nuclei-templates/tokens/slack-access-token.yaml

29 lines
656 B
YAML

id: slack-access-token
# xoxp-702234529XXX-688970480XXX-109182524XXXX-87fa5b4d2e62ac5c16fc6ea93bXXXXXX
# xoxb-702234529XXX-1076883857XXX-Ou9aRuvtFZ4DuTsepevXXXXX
info:
name: Slack access token
author: nadino
severity: medium
requests:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "xoxp-[0-9A-Za-z\\-]{72}" # Person
- "xoxb-[0-9A-Za-z\\-]{51}" # Bot
extractors:
- type: regex
part: body
regex:
- "xoxp-[0-9A-Za-z\\-]{72}"
- "xoxb-[0-9A-Za-z\\-]{51}"