slack-watchman
by PaperMtn
Slack Watchman is a tool that uses the Slack API to detect exposed secrets and enumerate sensitive workspace information for security teams.
Slack enumeration and exposed secrets detection tool
Primary Use Case
Slack Watchman is primarily used by red, blue, and purple teams to monitor Slack workspaces for exposed secrets such as API keys, tokens, and sensitive personal or financial data. It helps security professionals identify and remediate potential leaks and misconfigurations in Slack environments by providing detailed enumeration and time-based searching capabilities.
- Detection of exposed API keys, tokens, and service accounts across multiple platforms (AWS, Azure, GCP, Slack, GitHub, etc.)
- Identification of sensitive files including certificates, executables, and config files for popular services
- Detection of personal data leaks such as passwords, passport numbers, and social security numbers
- Financial data detection including Paypal tokens, bank card details, and IBAN numbers
- Time-based searching with configurable lookback periods (24 hours, 7 days, 30 days, all time)
- Enumeration of users, admins, conversations (including externally shared and Slack Canvas), and workspace authentication options
- Unauthenticated probe mode to gather workspace metadata and authentication configurations without a token
- Automatic updating of detection signatures from a central repository
Installation
- Ensure Python 2.7 or 3.x is installed
- Install Slack Watchman via pip: pip install slack-watchman
- Optionally configure watchman.conf for tokens, URLs, and disabled signatures
Usage
>_ slack-watchman --probe https://domain.slack.comRun Slack Watchman in unauthenticated probe mode to enumerate workspace metadata and authentication options without requiring a token.
- Integrate Slack Watchman into continuous monitoring pipelines for proactive detection of leaked secrets.
- Use unauthenticated probe mode to map workspace security posture before engagement or defense.
- Combine findings with SIEM tools to automate alerting on exposed sensitive data in Slack.
- Leverage time-based searching to track secret exposure trends and effectiveness of remediation efforts.
- Incorporate Slack Watchman scans into purple team exercises to validate detection and response capabilities.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about slack-watchman. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
vaultwarden
dani-garcia/vaultwarden
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
authelia
authelia/authelia
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
keepassxc
keepassxreboot/keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
infisical
Infisical/infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
authentik
goauthentik/authentik
The authentication glue you need.
teleport
gravitational/teleport
The easiest, and most secure way to access and protect all of your infrastructure.