Merge pull request #52 from lawndoc/slack-webhook #minor

Slack webhook
lawndoc · Jul 17, 2024 · 6694938 · 6694938
2 parents 18fdf4c + ff576f4
commit 6694938
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 1 deletion.
diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,5 @@
 scapy @ https://github.com/secdev/scapy/archive/refs/heads/master.zip
 requests==2.32.2
 discord-webhook
-urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+urllib3>=2.2.2 # not directly required, pinned by Snyk to avoid a vulnerability
+slack_sdk
diff --git a/respotter.py b/respotter.py
@@ -15,6 +15,7 @@
 from time import sleep
 from utils.teams import send_teams_message
 from utils.discord import send_discord_message
+from utils.slack import send_slack_message
 import logging
 import logging.config
 import logging.handlers
@@ -112,6 +113,9 @@ def webhook_responder_alert(self, responder_ip):
         if "discord" in self.webhooks:
             send_discord_message(self.webhooks["discord"], title=title, details=details)
             self.log.info(f"[+] Alert sent to Discord for {responder_ip}")
+        if "slack" in self.webhooks:
+            send_slack_message(self.webhooks["slack"], title=title, details=details)
+            self.log.info(f"[+] Alert sent to Slack for {responder_ip}")
         self.responder_alerts[responder_ip] = datetime.now()
         with self.state_lock:
             with open("state/state.json", "r+") as state_file:
@@ -136,6 +140,9 @@ def webhook_sniffer_alert(self, protocol, requester_ip, requested_hostname):
         if "discord" in self.webhooks:
             send_discord_message(self.webhooks["discord"], title=title, details=details)
             self.log.info(f"[+] Alert sent to Discord for {requester_ip}")
+        if "slack" in self.webhooks:
+            send_slack_message(self.webhooks["slack"], title=title, details=details)
+            self.log.info(f"[+] Alert sent to Slack for {requester_ip}")
         if requester_ip in self.vulnerable_alerts:
             self.vulnerable_alerts[requester_ip][protocol] = datetime.now()
         else:

diff --git a/utils/slack.py b/utils/slack.py
@@ -0,0 +1,37 @@
+from slack_sdk import WebhookClient
+from slack_sdk.errors import SlackApiError
+import time
+
+def send_slack_message(webhook_url, title, details):
+    client = WebhookClient(webhook_url)
+    try:
+        response = client.send(
+            text=f"{title}\n{details}",
+            blocks=[
+                {
+                    "type": "image",
+                    "image_url": "https://github.com/lawndoc/Respotter/main/assets/respotter_logo.png",
+                    "alt_text": "Respotter"
+                },
+                {  
+                    "type": "section",
+                    "text": {
+                        "type": "mrkdwn",
+                        "text": f"_*{title}*_\n\n{details}",
+                    }
+                }
+            ]
+        )
+        if response.status_code == 200:
+            print("Message sent successfully")
+    except SlackApiError as e:        
+        if e.response.status_code == 429:
+            # Slack rate limits to one message per channel per second, with short bursts of >1 allowed
+            retry_after = int(e.response.headers['Retry-After'])
+            print(f"Rate limited. Retrying in {retry_after} seconds")
+            time.sleep(retry_after)
+            response = client.send(
+                text=f"{title}\n{details}"
+                )   
+        else :
+            print(f"Failed to send message: {e.response.status_code}")