers the Workspaces that a cookie has access to. This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)

Assets 2
Loading

Verbose flag now available

01 Apr 10:06
@emtunc emtunc
0.15
814a7a2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Verbose flag now available

Big thanks to @milangfx and his hard work for this release 👍

  • Support for --verbose flag which will output .csv files with far more information such as the channel the item was found in, who posted it and my favourite, a perma-link to the message in Slack.

Full list of headers recorded:

'timestamp', 'link', 'channel_id', 'channel_name', 'user_id', 'user_name', 'regex_results'

Assets 2
Loading

Better cookie handling and improved credential regex

27 Mar 10:37
@emtunc emtunc
0.14
629a2f2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Better cookie handling and improved credential regex
  • Take two. Fix cookie handling (encoding/decoding) for real this time.
  • Improved credential harvesting regex. More work to be done here but it's a start.
Assets 2
Loading

Handle Cookie URL Encoding

03 Nov 19:41
@emtunc emtunc
0.13
3349701
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Handle Cookie URL Encoding
  • Cookies that were not URL encoded would fail to retrieve Workspaces and tokens. We now handle this by encoding any cookies that aren't encoded. Thanks @milangfx :)
Assets 2
Loading

Fix for downloads and token retrieval

30 Oct 22:21
@emtunc emtunc
0.12
079cc07
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix for downloads and token retrieval

PR: #42

  • Fix an issue with downloads crashing out in certain scenarios - thanks @westonlit
  • Fix an issue retrieving Workspace tokens using the --cookie flag which was caused by a front end change by Slack
Assets 2
Loading

Latest User-Agent headers are now pulled dynamically from an API

29 Jan 13:19
@emtunc emtunc
0.11
0c15149
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Latest User-Agent headers are now pulled dynamically from an API
  • The tool now grabs the latest browser (chrome/firefox) and operating system (windows/osx) from the https://user-agent.io API.

This makes it more difficult to detect the tool in the logs as requests will appear to come from a 'modern and up to date browser'.

Assets 2
Loading

Asynchronous File downloads and Optimisations

17 Jan 22:41
@emtunc emtunc
0.10
b87dd16
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Asynchronous File downloads and Optimisations
  • Files are now downloaded asynchronously
  • File download operation now displays useful information such as current file(s) being downloaded
  • Fixed problem where certain file-types would not download properly. This was due to older User-Agent header strings - the list has now been updated with more up-to-date UA strings
Assets 2
Loading

More useful messages printed when using --cookie

16 Jan 00:08
@emtunc emtunc
0.9
acb1f0b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
More useful messages printed when using --cookie
  • Running SlackPirate.py with the --cookie flag will now print whether a token is an admin token or not alongside each Workspace returned.

i.e., if a cookie returns 10 Workspaces, it will be immediately obvious which ones are privileged tokens and which ones aren't.

Assets 2
Loading