amon is a hacking tool for maintaining access to accounts using oauth tokens, instead of passwords.
amon is a hacking tool for maintaining access to accounts using oauth tokens, instead of passwords. I described the general idea here. amon was made in a 8 hour hackathon at SDSLabs
NOTE: The live demo allows you to authorize against your own account. To prevent your account from being hacked, please authorize against a test slack team. (The demo includes a live token from my test slack account, so you can browse around).
amon uses sqlite in development and pg in production. The following environment variables are expected to be present:
SLACK_ID=Slack application ID
SLACK_SECRET=Slack application secret
In addition, DATABASE_URL
(postgres) is used in production. In development, you can use a .env
file in project root, and it will be used automatically.
While setting up your application at slack, the redirect URI must be https://example.com/auth/slack/callback
. You can set multiple redirect uris for develpment and production.
For setting up your application at google, set the following:
https://example.com/auth/google/callback
amon is a tool for pen-testing. Don't use it to attack targets without their knowledge. amon's goal is to make you smarter, not to help you to get into trouble, because we won’t be there to get you out. If you do things illegally, you can be caught and put in jail!.
Licenced under the MIT Licence