Spade-sec / First

Public

WMPFDebugger 二开微信小程序多功能集成工具

69% credibility

Found Apr 03, 2026 at 93 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

A desktop tool that lets you inspect, navigate, and analyze WeChat mini programs through a user-friendly dashboard and browser connection.

How It Works

🔍 Discover the tool

You hear about a handy helper for peeking inside WeChat mini apps to test and explore them safely.

📥 Get it ready

Download the program and open its simple dashboard on your computer.

▶️ Start exploring

Click the big Start button to link it to your open WeChat and begin debugging a mini app.

🌐 Connect your browser

Paste a special web address into Chrome to see the mini app's inner workings like a live map.

🧭 Navigate and check

Jump between pages with one click, watch cloud functions in action, and scan for security tips.

✅ Unlock insights

You now understand the mini app completely, spotting issues and secrets with ease.

Sign up to see the full architecture

4 more

Star Growth

See how this repo grew from 93 to 93 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is First?

First is a Python-based debugger for WeChat mini-programs that hooks into the WeChat client via Frida to proxy CDP traffic, letting you connect Chrome DevTools directly for inspection. It solves the pain of debugging opaque mini-apps by enabling route enumeration, one-click navigation to any page, cloud function call monitoring with parameter analysis, and UserScript injection on URL match. Run it in GUI mode for a control panel with dark/light themes or CLI for scripts like `python main.py --debug-port 9421`.

Why is it gaining traction?

Unlike basic Frida hooks, First delivers first class integration with Chrome DevTools, auto-injecting scripts first come first serve on page load and blocking debugger traps for smooth sessions. Developers grab it for the built-in security scanner generating reports and cloud audit tools that capture real invocations—features rivals lack without heavy setup. With 93 stars, it's pulling first github contributions from security folks chasing first blood on mini-app vulns.

Who should use this?

Security researchers auditing WeChat mini-programs for data leaks or first responder teams probing cloud functions in production apps. Reverse engineers needing to enumerate routes without manual taps, or pentesters wanting quick UserScript hooks for bypasses like debugger detection. Skip if you're not targeting Tencent's ecosystem.

Verdict

Grab it if WeChat mini-apps are your battlefield—solid for targeted audits despite low 93 stars and 0.7% credibility score signaling early-stage maturity. Polish the docs and add tests to hit first github repo escape velocity.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 93 stars

Penalty: Very new repo (0d): -70%

Penalty: AI uncertain (70%): -90%

Penalty: New repo with many stars: -90% (possible fake)

Account age: 104 days

Repo age: 0 days

Updated: Apr 03, 2026