diff --git a/pkg/recon/sources/censys_test.go b/pkg/recon/sources/censys_test.go
new file mode 100644
index 0000000..7e00e55
--- /dev/null
+++ b/pkg/recon/sources/censys_test.go
@@ -0,0 +1,130 @@
+package sources
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/salvacybersec/keyhunter/pkg/recon"
+)
+
+func censysStubHandler(t *testing.T, calls *int32) http.HandlerFunc {
+	t.Helper()
+	return func(w http.ResponseWriter, r *http.Request) {
+		atomic.AddInt32(calls, 1)
+		if r.URL.Path != "/v2/hosts/search" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+		if r.Method != http.MethodPost {
+			t.Errorf("expected POST, got %s", r.Method)
+		}
+		user, pass, ok := r.BasicAuth()
+		if !ok || user != "testid" || pass != "testsecret" {
+			t.Errorf("missing/wrong basic auth: user=%q pass=%q ok=%v", user, pass, ok)
+		}
+		body := map[string]any{
+			"result": map[string]any{
+				"hits": []map[string]any{
+					{"ip": "10.0.0.1", "services": []map[string]any{{"port": 443, "service_name": "HTTP"}}},
+					{"ip": "10.0.0.2", "services": []map[string]any{{"port": 8080, "service_name": "HTTP"}}},
+				},
+			},
+		}
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(body)
+	}
+}
+
+func TestCensysSource_EnabledRequiresCredentials(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+
+	if s := NewCensysSource("", "", reg, lim); s.Enabled(recon.Config{}) {
+		t.Error("expected Enabled=false with empty credentials")
+	}
+	if s := NewCensysSource("id", "", reg, lim); s.Enabled(recon.Config{}) {
+		t.Error("expected Enabled=false with missing secret")
+	}
+	if s := NewCensysSource("id", "secret", reg, lim); !s.Enabled(recon.Config{}) {
+		t.Error("expected Enabled=true with both credentials")
+	}
+}
+
+func TestCensysSource_SweepEmptyCredsReturnsNil(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	s := NewCensysSource("", "", reg, lim)
+
+	out := make(chan recon.Finding, 10)
+	if err := s.Sweep(context.Background(), "", out); err != nil {
+		t.Fatalf("expected nil, got %v", err)
+	}
+	close(out)
+	if n := countFindings(out); n != 0 {
+		t.Fatalf("expected 0 findings, got %d", n)
+	}
+}
+
+func TestCensysSource_SweepEmitsFindings(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	_ = lim.For("censys", 1000, 100)
+
+	var calls int32
+	srv := httptest.NewServer(censysStubHandler(t, &calls))
+	defer srv.Close()
+
+	s := NewCensysSource("testid", "testsecret", reg, lim)
+	s.BaseURL = srv.URL
+
+	out := make(chan recon.Finding, 32)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	done := make(chan error, 1)
+	go func() { done <- s.Sweep(ctx, "", out); close(out) }()
+
+	var findings []recon.Finding
+	for f := range out {
+		findings = append(findings, f)
+	}
+	if err := <-done; err != nil {
+		t.Fatalf("Sweep error: %v", err)
+	}
+
+	// 2 keywords * 2 hits = 4 findings
+	if len(findings) != 4 {
+		t.Fatalf("expected 4 findings, got %d", len(findings))
+	}
+	for _, f := range findings {
+		if f.SourceType != "recon:censys" {
+			t.Errorf("SourceType=%q want recon:censys", f.SourceType)
+		}
+	}
+	if got := atomic.LoadInt32(&calls); got != 2 {
+		t.Errorf("expected 2 calls, got %d", got)
+	}
+}
+
+func TestCensysSource_CtxCancelled(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	_ = lim.For("censys", 1000, 100)
+
+	s := NewCensysSource("id", "secret", reg, lim)
