Twitter Access Keys
#
Description#
General- Documentation: https://developer.twitter.com/en/docs/twitter-api
- Summary: Twitter is a social network on which user post and interact with messages known as "tweets". Twitter exposes an API to programmatically interact with the platform. To access the API, the developer must apply for a developer account and generate a set of
client_id
andclient_secret
from its developer dashboard. This set of credentials must be passed with each request. This detector focuses on catching these credentials. Alongside application credentials, user access tokens are frequently found. They are a second set of credentials granting access to a Twitter user account. They can be used to send tweets or direct messages in the name of this user. - IPs allowlist: This feature is currently not supported.
- Scopes: Each Twitter developer App has its own set of access permissions : read, read/write, read/write/direct messages.
#
Revoke the secretEach App's credentials can be managed from the developer's dashboard.
#
Check for suspicious activitySome usage metrics are displayed on the home page of the developer's dashboard. They could be used to detect suspicious activities. If user access tokens accompany the application credentials, the related account should be reviewed.
Twitter tokens
#
Details for Family: Api
Category: Social network
Company: Twitter
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 19.46
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - secret- type: ContentWhitelistPreValidator patterns: - consumer - twitter- type: ContentWhitelistPreValidator patterns: - key
#
Examples- text: | from tweepy.streaming import StreamListener
consumer_key = 'qgmlPcoo2F3Ws6LWJLmuTgOVa' consumer_secret = 'sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa'
client_id: qgmlPcoo2F3Ws6LWJLmuTgOVa client_secret: sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa
- text: | // Your Twitter App Consumer Key private $consumer_key = 'B3khhhiCGZl2tPnNcwBA';
// Your Twitter App Consumer Secret private $consumer_secret = '5bDnGvuoR62Lv5VtVdZmRASE3n4SpvdnxiT45CXKvH';
client_id: B3khhhiCGZl2tPnNcwBA client_secret: 5bDnGvuoR62Lv5VtVdZmRASE3n4SpvdnxiT45CXKvH
- text: | // Twitter creds consumer_api_key = '6TKONeTEZTLo9QWcUohTf6rhv' consumer_api_secret = 'LG4y1E2aexUNql425UcQ6ZEvoyHk1ZGKzHkhLofMV7qZhhGuRm'
client_id: 6TKONeTEZTLo9QWcUohTf6rhv client_secret: LG4y1E2aexUNql425UcQ6ZEvoyHk1ZGKzHkhLofMV7qZhhGuRm
- text: | consumer_key = 'NciwXkL6Mn0Qc40NUCLO0UK5n' consumer_key_secret = 'UVfL5LybAVJmhi8r4rFF7qKLcjfm0Hj8QdCAQSWOeChstJpWnK'
client_id: NciwXkL6Mn0Qc40NUCLO0UK5n client_secret: UVfL5LybAVJmhi8r4rFF7qKLcjfm0Hj8QdCAQSWOeChstJpWnK
- text: | twitter_consumer_key: PzODTWGMm9WbVipndYPFVlrF3 twitter_consumer_secret: k6TUVIzdCEnPYrfEYPeazMmHLOp5bInKft9SRxwO7rUX3bXrs9
client_id: PzODTWGMm9WbVipndYPFVlrF3 client_secret: k6TUVIzdCEnPYrfEYPeazMmHLOp5bInKft9SRxwO7rUX3bXrs9
- text: | SOCIAL_AUTH_TWITTER_KEY = 'Zt4NxBbZuNYON111Wbsgy1RAp' SOCIAL_AUTH_TWITTER_SECRET = 'FPO5PfZLLLLxce55ubI1a5pcFEam9999z7bG8GCa8aXXnmbjgQ'
client_id: Zt4NxBbZuNYON111Wbsgy1RAp client_secret: FPO5PfZLLLLxce55ubI1a5pcFEam9999z7bG8GCa8aXXnmbjgQ
- text: | var twitter_application_consumer_key = 'GBcpYu4bs6aYyAHskronTMpsu'; // API Key var twitter_application_secret = 'JNUbeTP2iP31qzFdfM4tUDvieSSopxyDRw35CWrfpiQDYwTTXV'; // API Secret
client_id: GBcpYu4bs6aYyAHskronTMpsu client_secret: JNUbeTP2iP31qzFdfM4tUDvieSSopxyDRw35CWrfpiQDYwTTXV
- text: | "consumer_key = \"k0bMQjP8ChDxhVyT5XyYUJdIE\"\n", "consumer_secret = \"HczZWqoHIDn0Y7aBMAIsN8pHT93quwu2y5g9n5f9R8GxrtoIt4\"\n",
client_id: k0bMQjP8ChDxhVyT5XyYUJdIE client_secret: HczZWqoHIDn0Y7aBMAIsN8pHT93quwu2y5g9n5f9R8GxrtoIt4
- text: | 'consumerKey' : 'EqjtdUeioUB9a2w9E0AN1jH0v', 'consumerSecret' : 'eravWvAwtyNkwSEeVKU5V9N8bxthyTK8Cf9kO43zdd7tcfErCz',
client_id: EqjtdUeioUB9a2w9E0AN1jH0v client_secret: eravWvAwtyNkwSEeVKU5V9N8bxthyTK8Cf9kO43zdd7tcfErCz
- text: | protected static String consumerKey;// = "qib1QsiJfYwxpPKg3L91F9KEV"; protected static String consumerSecret;// = "tMXnB2zA7u24eGUBCN1PmaE2U0HTcZCE4I6EywJha2kmrYqv3K";
client_id: qib1QsiJfYwxpPKg3L91F9KEV client_secret: tMXnB2zA7u24eGUBCN1PmaE2U0HTcZCE4I6EywJha2kmrYqv3K
- text: | <string name="twitter_consumer_key" translatable="false">Jx68cnKTtJqaiddkDMw93iXzr</string> <string name="twitter_consumer_secret" translatable="false">bZZLPsgd2saqOpKGggp4imOwDbfRWkVF59F5V2Kk84fzcCAlMx</string>
client_id: Jx68cnKTtJqaiddkDMw93iXzr client_secret: bZZLPsgd2saqOpKGggp4imOwDbfRWkVF59F5V2Kk84fzcCAlMx
- text: | -Consumer Key (API Key) wlkdDebpVpSzXe9T28fzbzyGg -Consumer Secret (API Secret) DfwVXEVCH6Vi4hI7gfVH2MKMm3UrM0F5n0X7r8CVMQvqDUe82r
client_id: wlkdDebpVpSzXe9T28fzbzyGg client_secret: DfwVXEVCH6Vi4hI7gfVH2MKMm3UrM0F5n0X7r8CVMQvqDUe82r
- text: | #Twitter Production #TWITTER_CONSUMER_KEY = 'BvWr1TT7VdI9bVHORk0A0Z4dV' #TWITTER_CONSUMER_SECRET = 'rfOt4u5m21ktdkq5bFvHkov36og0v9CcI26vjhcJuho6dFus5g'
client_id: BvWr1TT7VdI9bVHORk0A0Z4dV client_secret: rfOt4u5m21ktdkq5bFvHkov36og0v9CcI26vjhcJuho6dFus5g- text: | from tweepy.streaming import StreamListener consumer_key = 'qgmlPcoo2F3Ws6LWJLmuTgOVa' consumer_secret = 'sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa'
client_id: qgmlPcoo2F3Ws6LWJLmuTgOVa client_secret: sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa