Added Slack Support

rohitcoder · rohitcoder · commit 68f9b1871b8d · 2023-11-10T22:35:37.000+05:30
diff --git a/connection.yml.sample b/connection.yml.sample
@@ -61,3 +61,12 @@ sources:
         - private
         - venv
         - node_modules
+
+  slack:
+    slack_example:
+      token: xoxp-XXXXXXXXXXXXXXXXXXXXXXXXX # get your slack app these permissiosn https://api.slack.com/methods/team.info and https://api.slack.com/methods/conversations.list
+      channel_types: "public_channel,private_channel"
+      # Optional: List of channel names to check
+      # channel_names:
+      #   - general
+      #   - random
diff --git a/hawk_scanner/commands/slack.py b/hawk_scanner/commands/slack.py
@@ -0,0 +1,101 @@
+import re
+from slack_sdk import WebClient
+from slack_sdk.errors import SlackApiError
+from hawk_scanner.internals import system
+from rich.console import Console
+
+console = Console()
+
+def connect_slack(token):
+    try:
+        client = WebClient(token=token)
+        # Test the connection by making an API call
+        response = client.auth_test()
+        if response["ok"]:
+            system.print_info("Connected to Slack")
+            return client
+        else:
+            system.print_error("Failed to authenticate with Slack")
+            return None
+    except SlackApiError as e:
+        system.print_error(f"Failed to connect to Slack with error: {e.response['error']}")
+        return None
+
+def check_slack_messages(client, patterns, profile_name, channel_types, channel_names=None):
+    results = []
+    try:
+        team_info = client.team_info()
+        workspace_url = team_info["team"]["url"].rstrip('/')
+        # Get all channels of specified types
+        channels = client.conversations_list(types=channel_types)["channels"]
+
+        # Filter channels by names if provided
+        if channel_names:
+            channels = [channel for channel in channels if channel['name'] in channel_names]
+        
+        system.print_info(f"Found {len(channels)} channels of type {channel_types}")
+        system.print_info(f"Checking messages in channels: {', '.join([channel['name'] for channel in channels])}")
+        
+        for channel in channels:
+            channel_name = channel["name"]
+            channel_id = channel["id"]
+
+            # Get messages from the channel
+            system.print_info(f"Checking messages in channel {channel_name} ({channel_id})")
+            messages = client.conversations_history(channel=channel_id)["messages"]
+
+            for message in messages:
+                user = message.get("user", "")
+                text = message.get("text")
+                if text:
+                    matches = system.match_strings(text)
+                    if matches:
+                        for match in matches:
+                            results.append({
+                                'channel_id': channel_id,
+                                'channel_name': channel_name,
+                                'user': user,
+                                'pattern_name': match['pattern_name'],
+                                'matches': list(set(match['matches'])),
+                                'sample_text': match['sample_text'],
+                                'profile': profile_name,
+                                'message_link': workspace_url + f"/archives/{channel_id}/p{message['ts'].replace('.', '')}",
+                                'data_source': 'slack'
+                            })
+        return results
+    except SlackApiError as e:
+        system.print_error(f"Failed to fetch messages from Slack with error: {e.response['error']}")
+        return results
+
+def execute(args):
+    results = []
+    system.print_info("Running Checks for Slack Sources")
+    connections = system.get_connection()
+
+    if 'sources' in connections:
+        sources_config = connections['sources']
+        slack_config = sources_config.get('slack')
+
+        if slack_config:
+            patterns = system.get_fingerprint_file()
+
+            for key, config in slack_config.items():
+                token = config.get('token')
+                channel_types = config.get('channel_types', "public_channel,private_channel")
+                channel_names = config.get('channel_names', None)
+
+                if token:
+                    system.print_info(f"Checking Slack Profile {key}")
+                else:
+                    system.print_error(f"Incomplete Slack configuration for key: {key}")
+                    continue
+
+                client = connect_slack(token)
+                if client:
+                    results += check_slack_messages(client, patterns, key, channel_types, channel_names)
+        else:
+            system.print_error("No Slack connection details found in connection.yml")
+    else:
+        system.print_error("No 'sources' section found in connection.yml")
+
+    return results
diff --git a/hawk_scanner/main.py b/hawk_scanner/main.py
@@ -21,7 +21,7 @@ def clear_screen():
 console = Console()
 
