|
| 1 | +#!/usr/bin/env python3 |
| 2 | + |
| 3 | +from slackclient import SlackClient |
| 4 | +import requests |
| 5 | +import time |
| 6 | + |
| 7 | +# Taken here : https://api.slack.com/custom-integrations/legacy-tokens |
| 8 | +SLACK_TOKEN = "" |
| 9 | + |
| 10 | +# Available in the HTML source code of https://[team].slack.com/admin |
| 11 | +WEB_SLACK_TOKEN = "" |
| 12 | + |
| 13 | +# Channel containing the members we want to deactivate |
| 14 | +DEST_CHANNEL = "general" |
| 15 | + |
| 16 | +# Team Slack domain |
| 17 | +SLACK_DOMAIN = "opentoallctf.slack.com" |
| 18 | + |
| 19 | +def channel_id_by_name(client, name): |
| 20 | + """ Fetch channel ID for a given channel name. """ |
| 21 | + |
| 22 | + output = client.api_call("channels.list") |
| 23 | + channels = output['channels'] |
| 24 | + |
| 25 | + channel_id = '' |
| 26 | + for channel in channels: |
| 27 | + if channel['name'] == name: |
| 28 | + return channel['id'] |
| 29 | + |
| 30 | + return None |
| 31 | + |
| 32 | +def get_all_users(client): |
| 33 | + """ Fetch all users in the team. Includes deleted/deactivated users. """ |
| 34 | + |
| 35 | + output = client.api_call("users.list") |
| 36 | + return output['members'] |
| 37 | + |
| 38 | +sc = SlackClient(SLACK_TOKEN) |
| 39 | + |
| 40 | +channel_id = channel_id_by_name(sc, DEST_CHANNEL) |
| 41 | + |
| 42 | +if not channel_id: |
| 43 | + print("[!] No channel ID found for channel '{}'.".format(DEST_CHANNEL)) |
| 44 | + |
| 45 | +print("[*] Found channel {} ({}).".format(DEST_CHANNEL, channel_id)) |
| 46 | + |
| 47 | +# Get all members |
| 48 | +members = get_all_users(sc) |
| 49 | +members = dict([(member['id'], member) for member in members]) |
| 50 | + |
| 51 | +# Get members in channel |
| 52 | +output = sc.api_call("channels.info", channel=channel_id) |
| 53 | +members_in_channel = output['channel']['members'] |
| 54 | + |
| 55 | +# Filter out bots and deactivated users. |
| 56 | +members_to_deactivate = [] |
| 57 | +for member_id in members_in_channel: |
| 58 | + is_deactivated = members[member_id]['deleted'] |
| 59 | + is_bot = members[member_id]['is_bot'] |
| 60 | + |
| 61 | + if not is_deactivated and not is_bot: |
| 62 | + members_to_deactivate.append(member_id) |
| 63 | + |
| 64 | +# Deactivate members. |
| 65 | +# Member deactivation through the slack API is only available for premium teams. |
| 66 | +# We can bypass this restriction by using a different API endpoint. |
| 67 | +# The code below simulates an admin manually deactivating users through the |
| 68 | +# ... web interface. |
| 69 | +print("[*] Deactivating {} members.".format(len(members_to_deactivate))) |
| 70 | +deactivate_url = "https://{}/api/users.admin.setInactive".format(SLACK_DOMAIN) |
| 71 | +for member_id in members_to_deactivate: |
| 72 | + |
| 73 | + username = members[member_id]['profile']['display_name'] |
| 74 | + data = { "user" : member_id, "token": WEB_SLACK_TOKEN } |
| 75 | + headers = { "Content-Type" : "application/x-www-form-urlencoded" } |
| 76 | + response = requests.post(deactivate_url, data=data, headers=headers) |
| 77 | + |
| 78 | + print("[*] Kicking {} : {}".format(repr(username), member_id)) |
| 79 | + print(response.text) |
| 80 | + |
| 81 | + # Prevent Slack's rate limiting |
| 82 | + time.sleep(1) |
0 commit comments