From 870431658d3ec47ae41b58c3749d85b6d7d5304c Mon Sep 17 00:00:00 2001
From: salvacybersec <salva@opsecti.local>
Date: Mon, 6 Apr 2026 12:31:57 +0300
Subject: [PATCH] feat(12-04): wire all 10 Phase 12 sources into RegisterAll +
 cmd/recon.go credentials

- Add 8 Phase 12 credential fields to SourcesConfig (Shodan, Censys, ZoomEye, FOFA, Netlas, BinaryEdge)
- Register all 10 Phase 12 sources in RegisterAll (6 IoT + 4 cloud storage)
- Wire env/viper credential lookup in cmd/recon.go buildReconEngine
- Update reconCmd Long description to mention Phase 12 sources
---
 cmd/recon.go                  | 10 +++++-
 pkg/recon/sources/register.go | 67 +++++++++++++++++++++++++++++++++--
 2 files changed, 74 insertions(+), 3 deletions(-)

diff --git a/cmd/recon.go b/cmd/recon.go
index 4e82483..44e131e 100644
--- a/cmd/recon.go
+++ b/cmd/recon.go
@@ -26,7 +26,7 @@ var (
 var reconCmd = &cobra.Command{
 	Use:   "recon",
 	Short: "Run OSINT recon across internet sources",
-	Long:  "Run OSINT recon sweeps across registered sources. Phase 10 adds ten code-hosting sources (GitHub/GitLab/Bitbucket/Gist/Codeberg/HuggingFace/Replit/CodeSandbox/Sandboxes/Kaggle). Phase 11 adds search engine dorking (Google/Bing/DuckDuckGo/Yandex/Brave) and paste site scanning (Pastebin/GistPaste/PasteSites).",
+	Long:  "Run OSINT recon sweeps across registered sources. Phase 10 adds ten code-hosting sources (GitHub/GitLab/Bitbucket/Gist/Codeberg/HuggingFace/Replit/CodeSandbox/Sandboxes/Kaggle). Phase 11 adds search engine dorking (Google/Bing/DuckDuckGo/Yandex/Brave) and paste site scanning (Pastebin/GistPaste/PasteSites). Phase 12 adds IoT scanners (Shodan/Censys/ZoomEye/FOFA/Netlas/BinaryEdge) and cloud storage scanners (S3/GCS/AzureBlob/Spaces).",
 }
 
 var reconFullCmd = &cobra.Command{
@@ -159,6 +159,14 @@ func buildReconEngine() *recon.Engine {
 		YandexUser:         firstNonEmpty(os.Getenv("YANDEX_USER"), viper.GetString("recon.yandex.user")),
 		YandexAPIKey:       firstNonEmpty(os.Getenv("YANDEX_API_KEY"), viper.GetString("recon.yandex.api_key")),
 		BraveAPIKey:        firstNonEmpty(os.Getenv("BRAVE_API_KEY"), viper.GetString("recon.brave.api_key")),
+		ShodanAPIKey:       firstNonEmpty(os.Getenv("SHODAN_API_KEY"), viper.GetString("recon.shodan.api_key")),
+		CensysAPIId:       firstNonEmpty(os.Getenv("CENSYS_API_ID"), viper.GetString("recon.censys.api_id")),
+		CensysAPISecret:   firstNonEmpty(os.Getenv("CENSYS_API_SECRET"), viper.GetString("recon.censys.api_secret")),
+		ZoomEyeAPIKey:     firstNonEmpty(os.Getenv("ZOOMEYE_API_KEY"), viper.GetString("recon.zoomeye.api_key")),
+		FOFAEmail:         firstNonEmpty(os.Getenv("FOFA_EMAIL"), viper.GetString("recon.fofa.email")),
+		FOFAAPIKey:        firstNonEmpty(os.Getenv("FOFA_API_KEY"), viper.GetString("recon.fofa.api_key")),
+		NetlasAPIKey:      firstNonEmpty(os.Getenv("NETLAS_API_KEY"), viper.GetString("recon.netlas.api_key")),
+		BinaryEdgeAPIKey:  firstNonEmpty(os.Getenv("BINARYEDGE_API_KEY"), viper.GetString("recon.binaryedge.api_key")),
 	}
 	sources.RegisterAll(e, cfg)
 	return e
diff --git a/pkg/recon/sources/register.go b/pkg/recon/sources/register.go
index b9b2c50..72f57f5 100644
--- a/pkg/recon/sources/register.go
+++ b/pkg/recon/sources/register.go
@@ -39,14 +39,25 @@ type SourcesConfig struct {
 	// Brave Search API subscription token.
 	BraveAPIKey string
 
+	// Phase 12: IoT scanner API keys.
+	ShodanAPIKey     string
+	CensysAPIId      string
+	CensysAPISecret  string
+	ZoomEyeAPIKey    string
+	FOFAEmail        string
+	FOFAAPIKey       string
+	NetlasAPIKey     string
+	BinaryEdgeAPIKey string
+
 	// Registry drives query generation for every source via BuildQueries.
 	Registry *providers.Registry
 	// Limiters is the shared per-source rate-limiter registry.
 	Limiters *recon.LimiterRegistry
 }
 
-// RegisterAll registers every Phase 10 code-hosting and Phase 11 search
-// engine / paste site source on engine (18 sources total).
+// RegisterAll registers every Phase 10 code-hosting, Phase 11 search engine /
+// paste site, and Phase 12 IoT scanner / cloud storage source on engine
+// (28 sources total).
 //
 // All sources are registered unconditionally so that cmd/recon.go can surface
 // the full catalog via `keyhunter recon list` regardless of which credentials
@@ -149,4 +160,56 @@ func RegisterAll(engine *recon.Engine, cfg SourcesConfig) {
 		Registry: reg,
 		Limiters: lim,
 	})
+
+	// Phase 12: IoT scanner sources.
+	engine.Register(&ShodanSource{
+		APIKey:   cfg.ShodanAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&CensysSource{
+		APIId:     cfg.CensysAPIId,
+		APISecret: cfg.CensysAPISecret,
+		Registry:  reg,
+		Limiters:  lim,
+	})
+	engine.Register(&ZoomEyeSource{
+		APIKey:   cfg.ZoomEyeAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&FOFASource{
+		Email:    cfg.FOFAEmail,
+		APIKey:   cfg.FOFAAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&NetlasSource{
+		APIKey:   cfg.NetlasAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&BinaryEdgeSource{
+		APIKey:   cfg.BinaryEdgeAPIKey,
+		Registry: reg,
+		Limiters: lim,
+	})
+
+	// Phase 12: Cloud storage sources (credentialless).
+	engine.Register(&S3Scanner{
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&GCSScanner{
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&AzureBlobScanner{
+		Registry: reg,
+		Limiters: lim,
+	})
+	engine.Register(&DOSpacesScanner{
+		Registry: reg,
+		Limiters: lim,
+	})
 }