- Documentation: https://api.slack.com
- Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. Slack allows these applications to act directly on behalf of users in the communication channels by providing the applications with a user token after an OAuth2 authorization flow. This detector focuses on catching these Slack user tokens. GitGuardian also detects application keys.
- IPs allowlist: Slack's internal integrations support IPs allowlisting and will limit a token's usage to a given set of IP addresses if enforced. See allowlisting documentation for more details.
- Scopes: User tokens represent the same access a user has to a workspace: the channels, conversations, users, reactions, etc. they can see.
Tokens can be revoked using the
auth.revoke api route. It is one of the few credentials that has this "auto revoke" feature. See revocation documentation for more details.
Monitoring suspicious activity of a given token is not mentioned in Slack's documentation.
Category: Messaging system
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 3.45
- type: ContentWhitelistPreValidator patterns: - xox[ps]-
- text: > token = "xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef" apikey: xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef- text: > slack_old_token = "xoxs-416843729158-132049654-5609968301-e708ba56e1" apikey: xoxs-416843729158-132049654-5609968301-e708ba56e1