[Enhancement] Use this to add/vote for new data sources/scans

Question

[Enhancement] Use this to add/vote for new data sources/scans

emtunc opened this issue 6 years ago · 8 comments

Let's use this ticket to add and vote on new scan types and data sources that can be added to the tool.

Most voted comments are prioritised first.

Answer 1 · 2019-01-10T00:08:26.000Z

Slack tokens - look for Slack tokens that may have been leaked within a Slack Workspace. This could allow an attacker to pivot to a more privileged user or someone whose account can be used to phish other users for example.

Answer 2 · 2019-01-10T00:19:03.000Z

Github tokens - unless there's a unique way to differentiate these from other 40 character strings then this might introduce some false positives. Worth a try though.

Answer 3 · 2019-01-10T00:21:35.000Z

Azure secret keys

Answer 4 · 2019-01-10T00:22:01.000Z

Google Cloud Platform secret keys

Answer 5 · 2019-01-10T00:22:48.000Z

Password and/or tokens in URLs

Answer 6 · 2019-01-10T00:42:37.000Z

Pull the content of pinned items in each channel. Often times these are solutions for recurring problems within a team ("what was the GOCD login?", "Where are the Chef credentials?")

Answer 7 · 2019-01-11T01:30:16.000Z

API Reference for listing pinned items: https://api.slack.com/methods/pins.list

May also require listing channels (https://api.slack.com/methods/channels.list) as the channel with the pinned items must be specified

Answer 8 · 2019-01-14T10:11:02.000Z

API Reference for listing pinned items: https://api.slack.com/methods/pins.list

May also require listing channels (https://api.slack.com/methods/channels.list) as the channel with the pinned items must be specified

This has been implemented in #4c28daf