WeChat App Keys

Description

General

• Documentation: https://open.weixin.qq.com/?lang=en
• Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
• IPs allowlist: This feature is not mentioned in the documentation.
• Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.

Revoke the secret

Credentials can be managed from the developer's console, under function/advanced/developer mode.

Check for suspicious activity

This feature is not mentioned in the documentation.

Details for WeChat App Keys

• Family: credentials

• Category: messaging_system

• Company: Tencent

• High recall: False

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 2

• Occurrences found for one million commits: 16.83

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames:
    - ^rss/
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - wx[a-f0-9]{16}

Examples

- text: |
    wechatuser = wxce38d37295f770f0
    wechatkey = 8bdaebb9594bff61b28073d91213af23
  client_id: wxce38d37295f770f0
  client_secret: 8bdaebb9594bff61b28073d91213af23