Skip to main content

WeChat App Keys

Description#

General#

  • Documentation: https://open.weixin.qq.com/?lang=en
  • Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
  • IPs allowlist: This feature is not mentioned in the documentation.
  • Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.

Revoke the secret#

Credentials can be managed from the developer's console, under function/advanced/developer mode.

Check for suspicious activity#

This feature is not mentioned in the documentation.

Details for Wechat keys#

  • Category: Messaging system

  • Company: Tencent

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 18.55

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames:  - ^rss/  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - wx[a-f0-9]{16}

Examples#

- text: >    wechatuser = wxce38d37295f770f0    wechatkey = 8bdaebb9594bff61b28073d91213af23  client_id: wxce38d37295f770f0  client_secret: 8bdaebb9594bff61b28073d91213af23