andrew-kline
commented
3 years ago @dxa4481 hi - discovered this as well. The regex for slack tokens here https://github.com/l4yton/RegHex seems to be more inclusive.
Open byo opened 6 years ago
andrew-kline
commented
3 years ago @dxa4481 hi - discovered this as well. The regex for slack tokens here https://github.com/l4yton/RegHex seems to be more inclusive.
dxa4481
commented
3 years ago Thanks for the reference, I'll update the regex
dxa4481
commented
3 years ago Added a few more letters in there (like reghex has) hopefully that covers them all, let me know what you think
Current regex for slack tokens seems to be to narrow to handle all slack tokens. I did check three leaked slack tokens (just search for xoxa or xoxp in all github issues), one of them obfuscated, others seem to be a correct ones which does not match the regex.
Also current regex does not match refresh tokens starting with xoxr (https://api.slack.com/docs/token-types).