WeChat App Keys
Description
General
- Documentation: https://open.weixin.qq.com/?lang=en
- Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.
Revoke the secret
Credentials can be managed from the developer's console, under function/advanced/developer mode
.
Check for suspicious activity
This feature is not mentioned in the documentation.
Details for Wechat keys
Family: Api
Category: Messaging system
Company: Tencent
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 186.54
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames:
- ^rss/
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- wx[a-f0-9]{16}
Examples
- text: |
wechatuser = wxce38d37295f770f0
wechatkey = 8bdaebb9594bff61b28073d91213af23
client_id: wxce38d37295f770f0
client_secret: 8bdaebb9594bff61b28073d91213af23