From c71d1095488e706b6bb1b6a4b3a13d9fc6834dfa Mon Sep 17 00:00:00 2001 From: Weston Littrell Date: Wed, 30 Oct 2019 10:58:11 -0500 Subject: [PATCH 1/2] address issues with downloading files; fix emtunc/SlackPirate#39 and emtunc/SlackPirate#40 --- .gitignore | 3 ++- SlackPirate.py | 29 +++++++++++++++++------------ 2 files changed, 19 insertions(+), 13 deletions(-) mode change 100644 => 100755 SlackPirate.py diff --git a/.gitignore b/.gitignore index e5abae1..b3e23cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .*/ -__pycache__ \ No newline at end of file +__pycache__ +SlackPirate/ \ No newline at end of file diff --git a/SlackPirate.py b/SlackPirate.py old mode 100644 new mode 100755 index 0175d1b..cb0c7d4 --- a/SlackPirate.py +++ b/SlackPirate.py @@ -617,7 +617,10 @@ def _download_file(url: str, output_filename: str, token: str, user_agent: str, headers = {'Authorization': 'Bearer ' + token, 'User-Agent': user_agent} response = requests.get(url, headers=headers) - open("{}/{}".format(download_directory, output_filename), 'wb').write(response.content) + output_file = open("{}/{}".format(download_directory, output_filename), 'wb') + output_file.write(response.content) + output_file.close() + completion_message = "Completed downloading [{}]".format(output_filename) q.put(termcolor.colored(completion_message, "white", "on_green")) except requests.exceptions.RequestException as ex: @@ -660,16 +663,18 @@ def download_interesting_files(token, scan_context: ScanningContext): request_url = "https://slack.com/api/search.files" params = dict(token=token, query="\"{}\"".format(query), pretty=1, count=100, page=str(page)) response_json = requests.get(request_url, params=params, headers=query_header).json() - sleep_if_rate_limited(response_json) - new_files = [new_file for new_file in response_json['files']['matches'] if - new_file['id'] not in unique_file_id] - for new_file in new_files: - unique_file_id.add(new_file['id']) - file_name = new_file['id'] + "-" + new_file['name'] - safe_filename = bad_chars_re.sub('_', file_name) # use underscores to replace tricky characters - file_dl_args = (new_file['url_private'], safe_filename) + common_file_dl_params - file_requests.append(Process(target=_download_file, args=file_dl_args)) - page += 1 + if not sleep_if_rate_limited(response_json): + new_files = [new_file for new_file in response_json['files']['matches'] if + new_file['id'] not in unique_file_id] + for new_file in new_files: + unique_file_id.add(new_file['id']) + file_name = new_file['id'] + "-" + new_file['name'] + safe_filename = bad_chars_re.sub('_', file_name) # use underscores to replace tricky characters + file_dl_args = (new_file['url_private'], safe_filename) + common_file_dl_params + file_requests.append(Process(target=_download_file, args=file_dl_args)) + page += 1 + else: + continue # Now actually start the requests if file_requests: @@ -728,7 +733,7 @@ def file_cleanup(input_file, scan_context: ScanningContext): help='enable retrieval of team access logs') parser.add_argument('--no-team-access-logs', dest='team_access_logs', action='store_false', help='disable retrieval of team access logs') - parser.add_argument('--user-list', dest='user_list', action='store_true', + parser.add_argument('--user-list', dest='user_list', action='store_true', help='enable retrieval of user list') parser.add_argument('--no-user-list', dest='user_list', action='store_false', help='disable retrieval of user list') From 74e82e6f99c09a2ba4a8ba69b017fee1bf02a504 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikail=20Tun=C3=A7?= Date: Wed, 30 Oct 2019 22:10:49 +0000 Subject: [PATCH 2/2] Updated to allow tool to retrieve Slack tokens again Slack changed the way the application works such that the XOX tokens are not returned in workspace.slack.com anymore (in fact there's a new token type which starts with XOXC - I haven't figured out what these are yet - maybe some sort of temp tokens). Anyway, the good news is that we can still retrieve the tokens we need by calling /customize/emoji - hopefully that doesn't change any time soon :) --- SlackPirate.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SlackPirate.py b/SlackPirate.py index cb0c7d4..6aedc89 100755 --- a/SlackPirate.py +++ b/SlackPirate.py @@ -74,8 +74,8 @@ # Regex constants with explanatory links # https://regex101.com/r/9GRaem/1 ALREADY_SIGNED_IN_TEAM_REGEX = r"already_signed_in_team\" href=\"([a-zA-Z0-9:./-]+)" -# https://regex101.com/r/2Hz8AX/1 -SLACK_API_TOKEN_REGEX = r"api_token: \"(xox[a-zA-Z]-[a-zA-Z0-9-]+)\"" +# https://regex101.com/r/2Hz8AX/2 +SLACK_API_TOKEN_REGEX = r"\"api_token\":\"(xox[a-zA-Z]-[a-zA-Z0-9-]+)\"" # https://regex101.com/r/cSZW0G/1 WORKSPACE_VALID_EMAILS_REGEX = r"email-domains-formatted=\"(@.+?)[\"]" # https://regex101.com/r/jWrF8F/2 @@ -168,7 +168,7 @@ def display_cookie_tokens(cookie, user_agent): if already_signed_in_match: print(termcolor.colored("This cookie has access to the following Workspaces: \n", "white", "on_blue")) for workspace in already_signed_in_match: - r = requests.get(workspace, cookies=cookie) + r = requests.get(workspace + "/customize/emoji", cookies=cookie) regex_tokens = re.findall(SLACK_API_TOKEN_REGEX, str(r.content)) for slack_token in regex_tokens: collected_scan_context = init_scanning_context(token=slack_token, user_agent=user_agent)