Discord module

[clouedoc]

Hi!

First of all, thank you very much for your work on SpiderFoot. I am looking forward to using it to evaluate my attack surface.

I'm interested in writing a Discord module.

(possible) features:

• get all the users of a given Discord servers
• get all the linked social media accounts of a given Discord user
• extract information from the messages of a Discord user on shared servers

[smicallef]

Interesting idea - what would be the seed event in such a module to trigger its search?

[clouedoc]

The seed event would be a Discord server URL (gets a list of members) or a Discord username. Both would require a Discord user token in the config.

On Mon, Apr 4, 2022 at 8:25 AM Steve Micallef @.***> wrote:

Interesting idea - what would be the seed event in such a module to trigger its search?

— Reply to this email directly, view it on GitHub https://github.com/smicallef/spiderfoot/issues/1640#issuecomment-1087164829, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKG2SVPIGIGCL66DB4JVF3VDKDMTANCNFSM5SKC6BDQ . You are receiving this because you authored the thread.Message ID: @.***>

[Omicron166]

if this project ends up becoming something, i think adding discord specific events (like discord id) would be a good idea.

I know that the discord.js bots can fetch user info (like username) from a discord id without the requirement of having servers in common.

[smicallef]

Since a discord URL cannot be provided as a scan target in SpiderFoot, this discord server URL would come from the target website (for example), so that would work. What value does a user get from having the list of users on a given discord server though, from an OSINT perspective?

[Omicron166]

only users can join a server throught an invitation, but when joined, you can get a list of users with their social media connections (like spotify or youtube channel) and a username.

Also if you have a bot token, you can fetch a bit more info about an user by it's ID, even without having servers in common.