In my previous post I talked about exporting and generating PDF report from Zaproxy output.
Now I want to have my bash script updated to share that report to my Slack channel.
Publish a file on Slack
The Slack app
- Go to api.slack.com.
- Click the "Your Apps" link at the top right.
- Authenticate, if you're not authenticated.
Set the App name, e.g. "Notifier", set the "Development Slack Workspace" and click the "Create App" button.
Scopes and Permissions
- Click the "OAuth & Permissions" menu item in the "Features" section, or the "Permissions" item in the "Add features and functionality" section. Scroll down to the "Scopes" section and under the "Bot Token Scopes", click the "Add an OAuth Scope" button. In the opened dropdown search and select the "files:write" permission.
In case if you're adding a scope to an existing Slack app that is installed to workspace (e.g. you may already have a Slack app for incoming webhooks), a big yellow alert may ask you to reinstall the app to apply changes. Click the "reinstall your app" link, specify a Slack channel, and click the "Allow" button.
- Scroll up and click the "Install App to Workspace" button.
You can see what permissions are given to the app. Because I've added the "files:write" scope, I'm allowing the app to upload, edit and delete files.
Click the "Allow" button.
- Copy and save the "Bot User OAuth Access Token".
Add the app to a channel
- Open the Slack app. In the Apps section click the bot name we've created. In the "Details" section, click the "More" button, then click the "Add this app to a channel...". Choose a channel and click the "Add" button.
File uploading via API
Before doing a call to the Slack API, we need to grab the ID of the channel we want to use to receive files. I couldn't figure out a better way to grab the channel ID, so if you know a better way - please share me a comment about that.
I simply used the web interface of the Slack app. URL contains a channel ID. Just choose the channel you want to use and grab the ID from URL (the last segment). It's something like
To test the file upload via slack API, we're going to use the
files.uploadendpoint. I'm using "curl" to do the call:
curl -F firstname.lastname@example.org -F "initial_comment=Example file" -F channels=<CHANNEL_ID>, <ANOTHER_CHANNEL_ID_IF_NEEDED> -H "Authorization: Bearer <BOT_USER_OAUTH_ACCESS_TOKEN>" https://slack.com/api/files.upload
It makes an attempt to upload the "example.txt" file to specified channels, and will add the "Example file" string to the actual slack message.
run-zap.sh bash script from my previous posts
I just need to add an appropriate curl call to the bash script, and it should be enough to have the report shared to my Slack channel.
Here is the updated gist:
If you'll use that script and will need to have slack notifications working, do not forget to replace placeholders with real channel ID and Bot User OAuth Access Token as a Bearer token. If you don't need slack notification - simply comment out that line.
The usage of the script is simple:
bash run-zap.sh http://example.org h4x0r X-Corp TopSecret
http://example.org parameter is the target host, "h4x0r" is the person/organization who prepared the report, and "X-Corp" is the one for whom the report has been prepared. And of course, the "TopSecret" is the project name. These extra parameters are used for the metadata of the report.
Top comments (2)
You can retrieve the Channel ID by right-clicking the channel, selecting "Channel Details" then scrolling to the bottom (dev-to-uploads.s3.amazonaws.com/up...). Thanks for the tutorial, this was very helpful!
is there any file size limit that we can upload?? i can see file sizes greater than 20MB are not getting uploaded to slack channel