+	s.BaseURL = "http://127.0.0.1:1"
+
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+
+	out := make(chan recon.Finding, 1)
+	err := s.Sweep(ctx, "", out)
+	if !errors.Is(err, context.Canceled) {
+		t.Fatalf("expected context.Canceled, got %v", err)
+	}
+}
diff --git a/pkg/recon/sources/shodan_test.go b/pkg/recon/sources/shodan_test.go
new file mode 100644
index 0000000..f928397
--- /dev/null
+++ b/pkg/recon/sources/shodan_test.go
@@ -0,0 +1,121 @@
+package sources
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/salvacybersec/keyhunter/pkg/recon"
+)
+
+func shodanStubHandler(t *testing.T, calls *int32) http.HandlerFunc {
+	t.Helper()
+	return func(w http.ResponseWriter, r *http.Request) {
+		atomic.AddInt32(calls, 1)
+		if r.URL.Path != "/shodan/host/search" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+		if got := r.URL.Query().Get("key"); got != "testkey" {
+			t.Errorf("missing api key param: %q", got)
+		}
+		body := map[string]any{
+			"matches": []map[string]any{
+				{"ip_str": "1.2.3.4", "port": 8080, "data": "vllm"},
+				{"ip_str": "5.6.7.8", "port": 11434, "data": "ollama"},
+			},
+		}
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(body)
+	}
+}
+
+func TestShodanSource_EnabledRequiresAPIKey(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+
+	if s := NewShodanSource("", reg, lim); s.Enabled(recon.Config{}) {
+		t.Error("expected Enabled=false with empty key")
+	}
+	if s := NewShodanSource("key", reg, lim); !s.Enabled(recon.Config{}) {
+		t.Error("expected Enabled=true with key")
+	}
+}
+
+func TestShodanSource_SweepEmptyKeyReturnsNil(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	s := NewShodanSource("", reg, lim)
+
+	out := make(chan recon.Finding, 10)
+	if err := s.Sweep(context.Background(), "", out); err != nil {
+		t.Fatalf("expected nil, got %v", err)
+	}
+	close(out)
+	if n := countFindings(out); n != 0 {
+		t.Fatalf("expected 0 findings, got %d", n)
+	}
+}
+
+func TestShodanSource_SweepEmitsFindings(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	_ = lim.For("shodan", 1000, 100)
+
+	var calls int32
+	srv := httptest.NewServer(shodanStubHandler(t, &calls))
+	defer srv.Close()
+
+	s := NewShodanSource("testkey", reg, lim)
+	s.BaseURL = srv.URL
+
+	out := make(chan recon.Finding, 32)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	done := make(chan error, 1)
+	go func() { done <- s.Sweep(ctx, "", out); close(out) }()
+
+	var findings []recon.Finding
+	for f := range out {
+		findings = append(findings, f)
+	}
+	if err := <-done; err != nil {
+		t.Fatalf("Sweep error: %v", err)
+	}
+
+	// 2 keywords * 2 matches = 4 findings
+	if len(findings) != 4 {
+		t.Fatalf("expected 4 findings, got %d", len(findings))
+	}
+	for _, f := range findings {
+		if f.SourceType != "recon:shodan" {
+			t.Errorf("SourceType=%q want recon:shodan", f.SourceType)
+		}
+	}
+	if got := atomic.LoadInt32(&calls); got != 2 {
+		t.Errorf("expected 2 calls, got %d", got)
+	}
+}
+
+func TestShodanSource_CtxCancelled(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	_ = lim.For("shodan", 1000, 100)
+
+	s := NewShodanSource("key", reg, lim)
+	s.BaseURL = "http://127.0.0.1:1"
+
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+
+	out := make(chan recon.Finding, 1)
+	err := s.Sweep(ctx, "", out)
+	if !errors.Is(err, context.Canceled) {
