xjzhi

xjzhi / MPScan

Public

MPScan 是一款为安全研究人员与开发者设计的 Windows GUI 一体化工具,专用于对微信小程序进行自动化安全审计。

88
6
100% credibility
Found Apr 22, 2026 at 88 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

A desktop tool that monitors WeChat mini program downloads, unpacks their hidden code, and scans for exposed sensitive data like secrets and keys.

How It Works

1
🔍 Discover MPScan

You hear about a handy tool that checks WeChat mini apps for hidden security risks like leaked passwords.

2
💻 Open the program

Double-click the app to launch a simple window with folders to pick and buttons to press.

3
📁 Pick your folders

Choose the WeChat mini apps download spot to watch and a safe place to save the clean results.

4
▶️ Start watching

Hit the big green button and feel excited as it begins guarding your apps automatically.

5
📊 Watch it work

See live updates in the log as new apps get unpacked and checked for secrets.

6
Spot the issues

A colorful list pops up showing any risky info found, with code previews to understand.

🎉 Get your report

Export the full list of findings to review and stay safe from sneaky app secrets.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 88 to 88 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is MPScan?

MPScan is a Windows GUI scanner built in Go that automates security audits for WeChat mini-programs. Point it at your WeChat Files/Applet folder—it watches for new wx* directories or .wxapkg files, decrypts and unpacks them into readable JS, JSON, and HTML (with optional beautification), then scans for leaked secrets like AppSecrets, cloud API keys, database URLs, and tokens. Get mpscan results in a color-coded table with code previews, risk stats, and CSV export; check mpscan status via logs or start/stop mpscan with one click.

Why is it gaining traction?

Unlike manual decompilers or generic code scanners, MPScan handles WeChat's specific encryption (PBKDF2-AES with wxid-derived keys) out of the box, plus real-time folder watching for fresh mini-apps. The clean GUI beats CLI tools—no mpscan powershell scripting needed—and it queries app names online for context, surfacing mpscan history instantly. Devs grab the mpscan exe for quick "start mpscan" sessions without setup hassle.

Who should use this?

Security researchers reverse-engineering WeChat mini-apps for vulnerabilities, pentesters auditing client-side leaks in Chinese apps, or compliance teams scanning enterprise WeChat deployments. Ideal if you're dissecting competitor mini-programs or hardening your own against hardcoded creds.

Verdict

Grab it if WeChat mini-app auditing is your niche—solid for targeted scans despite 88 stars and 1.0% credibility score signaling early maturity. Docs are README-only with examples; test on non-prod data first, as it's Go-fast but unproven at scale.

(187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.