Slack Secret Scanner

Number of APIs: 4

What does this collection do?

While sharing sensitive credentials via Slack can be the easiest way, It poses a significant risk if the malicious outsider gains access to the organization's slack workspace.

Using this collection, you can monitor messages sent in slack channels accessible to you for sensitive credential and API Key leaks.

Who this collection is for?

Security or Engineering teams who want to automate the discovery of leaked secrets in Slack. We can set up a Qodex monitor to periodically scan Slack channels through this collection and get results in a specified Slack channel.

Setup

To get started, you'll need to fork the Slack Secret Scanner collection & environment to your workspace ([Learn how to fork environments and collections] select the forked environment and follow the steps below:

Step 1: Create a new slack app (https://api.slack.com/apps).

Step 2: Goto OAuth & Permissions tab of the newly created slack app and add the following scopes in Bot Token Scopes:

channels:history, channels:join, channels:read, chat:write, groups:history, groups:read, im:history, mpim:history, mpim:read

Step 3: Click on Install the App to your workspace and copy the generated Bot User OAuth Token.

Step 4: Set copied token in the BotOAuthToken environment variable in the forked environment.

Step 5: Add the ID of the slack channel where you want to send the information on the leaked secrets in the notificationChannel environment variable.

Step 6: Now configure the Qodex Monitor to run this collection periodically, or you can run the collection manually using Collection Runner or Newman. [Learn how to create a Qodex Monitor]

Results

You'll receive a Slack message containing leaked sensitive credentials in the slack workspace at the end of each monitor or collection run.

Notification Example

Supported Secrets / API Keys

This collection scan for the following secrets. You can add more secrets by adding a new regular expression in the regex environment variable.

  • Qodex API Key
  • Slack Token
  • Stripe API Key
  • Stripe Restricted API Key
  1. Scan Messages GET {{slackUrl}}/api/conversations.history?channel={{channelId}}&cursor={{cursor}}&latest={{latest}}&oldest={{oldest}}

  2. Join Channel GET {{slackUrl}}/api/conversations.join?channel={{channelId}}

  3. Send Report POST {{slackUrl}}/api/chat.postMessage

  4. Get Channels GET {{slackUrl}}/api/conversations.list?limit={{channelLimit}}&cursor={{channelCursor}}&exclude_archived={{excludeArchived}}&types={{channelTypes}}