docs(12-02): complete FOFA, Netlas, BinaryEdge plan

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.planning/REQUIREMENTS.md

@@ -96,9 +96,9 @@ Requirements for initial release. Each maps to roadmap phases.
 - [ ] **RECON-IOT-01**: Shodan API search and dorking
 - [ ] **RECON-IOT-02**: Censys API search
 - [ ] **RECON-IOT-03**: ZoomEye API search
-- [ ] **RECON-IOT-04**: FOFA API search
-- [ ] **RECON-IOT-05**: Netlas API search
-- [ ] **RECON-IOT-06**: BinaryEdge API search
+- [x] **RECON-IOT-04**: FOFA API search
+- [x] **RECON-IOT-05**: Netlas API search
+- [x] **RECON-IOT-06**: BinaryEdge API search
 
 ### OSINT/Recon — Code Hosting & Snippets
 

.planning/ROADMAP.md

@@ -256,7 +256,7 @@ Plans:
 
 Plans:
 - [ ] 12-01-PLAN.md — ShodanSource + CensysSource + ZoomEyeSource (RECON-IOT-01, RECON-IOT-02, RECON-IOT-03)
-- [ ] 12-02-PLAN.md — FOFASource + NetlasSource + BinaryEdgeSource (RECON-IOT-04, RECON-IOT-05, RECON-IOT-06)
+- [x] 12-02-PLAN.md — FOFASource + NetlasSource + BinaryEdgeSource (RECON-IOT-04, RECON-IOT-05, RECON-IOT-06)
 - [ ] 12-03-PLAN.md — S3Scanner + GCSScanner + AzureBlobScanner + DOSpacesScanner (RECON-CLOUD-01, RECON-CLOUD-02, RECON-CLOUD-03, RECON-CLOUD-04)
 - [ ] 12-04-PLAN.md — RegisterAll wiring + cmd/recon.go credentials + integration test (all Phase 12 reqs)
 
@@ -349,7 +349,7 @@ Phases execute in numeric order: 1 → 2 → 3 → ... → 18
 | 9. OSINT Infrastructure | 2/6 | In Progress|  |
 | 10. OSINT Code Hosting | 9/9 | Complete    | 2026-04-06 |
 | 11. OSINT Search & Paste | 3/3 | Complete    | 2026-04-06 |
-| 12. OSINT IoT & Cloud Storage | 0/? | Not started | - |
+| 12. OSINT IoT & Cloud Storage | 1/4 | In Progress|  |
 | 13. OSINT Package Registries & Container/IaC | 0/? | Not started | - |
 | 14. OSINT CI/CD Logs, Web Archives & Frontend Leaks | 0/? | Not started | - |
 | 15. OSINT Forums, Collaboration & Log Aggregators | 0/? | Not started | - |

.planning/STATE.md

@@ -3,14 +3,14 @@ gsd_state_version: 1.0
 milestone: v1.0
 milestone_name: milestone
 status: completed
-stopped_at: Completed 11-03-PLAN.md
-last_updated: "2026-04-06T09:09:48.100Z"
+stopped_at: Completed 12-02-PLAN.md
+last_updated: "2026-04-06T09:24:57.655Z"
 last_activity: 2026-04-06
 progress:
   total_phases: 18
-  completed_phases: 11
-  total_plans: 65
-  completed_plans: 66
+  completed_phases: 10
+  total_plans: 64
+  completed_plans: 67
   percent: 20
 ---
 
@@ -91,6 +91,7 @@ Progress: [██░░░░░░░░] 20%
 | Phase 10 P09 | 12min | 2 tasks | 5 files |
 | Phase 11 P03 | 6min | 2 tasks | 4 files |
 | Phase 11 P01 | 3min | 2 tasks | 11 files |
+| Phase 12 P02 | 2min | 2 tasks | 6 files |
 
 ## Accumulated Context
 
@@ -131,6 +132,7 @@ Recent decisions affecting current work:
 - [Phase 11]: RegisterAll extended to 18 sources (10 Phase 10 + 8 Phase 11); paste sources use BaseURL prefix in integration test to avoid /search path collision
 - [Phase 11]: Integration test uses injected test platforms for PasteSites (same pattern as SandboxesSource)
 - [Phase 11]: All five search sources use dork query format to focus on paste/code hosting leak sites
+- [Phase 12]: FOFA uses base64-encoded qbase64 param; Netlas uses X-API-Key header; BinaryEdge uses X-Key header
 
 ### Pending Todos
 
@@ -145,6 +147,6 @@ None yet.
 