 ## Now separate the results by data_source
-data_sources = ['s3', 'mysql', 'redis', 'firebase', 'gcs', 'fs', 'postgresql', 'mongodb']
+data_sources = ['s3', 'mysql', 'redis', 'firebase', 'gcs', 'fs', 'postgresql', 'mongodb', 'slack']
 
 def load_command_module(command):
     try:
@@ -95,6 +95,8 @@ def main():
             table.add_column("File Path")
         elif group == 'mongodb':
             table.add_column("Host > Database > Collection > Field")
+        elif group == 'slack':
+            table.add_column("Channel Name > Message Link")
 
         table.add_column("Pattern Name")
         table.add_column("Total Exposed")
@@ -202,7 +204,34 @@ def main():
                 )
 
                 system.SlackNotify(AlertMsg)
-
+            elif group == 'slack':
+                table.add_row(
+                    str(i),
+                    result['profile'],
+                    f"{result['channel_name'] } > {result['message_link']}",
+                    result['pattern_name'],
+                    str(len(result['matches'])),
+                    records_mini,
+                    result['sample_text'],
+                )
+                AlertMsg = """
+                *** PII Or Secret Found ***
+                Data Source: Slack - {vulnerable_profile}
+                Channel Name: {channel_name}
+                Mesasge Link: {message_link}
+                Pattern Name: {pattern_name}
+                Total Exposed: {total_exposed}
+                Exposed Values: {exposed_values}
+                """.format(
+                    vulnerable_profile=result['profile'],
+                    channel_name=result['channel_name'],
+                    message_link=result['message_link'],
+                    pattern_name=result['pattern_name'],
+                    total_exposed=str(len(result['matches'])),
+                    exposed_values=records_mini
+                )
+                
+                system.SlackNotify(AlertMsg)
             elif group == 'postgresql':
                 table.add_row(
                     str(i),
diff --git a/readme.md b/readme.md
@@ -17,7 +17,7 @@
 
 ### 🦅 HAWK Eye - Highly Advanced Watchful Keeper Eye
 
-HAWK Eye is a powerful and versatile CLI (Command-Line Interface) tool designed to be your vigilant watchkeeper, guarding against potential data breaches and cyber threats across various platforms. Inspired by the precision and vision of majestic birds of prey, HAWK Eye swiftly scans multiple data sources, including S3, MySQL, PostgreSQL, MongoDB, Redis, Firebase, filesystem, and Google Cloud buckets (GCS), for Personally Identifiable Information (PII) and secrets.
+HAWK Eye is a powerful and versatile CLI (Command-Line Interface) tool designed to be your vigilant watchkeeper, guarding against potential data breaches and cyber threats across various platforms. Inspired by the precision and vision of majestic birds of prey, HAWK Eye swiftly scans multiple data sources, including S3, MySQL, PostgreSQL, MongoDB, Slack, Redis, Firebase, filesystem, Slack, and Google Cloud buckets (GCS), for Personally Identifiable Information (PII) and secrets.
 
 
 ### Why "HAWK Eye"?
@@ -127,6 +127,11 @@ Note: If you don't provide any command, it will run all commands (firebase, fs,
             mongodb
          <td>Scan MongoDB profiles for PII and secrets data.</td>
       </tr>
+      <tr>
+         <td>
+            slack
+         <td>Scan slack profiles for PII and secrets data.</td>
+      </tr>
       <tr>
          <td>
             postgresql
@@ -246,6 +251,16 @@ sources:
         - .docx
         - venv
         - node_modules
+   
+   slack:
+    slack_example:
+      token: xoxp-XXXXXXXXXXXXXXXXXXXXXXXXX # get your slack app these permissiosn https://api.slack.com/methods/team.info and https://api.slack.com/methods/conversations.list
+      channel_types: "public_channel,private_channel"
+      # Optional: List of channel names to check
+      # channel_names:
+      #   - general
+      #   - random
+
 ```
 
 You can add or remove profiles from the connection.yml file as needed. You can also configure only one or two data sources if you don't need to scan all of them.
diff --git a/requirements.txt b/requirements.txt
@@ -4,6 +4,7 @@ rich
 mysql-connector-python
 redis
 firebase-admin
+slack-sdk
 google-cloud-core
 google-cloud-storage
 pymongo==3.13.0
diff --git a/setup.py b/setup.py
@@ -11,7 +11,7 @@
 setup(
     name='hawk_scanner',
     version=VERSION,   
-    description='A powerful scanner to scan your Filesystem, S3, MongoDB, MySQL, PostgreSQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.',
+    description='A powerful scanner to scan your Filesystem, S3, MongoDB, MySQL, PostgreSQL, Redis, Slack, Google Cloud Storage and Firebase storage for PII and sensitive data.',
     long_description=long_description,
     long_description_content_type="text/markdown",
     url='https://github.com/rohitcoder/hawk-eye',
