01-10-2024, 11:51 PM
API-T00I utilization tools V1.2@PYkiller DingTalk, Enterprise WeChat, Feishu, Agent Settings, App_ Ld, T_ Access Token, App_ Secret, Get Token, Get Enterprise Information, Create New Account, Delete Account, Get Root Department List, Get Account Information, UserlD, Phone Number, Get Department User List, Open_ Department_ ID, username, administrator, position, system administrator, department ID
API-T00L Internet Manufacturer API Utilization Tool
Method of consumption
DingTalk
1. You must have AK and SK. Fill in to obtain the token
2. Building Users
The simplest way is to directly fill in a valid phone number and join the organization to log in to the company directly using the phone number. Don't make the userid too heavy, write it larger. The delete button is deleted based on the userid
3. Announce Fishing
Obtain administrator information and obtain administrator userid.
API-T00L Internet Manufacturer API Utilization Tool
Checking userid can obtain department id dept_ ID, only department announcements were made here, and in actual operation, posting announcements for individuals is not as effective as directly adding users for phishing.
Further announcements can be made regarding fishing
4. Get the application list, which will reveal some difficult to search assets that have not been registered.
WeCom
Compared to DingTalk, Enterprise WeChat has more restrictions. The application Corpsecret obtained after 22 years needs to have a whitelist set up and cannot be bypassed. And for the Corpsecret of the address book, it needs to be obtained separately.
1. Obtaining tokens using Corpid and Corpsecret
2. Create a new user, fill in a valid phone number, and join the organization to directly log in to the enterprise using the phone number.
API-T00L Internet Manufacturer API Utilization Tool
And add it and assign an email, which can be used for phishing through email and enterprise WeChat.
3. You can also join the enterprise by obtaining an invitation QR code.
anonymous letter
It is rarely used in practice and is generally used to hijack cookies for phishing purposes.
1. Get tenant_ Access_ Token
2. Create a new user, fill in a valid phone number, and join the organization to directly log in to the enterprise using the phone number.
Please note that open_ Department_ The ID is the department ID found in the query, and the user defaults to placing it in the root department, which is quite obvious. You can leave it in a small department.
3. Announcement issue, you can simply log in with your phone number and post it, but you haven't seen the API interface for posting announcements.
Download :
API-T00L Internet Manufacturer API Utilization Tool
Method of consumption
DingTalk
1. You must have AK and SK. Fill in to obtain the token
2. Building Users
The simplest way is to directly fill in a valid phone number and join the organization to log in to the company directly using the phone number. Don't make the userid too heavy, write it larger. The delete button is deleted based on the userid
3. Announce Fishing
Obtain administrator information and obtain administrator userid.
API-T00L Internet Manufacturer API Utilization Tool
Checking userid can obtain department id dept_ ID, only department announcements were made here, and in actual operation, posting announcements for individuals is not as effective as directly adding users for phishing.
Further announcements can be made regarding fishing
4. Get the application list, which will reveal some difficult to search assets that have not been registered.
WeCom
Compared to DingTalk, Enterprise WeChat has more restrictions. The application Corpsecret obtained after 22 years needs to have a whitelist set up and cannot be bypassed. And for the Corpsecret of the address book, it needs to be obtained separately.
1. Obtaining tokens using Corpid and Corpsecret
2. Create a new user, fill in a valid phone number, and join the organization to directly log in to the enterprise using the phone number.
API-T00L Internet Manufacturer API Utilization Tool
And add it and assign an email, which can be used for phishing through email and enterprise WeChat.
3. You can also join the enterprise by obtaining an invitation QR code.
anonymous letter
It is rarely used in practice and is generally used to hijack cookies for phishing purposes.
1. Get tenant_ Access_ Token
2. Create a new user, fill in a valid phone number, and join the organization to directly log in to the enterprise using the phone number.
Please note that open_ Department_ The ID is the department ID found in the query, and the user defaults to placing it in the root department, which is quite obvious. You can leave it in a small department.
3. Announcement issue, you can simply log in with your phone number and post it, but you haven't seen the API interface for posting announcements.
Download :
