Skip to main content

WeChat App Keys

Description#

General#

  • Documentation: https://open.weixin.qq.com/?lang=en
  • Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
  • IPs allowlist: This feature is not mentioned in the documentation.
  • Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.

Revoke the secret#

Credentials can be managed from the developer's console, under function/advanced/developer mode.

Check for suspicious activity#

This feature is not mentioned in the documentation.

Details for Wechat keys#

  • Family: Api

  • Category: Messaging system

  • Company: Tencent

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 186.54

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames:  - ^rss/  check_binaries: false  include_default_banlist_extensions: false  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - wx[a-f0-9]{16}

Examples#

- text: |    wechatuser = wxce38d37295f770f0    wechatkey = 8bdaebb9594bff61b28073d91213af23  client_id: wxce38d37295f770f0  client_secret: 8bdaebb9594bff61b28073d91213af23