Skip to main content

WeChat App Keys

Description

General

  • Documentation: https://open.weixin.qq.com/?lang=en
  • Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
  • IPs allowlist: This feature is not mentioned in the documentation.
  • Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.

Revoke the secret

Credentials can be managed from the developer's console, under function/advanced/developer mode.

Check for suspicious activity

This feature is not mentioned in the documentation.

Details for Wechat keys

  • Family: Api

  • Category: Messaging system

  • Company: Tencent

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 186.54

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames:
- ^rss/
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- wx[a-f0-9]{16}

Examples

- text: |
wechatuser = wxce38d37295f770f0
wechatkey = 8bdaebb9594bff61b28073d91213af23
client_id: wxce38d37295f770f0
client_secret: 8bdaebb9594bff61b28073d91213af23

How can I help you ?