[Enhancement] Use this to add/vote for new data sources/scans #15
Comments
|
Slack tokens - look for Slack tokens that may have been leaked within a Slack Workspace. This could allow an attacker to pivot to a more privileged user or someone whose account can be used to phish other users for example. |
|
Github tokens - unless there's a unique way to differentiate these from other 40 character strings then this might introduce some false positives. Worth a try though. |
|
Azure secret keys |
|
Google Cloud Platform secret keys |
|
Password and/or tokens in URLs |
|
Pull the content of pinned items in each channel. Often times these are solutions for recurring problems within a team ("what was the GOCD login?", "Where are the Chef credentials?") |
|
API Reference for listing pinned items: https://api.slack.com/methods/pins.list May also require listing channels (https://api.slack.com/methods/channels.list) as the channel with the pinned items must be specified |
This has been implemented in #4c28daf |
Let's use this ticket to add and vote on new scan types and data sources that can be added to the tool.
Most voted comments are prioritised first.
The text was updated successfully, but these errors were encountered: