emtunc/SlackPirate

UX inefficiency: folder is created even if there is no content harvested

kmmanoj opened this issue · 1 comments

kmmanoj commented

Unlike pinned messages, if the passwords, aws-keys.txt, private-keys, urls are not found it is not acknowledged properly.
In case of specific harvesting, such as for example only credential-scan an empty folder is created inspite of no harvested data.

Steps to reproduce

  • Replace CREDENTIAL_REGEX with a random value such that it does not match any message.
    CREDENTIAL_REGEX=r"lorem ipsum xyz abc mno"

    SlackPirate/SlackPirate.py

    Line 92 in 5014833

    CREDENTIALS_REGEX = r"(?i)(" \

    and replace CREDENTIALS_QUERIES with random value.
    CREDENTIALS_QUERIES = ["lorem"]

    SlackPirate/SlackPirate.py

    Line 38 in 5014833

    CREDENTIALS_QUERIES = ["password:", "password is", "pwd", "passwd"]
  • Run $ ./SlackPirate.py --token xoxs-xxxxx --credential-scan
  • Observe creation of a new folder but no passwords.txt created.
kmmanoj commented

A solution that I can think of is:
Before returning the control back to the main function, a cleanup function can remove the empty files and directories created as part of the process.