CVE-2022-39292

CVE-2022-39292 affects Slack Morphism, a Rust client library for Slack Web/Events API/Socket Mode and Block Kit. Vulnerability: debug logs can disclose sensitive webhook URLs containing private information. The issue is mitigated by upgrading to version 1.3.2, which redacts sensitive webhook URLs...

SlackPirate - Slack Enumeration And Extraction Tool - Extract Sensitive Information From A Slack Workspace

This is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million customers and that number is rapidly rising - the integration and 'ChatOps' possibilities are endless and...

Slack: Workspace configuration metadata disclosure

Slack allows users to create a Workspace using the Get Started page, located at https://slack.com/get-started/create. This process uses workspace metadata to direct the user-provided email address to existing Slack accounts. However, if a domain pertaining to an Enterprise customer is submitted...

Burpa - A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...

Man-in-the-Middle (MitM)

github.com/nlopes/slack is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the usage of hardcoded non-HTTPS Slack API URL...