Slack OSINT
Token information gathering
Things that can be obtained with only file:read capability:
import requests
import json
HEADERS = {
"Authorization": f"Bearer xoxb-12311243-1234123412341234-12341234213412341234"
}
proxies = {"http": "socks5h://localhost:9050","https": "socks5h://localhost:9050"}
# Get information about the current team and user.
def auth():
url = "https://slack.com/api/auth.test"
response = requests.get(url, headers=HEADERS, proxies=proxies)
print(json.dumps(response.json(), indent=4))
# Get information about a specified file
def fileinfo():
url = "https://slack.com/api/files.info"
response = requests.get(url, headers=HEADERS, proxies=proxies, params={"file": "F1234566789"})
print(json.dumps(response.json(), indent=4))
# Get a list of files available to the current (bot) user
def filelist():
url = "https://slack.com/api/files.list"
response = requests.get(url, headers=HEADERS, proxies=proxies, params={"team_id": "T123456789"})
print(json.dumps(response.json(), indent=4))