+		t.Fatalf("expected context.Canceled, got %v", err)
+	}
+}
diff --git a/pkg/recon/sources/zoomeye_test.go b/pkg/recon/sources/zoomeye_test.go
new file mode 100644
index 0000000..c497169
--- /dev/null
+++ b/pkg/recon/sources/zoomeye_test.go
@@ -0,0 +1,121 @@
+package sources
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/salvacybersec/keyhunter/pkg/recon"
+)
+
+func zoomeyeStubHandler(t *testing.T, calls *int32) http.HandlerFunc {
+	t.Helper()
+	return func(w http.ResponseWriter, r *http.Request) {
+		atomic.AddInt32(calls, 1)
+		if r.URL.Path != "/host/search" {
+			t.Errorf("unexpected path: %s", r.URL.Path)
+		}
+		if got := r.Header.Get("API-KEY"); got != "testkey" {
+			t.Errorf("missing/wrong API-KEY header: %q", got)
+		}
+		body := map[string]any{
+			"matches": []map[string]any{
+				{"ip": "192.168.1.1", "portinfo": map[string]any{"port": 8080}, "banner": "vllm"},
+				{"ip": "192.168.1.2", "portinfo": map[string]any{"port": 11434}, "banner": "ollama"},
+			},
+		}
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(body)
+	}
+}
+
+func TestZoomEyeSource_EnabledRequiresAPIKey(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+
+	if s := NewZoomEyeSource("", reg, lim); s.Enabled(recon.Config{}) {
+		t.Error("expected Enabled=false with empty key")
+	}
+	if s := NewZoomEyeSource("key", reg, lim); !s.Enabled(recon.Config{}) {
+		t.Error("expected Enabled=true with key")
+	}
+}
+
+func TestZoomEyeSource_SweepEmptyKeyReturnsNil(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	s := NewZoomEyeSource("", reg, lim)
+
+	out := make(chan recon.Finding, 10)
+	if err := s.Sweep(context.Background(), "", out); err != nil {
+		t.Fatalf("expected nil, got %v", err)
+	}
+	close(out)
+	if n := countFindings(out); n != 0 {
+		t.Fatalf("expected 0 findings, got %d", n)
+	}
+}
+
+func TestZoomEyeSource_SweepEmitsFindings(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	_ = lim.For("zoomeye", 1000, 100)
+
+	var calls int32
+	srv := httptest.NewServer(zoomeyeStubHandler(t, &calls))
+	defer srv.Close()
+
+	s := NewZoomEyeSource("testkey", reg, lim)
+	s.BaseURL = srv.URL
+
+	out := make(chan recon.Finding, 32)
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	done := make(chan error, 1)
+	go func() { done <- s.Sweep(ctx, "", out); close(out) }()
+
+	var findings []recon.Finding
+	for f := range out {
+		findings = append(findings, f)
+	}
+	if err := <-done; err != nil {
+		t.Fatalf("Sweep error: %v", err)
+	}
+
+	// 2 keywords * 2 matches = 4 findings
+	if len(findings) != 4 {
+		t.Fatalf("expected 4 findings, got %d", len(findings))
+	}
+	for _, f := range findings {
+		if f.SourceType != "recon:zoomeye" {
+			t.Errorf("SourceType=%q want recon:zoomeye", f.SourceType)
+		}
+	}
+	if got := atomic.LoadInt32(&calls); got != 2 {
+		t.Errorf("expected 2 calls, got %d", got)
+	}
+}
+
+func TestZoomEyeSource_CtxCancelled(t *testing.T) {
+	reg := syntheticRegistry()
+	lim := recon.NewLimiterRegistry()
+	_ = lim.For("zoomeye", 1000, 100)
+
+	s := NewZoomEyeSource("key", reg, lim)
+	s.BaseURL = "http://127.0.0.1:1"
+
+	ctx, cancel := context.WithCancel(context.Background())
+	cancel()
+
+	out := make(chan recon.Finding, 1)
+	err := s.Sweep(ctx, "", out)
+	if !errors.Is(err, context.Canceled) {
+		t.Fatalf("expected context.Canceled, got %v", err)
+	}
+}