WeChat App Keys
#
Description#
General- Documentation: https://open.weixin.qq.com/?lang=en
- Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.
#
Revoke the secretCredentials can be managed from the developer's console, under function/advanced/developer mode
.
#
Check for suspicious activityThis feature is not mentioned in the documentation.
Wechat keys
#
Details for Family: Api
Category: Messaging system
Company: Tencent
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 186.54
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: - ^rss/ check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - wx[a-f0-9]{16}
#
Examples- text: | wechatuser = wxce38d37295f770f0 wechatkey = 8bdaebb9594bff61b28073d91213af23 client_id: wxce38d37295f770f0 client_secret: 8bdaebb9594bff61b28073d91213af23