Cyber security

EvilSlackbot: A Cutting-Edge Tool for Enhancing Slack Workspace Security through Red Team and Phishing Simulations

It’s impossible to say enough about how important cybersecurity is in this digital age, where teamwork tools like Slack are essential for business communication. The fact that thousands of businesses use Slack for daily tasks makes the platform vulnerable to cyber dangers. With that, let’s talk about EvilSlackbot, the cutting-edge hacking tool.

EvilSlackbot is a powerful system for running Red Team operations and phishing simulations. It was made to work in Slack workspaces. Its main purpose is to try and improve a company’s defenses against possible Slack-based cyberattacks. This article will go into more detail about what EvilSlackbot can do and how it can be used to automate jobs like sending fake messages, phishing links, and looking for leaked secrets.

We want to make it clear that this tool is only for security experts and that it should only be used by them. Come with us as we go through the features of EvilSlackbot and show how important it is for making Slack workspaces safer.

A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces.

Disclaimer

This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk.

Background

Thousands of organizations utilize Slack to help their employees communicate, collaborate, and interact. Many of these Slack workspaces install apps or bots that can be used to automate different tasks within Slack. These bots are individually provided permissions that dictate what tasks the bot is permitted to request via the Slack API. To authenticate to the Slack API, each bot is assigned an api token that begins with xoxb or xoxp. More often than not, these tokens are leaked somewhere. When these tokens are exfiltrated during a Red Team exercise, it can be a pain to properly utilize them. Now EvilSlackbot is here to automate and streamline that process. You can use EvilSlackbot to send spoofed Slack messages, phishing links, files, and search for secrets leaked in slack.

Phishing Simulations

In addition to red teaming, EvilSlackbot has also been developed with Slack phishing simulations in mind. To use EvilSlackbot to conduct a Slack phishing exercise, simply create a bot within Slack, give your bot the permissions required for your intended test, and provide EvilSlackbot with a list of emails of employees you would like to test with simulated phishes (Links, files, spoofed messages)

Installation

EvilSlackbot requires python3 and Slackclient

pip3 install slackclient

Usage

usage: EvilSlackbot.py [-h] -t TOKEN [-sP] [-m] [-s] [-a] [-f FILE] [-e EMAIL]
                       [-cH CHANNEL] [-eL EMAIL_LIST] [-c] [-o OUTFILE] [-cL]

options:
  -h, --help            show this help message and exit

Required:
  -t TOKEN, --token TOKEN
                        Slack Oauth token

Attacks:
  -sP, --spoof          Spoof a Slack message, customizing your name, icon, etc
                        (Requires -e,-eL, or -cH)
  -m, --message         Send a message as the bot associated with your token
                        (Requires -e,-eL, or -cH)
  -s, --search          Search slack for secrets with a keyword
  -a, --attach          Send a message containing a malicious attachment (Requires -f
                        and -e,-eL, or -cH)

Arguments:
  -f FILE, --file FILE  Path to file attachment
  -e EMAIL, --email EMAIL
                        Email of target
  -cH CHANNEL, --channel CHANNEL
                        Target Slack Channel (Do not include #)
  -eL EMAIL_LIST, --email_list EMAIL_LIST
                        Path to list of emails separated by newline
  -c, --check           Lookup and display the permissions and available attacks
                        associated with your provided token.
  -o OUTFILE, --outfile OUTFILE
                        Outfile to store search results
  -cL, --channel_list   List all public Slack channels

Token

To use this tool, you must provide a xoxb or xoxp token.

Required:
  -t TOKEN, --token TOKEN  (Slack xoxb/xoxp token)
python3 EvilSlackbot.py -t <token>

Attacks

Depending on the permissions associated with your token, there are several attacks that EvilSlackbot can conduct. EvilSlackbot will automatically check what permissions your token has and will display them and any attack that you are able to perform with your given token.

Attacks:
  -sP, --spoof   Spoof a Slack message, customizing your name, icon, etc (Requires -e,-eL, or -cH)

  -m, --message  Send a message as the bot associated with your token (Requires -e,-eL, or -cH)

  -s, --search   Search slack for secrets with a keyword 

  -a, --attach   Send a message containing a malicious attachment (Requires -f and -e,-eL, or -cH)

Spoofed messages (-sP)

With the correct token permissions, EvilSlackbot allows you to send phishing messages while impersonating the botname and bot photo. This attack also requires either the email address (-e) of the target, a list of target emails (-eL), or the name of a Slack channel (-cH)EvilSlackbot will use these arguments to lookup the SlackID of the user associated with the provided emails or channel name. To automate your attack, use a list of emails.

python3 EvilSlackbot.py -t <xoxb token> -sP -e <email address>

python3 EvilSlackbot.py -t <xoxb token> -sP -eL <email list>

python3 EvilSlackbot.py -t <xoxb token> -sP -cH <Channel name>

Phishing Messages (-m)

With the correct token permissions, EvilSlackbot allows you to send phishing messages containing phishing links. What makes this attack different from the Spoofed attack is that this method will send the message as the bot associated with your provided token. You will not be able to choose the name or image of the bot sending your phish. This attack also requires either the email address (-e) of the target, a list of target emails (-eL), or the name of a Slack channel (-cH)EvilSlackbot will use these arguments to lookup the SlackID of the user associated with the provided emails or channel name. To automate your attack, use a list of emails.

python3 EvilSlackbot.py -t <xoxb token> -m -e <email address>

python3 EvilSlackbot.py -t <xoxb token> -m -eL <email list>

python3 EvilSlackbot.py -t <xoxb token> -m -cH <Channel name>

With the correct token permissions, EvilSlackbot allows you to search Slack for secrets via a keyword search. Right now, this attack requires a xoxp token, as xoxb tokens can not be given the proper permissions to keyword search within Slack. Use the -o argument to write the search results to an outfile.

Secret Search (-s)

python3 EvilSlackbot.py -t <xoxp token> -s -o <outfile.txt>

Attachments (-a)

With the correct token permissions, EvilSlackbot allows you to send file attachments. The attachment attack requires a path to the file (-f) you wish to send. This attack also requires either the email address (-e) of the target, a list of target emails (-eL), or the name of a Slack channel (-cH)EvilSlackbot will use these arguments to lookup the SlackID of the user associated with the provided emails or channel name. To automate your attack, use a list of emails.

python3 EvilSlackbot.py -t <xoxb token> -a -f <path to file> -e <email address>

python3 EvilSlackbot.py -t <xoxb token> -a -f <path to file> -eL <email list>

python3 EvilSlackbot.py -t <xoxb token> -a -f <path to file> -cH <Channel name>

Arguments

Arguments:
  -f FILE, --file FILE  Path to file attachment
  -e EMAIL, --email EMAIL  Email of target
  -cH CHANNEL, --channel CHANNEL  Target Slack Channel (Do not include #)
  -eL EMAIL_LIST, --email_list EMAIL_LIST  Path to list of emails separated by newline
  -c, --check   Lookup and display the permissions and available attacks associated with your provided token.
  -o OUTFILE, --outfile OUTFILE Outfile to store search results
  -cL, --channel_list   List all public Slack channels

Channel Search

With the correct permissions, EvilSlackbot can search for and list all of the public channels within the Slack workspace. This can help with planning where to send channel messages. Use -o to write the list to an outfile.

python3 EvilSlackbot.py -t <xoxb token> -cL
Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityEvilSlackbotinformationsecuritykalilinuxkalilinuxtools
1 year ago

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

12 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

12 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

2 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago