def exported(self):
# TODO: this function is pretty sloppy and should be refactored
info("Scanning Slack 'Exported Data' directory: {}".format(
self.args.get('exported_dir')))
users_json = os.path.join(self.args.get('exported_dir'), 'users.json')
channels_json = os.path.join(self.args.get('exported_dir'),
'channels.json')
if not os.path.exists(users_json) or not os.path.exists(channels_json):
error(
"users.json or channels.json does not exist in directory: {}".
format(self.args.get('exported_dir')))
return
with db_session:
with open(users_json, 'r') as fp:
for user in json.load(fp):
if User.select(
lambda u: u.id == user.get('id')).count() == 0:
User.from_dict(user)
with open(channels_json, 'r') as fp:
for convo in json.load(fp):
if Conversation.select(
lambda c: c.id == convo.get('id')).count() == 0:
Conversation.from_dict(convo)
onlydirs = [
f for f in listdir(self.args.get('exported_dir'))
if not isfile(join(self.args.get('exported_dir'), f))
]
for dir in onlydirs:
res = Conversation.select(lambda c: dir == c.name)
if res.count() == 1:
channel = res.first().id
elif Conversation.select(lambda c: dir == c.id).count() == 1:
channel = dir
else:
error(
"Cant determine channel/conversation id for exported directory: {}"
.format(dir))
continue
json_files = glob.glob(
os.path.join(self.args.get('exported_dir'), dir, '*.json'))
pbar = tqdm(total=len(json_files), unit="day", unit_divisor=1)
pbar.set_description(Style.RESET_ALL + "[ ] {}".format(dir))
for file in json_files:
with open(file, 'rb') as json_fp:
for message in json.load(json_fp):
message['channel'] = channel
self.secrets.scan_message(message)
pbar.update(1)
pbar.close()
def history(self):
info("Starting historical conversation scanning")
convos = self.slacker.get_convos()
pbar = tqdm(total=len(convos), unit="channel", unit_divisor=1)
for convo in convos:
convo_name = convo['name'] if 'name' in convo and convo[
'name'] is not None else convo['id']
pbar.set_description(Style.RESET_ALL + "[ ] {}".format(convo_name))
self.slacker.process_convo_history(convo['id'],
self.secrets.scan_message)
pbar.update(1)
pbar.close()
def init(self):
self.slacker = SlackWrapper(self.args['token'])
info("Initializing secrets engine")
self.secrets = Secrets(rule_dirs=pkg_resources.resource_filename(
'slacksecrets', 'rules'),
reporting_callback=self.report_match)
self.args['db_name'] = "%s.db" % self.slacker.generate_db_name()
self.args['is_free'] = self.slacker.is_free_plan
dump_config(self.args)
db_abs_path = os.path.join(self.args.get('db_path'),
self.args.get('db_name'))
db.bind(provider='sqlite', filename=db_abs_path, create_db=True)
db.generate_mapping(create_tables=True)
if not self.args.get('skip_db_update', False):
self.update_db()
def __init__(self, rule_dirs=None, default_externals=None, reporting_callback=None):
if rule_dirs is None:
rule_dirs = []
elif isinstance(rule_dirs, str):
rule_dirs = [rule_dirs]
if default_externals is None:
default_externals = {'filename': ''}
if reporting_callback is None:
reporting_callback = self.print_terminal_reporting_callback
self.default_externals = default_externals
self.rules_dirs = rule_dirs
self.reporting_callback = reporting_callback
# compile the YARA rules so we can use them for matches
rules_filepaths = build_rules_filepaths(self.rules_dirs)
rule_count = len(rules_filepaths.keys())
if rule_count > 0:
info("Compiled {} rules".format(rule_count))
else:
warning("Compiled {} rules".format(rule_count))
self.compiled_rules = yara.compile(filepaths=rules_filepaths, externals=self.default_externals)
def update_db(self):
with db_session:
info("Updating Users in database")
for user in self.slacker.get_users():
if User.select(lambda u: u.id == user.get('id')).count() == 0:
User.from_dict(user)
info("Updating Conversations/Channels in database")
for convo in self.slacker.get_convos():
if Conversation.select(
lambda c: c.id == convo.get('id')).count() == 0:
Conversation.from_dict(convo)
info("Updating Finding permalinks in database")
findings = Finding.select(lambda f: f.permalink == '')
for finding in findings:
finding.permalink = self.slacker.get_permalink(
finding.channel, finding.ts)
commit()
def live(self):
info("Starting Real-Time Message monitoring")
rtm_client = slack.RTMClient(token=self.args.get('token'))
rtm_client.start()