Add SlackBotEnum.py for bot token enumeration

[l0lsec]

Summary

This PR adds a new tool (SlackBotEnum.py) for enumerating Slack workspaces using bot tokens (xoxb-), and enhances the existing SlackPirate.py with channel-specific scanning and improved bot token support.

New Features

SlackBotEnum.py

A dedicated bot token enumeration tool that can:

• Validate bot tokens and extract auth info
• Enumerate users - full list with admins, owners, emails, titles
• Enumerate channels - public, private, DMs, group DMs
• Read message history from channels the bot is a member of
• List files with download URLs
• Get custom emoji, user groups, pins, and bookmarks
• Check admin API access (Enterprise Grid)
• Search messages for keywords (passwords, secrets, API keys, etc.)
• Probe token capabilities to determine available scopes

SlackPirate.py Enhancements

• Added --channel flag for channel-specific scans
• Improved bot token (xoxb-) support (no cookie required)
• Better error handling for API responses

Usage

# Full enumeration
python SlackBotEnum.py --token xoxb-your-bot-token

# Quick mode (auth, team, channels only)
python SlackBotEnum.py -t xoxb-token --quick

# With custom search terms
python SlackBotEnum.py -t xoxb-token -v --search "aws" "database"

Output

Results saved as JSON files including:

• auth_info.json, team_info.json
• users.json, channels.json
• conversations.json, files.json
• pins.json, bookmarks.json
• detected_scopes.json