Today I am open-sourcing SlackPirate; a tool I developed over the last couple weeks, designed to enumerate and extract sensitive/interesting/confidential data from a Slack Workspace.
Red teamers can use this during an assessment to extract sensitive information which can significantly contribute to the discovery/recon/enumeration phase of the assessment by analysing data such as credentials, internal system documentation and scripts, links to internal build systems, etc.
Blue teamers can use this to discover sensitive content that may exist on a Workspace that perhaps shouldn’t. You can use this information to start looking at ways to increase the security of your Workspace. Activities such as (1) raising awareness internally of the issue – including but not limited to personnel training sessions, using Slack more securely by limiting where sensitive data is shared (think private channel vs. public) (2) Detection and response – do you have the ability to detect someone extracting all your corporate data from Slack? (3) Review the configuration of your Workspace – are you still allowing [email protected] access to your Slack even though example.com has long expired and can be registered by anyone on the internet? (4) There are probably more I haven’t thought about but you get the idea.
Here’s the link to the repository – have fun pointing it at your Slack! https://github.com/emtunc/SlackPirate
If you do use the tool, please leave feedback – I’d love to know if you found it helpful and what else I could do to make it even more useful.
If you have any feature requests, enhancements or bug reports, please file an issue on Github