WeChat App Keys

Description#

General#

Documentation: https://open.weixin.qq.com/?lang=en
Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
IPs allowlist: This feature is not mentioned in the documentation.
Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.

Revoke the secret#

Credentials can be managed from the developer's console, under function/advanced/developer mode.

Check for suspicious activity#

This feature is not mentioned in the documentation.

Details for `Wechat keys`#

Family: Api
Category: Messaging system
Company: Tencent
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 186.54
Prefixed: True
PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames:  - ^rss/  check_binaries: false  include_default_banlist_extensions: false  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - wx[a-f0-9]{16}

Examples#

- text: |    wechatuser = wxce38d37295f770f0    wechatkey = 8bdaebb9594bff61b28073d91213af23  client_id: wxce38d37295f770f0  client_secret: 8bdaebb9594bff61b28073d91213af23

Description#

General#

Revoke the secret#

Check for suspicious activity#

Details for Wechat keys#

Examples#

Details for `Wechat keys`#