SlackPirate Versions Save

Huge thanks to @Robtova for implementing interactive mode.

You can now run SlackPirate in interactive mode by using the --interactive flag. The tool will run you through the process of copy/pasting the Slack Cookie/Token, choosing a Workspace (or multiple!) and lastly, choosing scan options.

"This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)"

Unfortunately, my regex skills weren't/aren't leet enough - the response pages now include a funky mix of back slashes and forward slashes.

I updated the regex to simply look for <anything>.slack.com. Previously it was looking for https://<anything>.slack.com. It broke because the response now looks like https:\\/\\/<anything>.slack.com

Updated the regex which discovers the Workspaces that a cookie has access to. This regex usually breaks when Slack updates their website - I think I've made it robust enough to withstand future website updates :)

Big thanks to @milangfx and his hard work for this release 👍

• Support for --verbose flag which will output .csv files with far more information such as the channel the item was found in, who posted it and my favourite, a perma-link to the message in Slack.

Full list of headers recorded:

'timestamp', 'link', 'channel_id', 'channel_name', 'user_id', 'user_name', 'regex_results'

• Take two. Fix cookie handling (encoding/decoding) for real this time.
• Improved credential harvesting regex. More work to be done here but it's a start.

• Cookies that were not URL encoded would fail to retrieve Workspaces and tokens. We now handle this by encoding any cookies that aren't encoded. Thanks @milangfx :)

PR: #42

• Fix an issue with downloads crashing out in certain scenarios - thanks @westonlit
• Fix an issue retrieving Workspace tokens using the --cookie flag which was caused by a front end change by Slack

• The tool now grabs the latest browser (chrome/firefox) and operating system (windows/osx) from the https://user-agent.io API.

This makes it more difficult to detect the tool in the logs as requests will appear to come from a 'modern and up to date browser'.

• Files are now downloaded asynchronously
• File download operation now displays useful information such as current file(s) being downloaded
• Fixed problem where certain file-types would not download properly. This was due to older User-Agent header strings - the list has now been updated with more up-to-date UA strings

• Running SlackPirate.py with the --cookie flag will now print whether a token is an admin token or not alongside each Workspace returned.

i.e., if a cookie returns 10 Workspaces, it will be immediately obvious which ones are privileged tokens and which ones aren't.