 ## Session Continuity
 
-Last session: 2026-04-06T09:07:51.980Z
-Stopped at: Completed 11-03-PLAN.md
+Last session: 2026-04-06T09:24:57.651Z
+Stopped at: Completed 12-02-PLAN.md
 Resume file: None

.planning/phases/12-osint_iot_cloud_storage/12-02-SUMMARY.md

@@ -0,0 +1,103 @@
+---
+phase: 12-osint_iot_cloud_storage
+plan: 02
+subsystem: recon
+tags: [fofa, netlas, binaryedge, iot, osint, httptest]
+
+requires:
+  - phase: 09-osint-infrastructure
+    provides: LimiterRegistry, shared Client retry/backoff HTTP
+  - phase: 10-osint-code-hosting
+    provides: ReconSource interface pattern, BuildQueries, keywordIndex helpers
+provides:
+  - FOFASource implementing recon.ReconSource for FOFA internet search
+  - NetlasSource implementing recon.ReconSource for Netlas intelligence API
+  - BinaryEdgeSource implementing recon.ReconSource for BinaryEdge data API
+affects: [12-osint_iot_cloud_storage, cmd/recon]
+
+tech-stack:
+  added: []
+  patterns: [base64-encoded query params for FOFA, X-API-Key header auth for Netlas, X-Key header auth for BinaryEdge]
+
+key-files:
+  created:
+    - pkg/recon/sources/fofa.go
+    - pkg/recon/sources/fofa_test.go
+    - pkg/recon/sources/netlas.go
+    - pkg/recon/sources/netlas_test.go
+    - pkg/recon/sources/binaryedge.go
+    - pkg/recon/sources/binaryedge_test.go
+  modified: []
+
+key-decisions:
+  - "FOFA uses base64-encoded qbase64 param with email+key auth in query string"
+  - "Netlas uses X-API-Key header; BinaryEdge uses X-Key header for auth"
+  - "All three sources use bare keyword queries (default formatQuery path)"
+
+patterns-established:
+  - "IoT scanner source pattern: struct with APIKey/BaseURL/Registry/Limiters + lazy client init"
+
+requirements-completed: [RECON-IOT-04, RECON-IOT-05, RECON-IOT-06]
+
+duration: 2min
+completed: 2026-04-06
+---
+
+# Phase 12 Plan 02: FOFA, Netlas, BinaryEdge Sources Summary
+
+**Three IoT/device scanner recon sources (FOFA, Netlas, BinaryEdge) with httptest-based unit tests covering sweep, auth, and cancellation**
+
+## Performance
+
+- **Duration:** 2 min
+- **Started:** 2026-04-06T09:22:18Z
+- **Completed:** 2026-04-06T09:24:22Z
+- **Tasks:** 2
+- **Files modified:** 6
+
+## Accomplishments
+- FOFASource searches FOFA API with base64-encoded queries and email+key authentication
+- NetlasSource searches Netlas API with X-API-Key header authentication
+- BinaryEdgeSource searches BinaryEdge API with X-Key header authentication
+- All three sources follow established Phase 10 pattern with shared Client, LimiterRegistry, BuildQueries
+
+## Task Commits
+
+Each task was committed atomically:
+
+1. **Task 1: Implement FOFASource, NetlasSource, BinaryEdgeSource** - `270bbbf` (feat)
+2. **Task 2: Unit tests for FOFA, Netlas, BinaryEdge sources** - `d6c35f4` (test)
+
+## Files Created/Modified
+- `pkg/recon/sources/fofa.go` - FOFASource with base64 query encoding and dual-credential auth
+- `pkg/recon/sources/fofa_test.go` - httptest tests for FOFA sweep, credentials, cancellation
+- `pkg/recon/sources/netlas.go` - NetlasSource with X-API-Key header auth
+- `pkg/recon/sources/netlas_test.go` - httptest tests for Netlas sweep, credentials, cancellation
+- `pkg/recon/sources/binaryedge.go` - BinaryEdgeSource with X-Key header auth
+- `pkg/recon/sources/binaryedge_test.go` - httptest tests for BinaryEdge sweep, credentials, cancellation
+
+## Decisions Made
+- FOFA uses base64-encoded qbase64 query parameter (matching FOFA API spec) with email+key in query string
+- Netlas uses X-API-Key header; BinaryEdge uses X-Key header (matching their respective API specs)
+- All three use bare keyword queries via default formatQuery path (no source-specific query formatting needed)
+
+## Deviations from Plan
+
+None - plan executed exactly as written.
+
+## Issues Encountered
+None
+
+## Known Stubs
+None
+
+## User Setup Required
+None - no external service configuration required.
+
+## Next Phase Readiness
+- Three IoT scanner sources ready for RegisterAll wiring
+- FOFA requires email + API key; Netlas and BinaryEdge require API key only
+
+---
+*Phase: 12-osint_iot_cloud_storage*
+*Completed: 2026-04-06*