Hacking Tools

SlackEnum – Mastering User Enumeration On Slack

A specialized tool designed for user enumeration on the Slack platform. This powerful utility aids in identifying active users within a Slack workspace, enhancing both security testing and network analysis.

Learn how to set up and deploy SlackEnum effectively with our step-by-step guide.

Setup

Clone this repository and install the necessary dependencies with the commands below.

git clone https://github.com/Wh1t3Rh1n0/SlackEnum

cd SlackEnum

python3 -m pip install -r requirements.txt

Create the cookies_dir and http_requests_dir folders defined in the settings at the top of slackenum.py.

By default, these are slack_ids-cookiebro and slack_ids-burp and can be created by running the commands below.

mkdir slack_ids-cookiebro

mkdir slack_ids-burp

Basic Usage

Usage:

python3 slackenum.py <TARGET/TARGETS LIST> [--sanity]
  • <TARGET/TARGETS LIST> – May be either a single email address or a file containing one email address per line.
  • --sanity – Option to “sanity check” all Slack identities before launching a long running user enumeration job.

Instructions

  1. Create one or more Slack user accounts from which to execute user enumeration. (Referred to as “Slack identities” or “Slack IDs”.) Multiple accounts (100 or more) are recommended to perform user enumeration at higher/useable speeds.
  2. Log into each user account you’ve created and join the users to the same Slack workspace.
  3. While logged into Slack, use the CookieBro browser extension to export your cookies in JSON format. Save the exported cookies to a file in the slack_ids-cookiebro folder.
  4. Repeat steps 2 and 3 for every additional user account you want to use with SlackEnum.
  5. Edit the settings at the top of slackenum.py. At a minimum, you must change the default_host setting to the Slack subdomain of your workspace.

Example:

# The hostname of the workspace where all your Slack IDs reside.
default_host = 'YOUR-WORKSPACE.slack.com'
  1. Optionally sanity check your Slack IDs before launching a real enumeration campaign by targeting a known-valid Slack account and including the --sanity flag.

Example:

python3 slackenum.py jsmith@example.com

7. When everything is ready, start enumerating users.

python3 slackenum.py targets.txt

When SlackEnum first launches, it will print statistics about:

  • the number of Slack IDs you have loaded,
  • the number of users you are targeting,
  • your timing options,
  • and some estimations of how long enumeration could take, based on all of those factors.
Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtoolsSlackEnum
3 hours ago

Recent Posts

SharpExclusionFinder – Streamlining Windows Defender Exclusion Checks With Advanced Scanning Capabilities

This C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool…

15 mins ago

Argus – The Ultimate Python Toolkit For Advanced Network Reconnaissance

Argus is an all-in-one, Python-powered toolkit designed to streamline the process of information gathering and…

2 hours ago

Operation Archive – Documenting The Dark Web’s Takedown

This repository will be used to add documents, pictures, etc on LEA efforts; Indictments, Seizure…

4 days ago

Java Deserialization Cheat Sheet – Detecting And Exploiting Vulnerabilities

A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization…

4 days ago

RedELK – Enhancing Red Team Operations And Blue Team Detection Through Centralized SIEM

Short: a Red Team's SIEM. Longer: a Red Team's SIEM that serves two main goals:…

5 days ago

SharpTerminator – A Guide To Automating AV/EDR Disruption With C# Port

C# port of ZeroMemoryEx's Terminator, so all hail goes to him. Usage You can download…

5 days ago